前面给大家项目的介绍了Docker的基础内容Docker基础篇接下来给大家系统的介绍下Docker高级篇的内容:网络核心、Docker实战、DockerCompose、Harbor以及Swarm。欢迎关注收藏哦
Docker网络介绍
Docker是基于LinuxKernel的namespace,CGroups,UnionFileSystem等技术封装成的一种自定义容器格式,从而提供了一套虚拟运行环境。
namespace:用来做隔离的,比如pid、net、mnt
CGroups:ControllerGroups用来做资源限制,比如内存和CPU等
UnionFileSystems:用来做Image和Container分层
1.计算机网络模型
Docker网络官网:https://docs.docker.com/network/。
OSI:开放系统互联参考模型(OpenSystemInterconnect)
TCP/IP:传输控制协议/网际协议(TransmissionControl/InternetProtocol),是指能够在多个不同网络间实现信息传输的协议簇。TCP/IP协议不仅仅指的是TCP和IP两个协议,而是指一个由FTP、SMTP、TCP、UDP、IP等协议构成的协议簇,只是因为在TCP/IP协议中TCP协议和IP协议最具代表性,所以被称为TCP/IP协议。
分层思想:分层的基本想法是每一层都在它的下层提供的服务基础上提供更高级的增值服务,而最高层提供能运行分布式应用程序的服务
在这里插入图片描述客户端发送请求:在这里插入图片描述
服务端接受请求:
在这里插入图片描述
2Liunx中网卡
2.1查看网卡信息
查看网卡的命令:ipa
$ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft85987secpreferred_lft85987secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
Vasily Gerasimov:加密市场的分散性和操作参与者的匿名性使得无法创建用于控制交易的清晰算法:金色财经报道,白俄罗斯国家控制委员会部门主席Vasily Gerasimov表示,加密市场的分散性和操作参与者的匿名性使得无法创建用于控制交易的清晰算法。对外国加密货币平台施加法律影响的可能性是有限的,尽管如此,发达的技术使委员会能够识别涉及数字资产的计划。目前已经创建了虚拟加密钱包的注册表[used in illegal activities],我们正在逐步识别它。委员会最近确定了大约70个虚拟加密钱包。我们看到这些加密钱包越多,我们可以追踪的交易就越多。[2023/6/20 21:49:38]
通过ipa可以看到当前的centos中有的4个网卡信息作用分别是
名称作用lo本地网卡eth0连接网络的网卡eth1和宿主机通信的网卡docker0docker的网卡
iplinksojwrhow:
$iplinksojwrhow1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNmodeDEFAULTgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:002:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPmodeDEFAULTgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ff3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPmodeDEFAULTgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ff4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNmodeDEFAULTgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ff
以文件的形式查看网卡:ls/sys/class/net
$ls/sys/class/netdocker0eth0eth1lo
2.2配置文件
在Linux中网卡对应的其实就是文件,所以找到对应的网卡文件即可,存放的路径
$cd/etc/sysconfig/network-scripts/$lsifcfg-eth0ifdown-ethifdown-pppifdown-tunnelifup-ipppifup-postifup-TeamPortnetwork-functions-ipv6ifcfg-eth1ifdown-ipppifdown-routesifupifup-ipv6ifup-pppifup-tunnelifcfg-loifdown-ipv6ifdown-sitifup-aliasesifup-isdnifup-routesifup-wirelessifdownifdown-isdnifdown-Teamifup-bnepifup-plipifup-sitinit.ipv6-globalifdown-bnepifdown-postifdown-TeamPortifup-ethifup-plusbifup-Teamnetwork-functions
2.3网卡操作
网卡中增加ip地址
Billions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft84918secpreferred_lft84918secinet192.168.100.120/24scopeglobaleth0Billions项目组Billions项目组增加了一个IP地址valid_lftforeverpreferred_lftforeverinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
删除IP地址:ipaddrdelete192.168.100.120/24deveth0
Billions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft84847secpreferred_lft84847secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlik/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
2.4网卡信息解析
状态:UP/DOWN/UNKOWN等
link/ether:MAC地址
inet:绑定的IP地址
3NetworkNamespace
NetworkNamespace是实现网络虚拟化的重要功能,它能创建多个隔离的网络空间,它们有独自的网络栈信息。不管是虚拟机还是容器,运行的时候仿佛自己就在独立的网络中。
3.1NetworkNamespce实战
添加一个namespace
ipnetnsaddns1
查看当前具有的namespace
ipnetnslistBillions项目组ipnetnslistns1
删除namespace
ipnetnsdeletens1Billions项目组ipnetnslistns1Billions项目组ipnetnslistBillions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoopstateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00在这里插入图片描述启动网络状态
ipnetnsexecns1ifuploBillions项目组ipnetnsexecns1ifuploBillions项目组
关掉网络状态
Billions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoqueuestateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
还可以通过link来设置状态
Billions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforeverBillions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoqueuestateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverBillions项目组ipnetnsaddns2Billions项目组ipnetnsexecns1iplink1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNmodeDEFAULTgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:006:veth-ns1@if5:<BROADCAST,MULTICAST>mtu1500qdiscnoopstateDOWNmodeDEFAULTgroupdefaultqlen1000link/ether7e:bb:ee:13:a2:9abrdff:ff:ff:ff:ff:fflink-netnsid1Billions项目组ipnetnsexecns1iplinksojwretveth-ns1upBillions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft66199secpreferred_lft66199secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:52:d4:0a:9fbrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforeverinet6fe80::42:52ff:fed4:a9f/64scopelinkvalid_lftforeverpreferred_lftforever24:veth78a90d0@if23:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/ether7e:6b:8c:bf:7e:30brdff:ff:ff:ff:ff:fflink-netnsid2inet6fe80::7c6b:8cff:febf:7e30/64scopelinkvalid_lftforeverpreferred_lftforever26:vetha2bfbf4@if25:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/etherce:2f:ed:e5:61:32brdff:ff:ff:ff:ff:fflink-netnsid3inet6fe80::cc2f:edff:fee5:6132/64scopelinkvalid_lftforeverpreferred_lftforever
然后查看tomcat01中的网络:dockerexec-ittomcat01ipa可以发现
Billions项目组ping172.17.0.2PING172.17.0.2(172.17.0.2)56(84)bytesofdata.64bytesfrom172.17.0.2:icmp_seq=1ttl=64time=0.038ms64bytesfrom172.17.0.2:icmp_seq=2ttl=64time=0.038ms^C---172.17.0.2pingstatistics---2packetstransmitted,2received,0%packetloss,time999msrttmin/avg/max/mdev=0.038/0.038/0.038/0.000ms
既然可以ping通,而且centos和tomcat01又属于两个不同的NetWorkNameSpace,他们是怎么连接的?看图
在这里插入图片描述其实在tomcat01中有一个eth0和centos的docker0中有一个veth是成对的,类似于之前实战中的veth-ns1和veth-ns2,要确认也很简单
yuminstallbridge-utilsbrctlshow
执行
Billions项目组dockernetworklsNETWORKIDNAMEDRIVERSCOPE92242fc0f805bridgebridgelocal96b999d7fcc2hosthostlocal17b86f9caa33nonenulllocal
不妨检查一下bridge:dockernetworkinspectbridge
"Containers":{"4b3500fed6b99c00b3ed1ae46bd6bc33040c77efdab343175363f32fbcf42e63":{"Name":"tomcat01","EndpointID":"40fc0925fcb59c9bb002779580107ab9601640188bf157fa57b1c2de9478053a","MacAddress":"02:42:ac:11:00:02","IPv4Address":"172.17.0.2/16","IPv6Address":""},"92d2ff3e9be523099ac4b45058c5bf4652a77a27b7053a9115ea565ab43f9ab0":{"Name":"tomcat02","EndpointID":"1d6c3bd73e3727dd368edf3cc74d2f01b5c458223f844d6188486cb26ea255bc","MacAddress":"02:42:ac:11:00:03","IPv4Address":"172.17.0.3/16","IPv6Address":""}}
在tomcat01容器中是可以访问互联网的,顺便把这张图画一下咯,NAT是通过iptables实现的
在这里插入图片描述
4.2自定义NetWork
创建一个network,类型为Bridge
dockernetworkcreatetomcat-net或者dockernetworkcreatetomcat-net--subnet=172.18.0.0/24tomcat-net
查看已有的NetWork:dockernetworkls
Billions项目组dockernetworklsNETWORKIDNAMEDRIVERSCOPEb5c9cfbc0410bridgebridgelocal96b999d7fcc2hosthostlocal17b86f9caa33nonenulllocal43915cba1f92tomcat-netbridgelocal
查看tomcat-net详情信息:dockernetworkinspecttomcat-net
Billions项目组dockerrun-d--namecustom-net-tomcat--networktomcat-nettomcat-ip:1.0264b3901f8f12fd7f4cc69810be6a24de48f82402b1e5b0df364bd1ee72d8f0e
查看custom-net-tomcat的网络信息:截取了关键信息
12:br-43915cba1f92:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:71:a6:67:c7brdff:ff:ff:ff:ff:ffinet172.18.0.1/16brd172.18.255.255scopeglobalbr-43915cba1f92valid_lftforeverpreferred_lftforeverinet6fe80::42:71ff:fea6:67c7/64scopelinkvalid_lftforeverpreferred_lftforever14:veth282a555@if13:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterbr-43915cba1f92stateUPgroupdefaultlink/ether3a:3d:83:15:3f:edbrdff:ff:ff:ff:ff:fflink-netnsid3inet6fe80::383d:83ff:fe15:3fed/64scopelinkvalid_lftforeverpreferred_lftforever
查看网卡接口信息
Billions项目组dockerexec-itcustom-net-tomcatping172.17.0.2PING172.17.0.2(172.17.0.2)56(84)bytesofdata.^C---172.17.0.2pingstatistics---3packetstransmitted,0received,100%packetloss,time2000ms
此时如果tomcat01容器能够连接上tomcat-net上应该就可以了
dockernetworkconnecttomcat-nettomcat01Billions项目组dockerexec-itcustom-net-tomcatpingtomcat01PINGtomcat01(172.18.0.3)56(84)bytesofdata.64bytesfromtomcat01.tomcat-net(172.18.0.3):icmp_seq=1ttl=64time=0.031ms
5深入分析Container网络-Host&None
5.1Host
Host模式下,容器将共享主机的网络堆栈,并且主机的所有接口都可供容器使用.容器的主机名将与主机系统上的主机名匹配
创建一个容器,并指定网络为host
dockerrun-d--namemy-tomcat-host--networkhosttomcat-ip:1.0
查看ip地址
dockerexec-itmy-tomcat-hostipa
检查host网络
dockernetworkinspecthost"Containers":{"f495a6892d422e61daab01e3fcfa4abb515753e5f9390af44c93cae376ca7464":{"Name":"my-tomcat-host","EndpointID":"77012b1ac5d15bde3105d2eb2fe0e58a5ef78fb44a88dc8b655d373d36cde5da","MacAddress":"","IPv4Address":"","IPv6Address":""}}
5.2None
None模式不会为容器配置任何IP,也不能访问外部网络以及其他容器.它具有环回地址,可用于运行批处理作业.
创建一个tomcat容器,并指定网络为none
dockerrun-d--namemy-tomcat-none--networknonetomcat-ip:1.0
查看ip地址
dockerexec-itmy-tomcat-none
检查none网络
dockernetworkinspectnone"Containers":{"c957b61dae93fbb9275acf73c370e5df1aaf44a986579ee43ab751f790220807":{"Name":"my-tomcat-none","EndpointID":"16bf30fb7328ceb433b55574dc071bf346efa58e2eb92b6f40d7a902ddc94293","MacAddress":"","IPv4Address":"","IPv6Address":""}}
6端口映射
创建一个tomcat容器,名称为port-tomcat
dockerrun-d--nameport-tomcattomcat-ip:1.0
思考如何访问tomcat的服务
dockerexec-itport-tomcatbashcurllocalhost:8080
如果要载centos7上访问呢
dockerexec-itport-tomcatipacurl172.17.0.4:8080
如果我们需要在centos中通过localhost来访问呢?这时我们就需要将port-tomcat中的8080端口映射到centos上了
dockerrm-fport-tomcatdockerrun-d--nameport-tomcat-p8090:8080tomcat-ip:1.0curllocalhost:8090
centos7是运行在win10上的虚拟机,如果想要在win10上通过ip:port方式访问呢?
Billions项目组这种方式等同于桥接网络。也可以给该网络指定使用物理机哪一块网卡,比如#config.vm.network"public_network",:bridge=>'en1:Wi-Fi(AirPort)'config.vm.network"public_network"centos7:ipa--->192.168.8.118win10:浏览器访问192.168.8.118:9080在这里插入图片描述
7多机之间通信
具体深入介绍会在DockerSwarm中详聊,本节简单介绍。
在同一台centos7机器上,发现无论怎么折腾,我们一定有办法让两个containerojwr通信。那如果是在两台centos7机器上呢?画个图
在这里插入图片描述VXLAN技术实现:VirtualExtensibleLAN(虚拟可扩展局域网)。在这里插入图片描述
ps:掌握了Docker的网络,其实也就掌握整个技术的核心了,如果文章有帮助欢迎关注点赞收藏哦
https://www.ixiera.com
郑重声明: 本文版权归原作者所有, 转载文章仅为传播更多信息之目的, 如作者信息标记有误, 请第一时间联系我们修改或删除, 多谢。