前面给大家项目的介绍了Docker的基础内容Docker基础篇接下来给大家系统的介绍下Docker高级篇的内容:网络核心、Docker实战、DockerCompose、Harbor以及Swarm。欢迎关注收藏哦
Docker网络介绍
Docker是基于LinuxKernel的namespace,CGroups,UnionFileSystem等技术封装成的一种自定义容器格式,从而提供了一套虚拟运行环境。
namespace:用来做隔离的,比如pid、net、mnt
CGroups:ControllerGroups用来做资源限制,比如内存和CPU等
UnionFileSystems:用来做Image和Container分层
1.计算机网络模型
Docker网络官网:https://docs.docker.com/network/。
OSI:开放系统互联参考模型(OpenSystemInterconnect)
TCP/IP:传输控制协议/网际协议(TransmissionControl/InternetProtocol),是指能够在多个不同网络间实现信息传输的协议簇。TCP/IP协议不仅仅指的是TCP和IP两个协议,而是指一个由FTP、SMTP、TCP、UDP、IP等协议构成的协议簇,只是因为在TCP/IP协议中TCP协议和IP协议最具代表性,所以被称为TCP/IP协议。
分层思想:分层的基本想法是每一层都在它的下层提供的服务基础上提供更高级的增值服务,而最高层提供能运行分布式应用程序的服务
在这里插入图片描述客户端发送请求:在这里插入图片描述
服务端接受请求:
在这里插入图片描述
2Liunx中网卡
2.1查看网卡信息
查看网卡的命令:ipa
$ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft85987secpreferred_lft85987secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
日本移动电话运营商NTT Docomo将向Web3投资40亿美元:金色财经报道,日本最大的移动电话网络NTT Docomo承诺向Web3基础设施投资高达6000亿日元(40亿美元)。根据一份声明,该公司将与公共区块链Astar网络的开发商Astar基金会和埃森哲合作,加快Web3的采用。
他们将成立一个财团,允许个人和企业利用代币进行治理。目前日本政府拥有NTT Docomo的母公司NTT三分之一的股票。[2022/11/9 12:34:26]
通过ipa可以看到当前的centos中有的4个网卡信息作用分别是
名称作用lo本地网卡eth0连接网络的网卡eth1和宿主机通信的网卡docker0docker的网卡
iplinksbqsphow:
$iplinksbqsphow1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNmodeDEFAULTgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:002:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPmodeDEFAULTgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ff3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPmodeDEFAULTgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ff4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNmodeDEFAULTgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ff
以文件的形式查看网卡:ls/sys/class/net
$ls/sys/class/netdocker0eth0eth1lo
2.2配置文件
在Linux中网卡对应的其实就是文件,所以找到对应的网卡文件即可,存放的路径
$cd/etc/sysconfig/network-scripts/$lsifcfg-eth0ifdown-ethifdown-pppifdown-tunnelifup-ipppifup-postifup-TeamPortnetwork-functions-ipv6ifcfg-eth1ifdown-ipppifdown-routesifupifup-ipv6ifup-pppifup-tunnelifcfg-loifdown-ipv6ifdown-sitifup-aliasesifup-isdnifup-routesifup-wirelessifdownifdown-isdnifdown-Teamifup-bnepifup-plipifup-sitinit.ipv6-globalifdown-bnepifdown-postifdown-TeamPortifup-ethifup-plusbifup-Teamnetwork-functions
2.3网卡操作
网卡中增加ip地址
Billions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft84918secpreferred_lft84918secinet192.168.100.120/24scopeglobaleth0Billions项目组Billions项目组增加了一个IP地址valid_lftforeverpreferred_lftforeverinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
Dedoco完成300万美元融资,True Global Ventures领投:5月27日消息,区块链“文档管理即服务”(DMaaS)提供商Dedoco完成300万美元融资,True Global Ventures领投,筹集资金将用于全球扩张。截至目前,Dedoco的融资总金额为750万美元。
据悉,Dedoco旨在通过区块链技术为用户提供更高的数据隐私和文档安全性,Dedoco发布的文档可以跨多个系统实现互操作,从而帮助企业向Web3过渡。(Prnasia)[2022/5/27 3:46:19]
删除IP地址:ipaddrdelete192.168.100.120/24deveth0
Billions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft84847secpreferred_lft84847secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlik/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
2.4网卡信息解析
状态:UP/DOWN/UNKOWN等
link/ether:MAC地址
inet:绑定的IP地址
3NetworkNamespace
NetworkNamespace是实现网络虚拟化的重要功能,它能创建多个隔离的网络空间,它们有独自的网络栈信息。不管是虚拟机还是容器,运行的时候仿佛自己就在独立的网络中。
3.1NetworkNamespce实战
添加一个namespace
ipnetnsaddns1
查看当前具有的namespace
ipnetnslistBillions项目组ipnetnslistns1
以太坊隐私协议TornadoCash资金池余额创历史新高:以太坊隐私协议TornadoCash多项数据创历史新高,上周存款额为970万美元,取款额为870万美元。TornadoCash中ETH池余额为28850,USD池余额849万。[2020/10/12]
删除namespace
ipnetnsdeletens1Billions项目组ipnetnslistns1Billions项目组ipnetnslistBillions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoopstateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00在这里插入图片描述启动网络状态
ipnetnsexecns1ifuploBillions项目组ipnetnsexecns1ifuploBillions项目组
关掉网络状态
Billions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoqueuestateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
还可以通过link来设置状态
Billions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforeverBillions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoqueuestateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverBillions项目组ipnetnsaddns2Billions项目组ipnetnsexecns1iplink1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNmodeDEFAULTgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:006:veth-ns1@if5:<BROADCAST,MULTICAST>mtu1500qdiscnoopstateDOWNmodeDEFAULTgroupdefaultqlen1000link/ether7e:bb:ee:13:a2:9abrdff:ff:ff:ff:ff:fflink-netnsid1Billions项目组ipnetnsexecns1iplinksbqspetveth-ns1upBillions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft66199secpreferred_lft66199secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:52:d4:0a:9fbrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforeverinet6fe80::42:52ff:fed4:a9f/64scopelinkvalid_lftforeverpreferred_lftforever24:veth78a90d0@if23:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/ether7e:6b:8c:bf:7e:30brdff:ff:ff:ff:ff:fflink-netnsid2inet6fe80::7c6b:8cff:febf:7e30/64scopelinkvalid_lftforeverpreferred_lftforever26:vetha2bfbf4@if25:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/etherce:2f:ed:e5:61:32brdff:ff:ff:ff:ff:fflink-netnsid3inet6fe80::cc2f:edff:fee5:6132/64scopelinkvalid_lftforeverpreferred_lftforever
现场|DOCLOCK CEO:可将视觉锁定在区块链:金色财经现场报道,6月29日,在东京举办的BLOCK CO+ TOKYO CONFERENCE 2018峰会上,DOCLOCK CEO兼创始人Greg Ellis表示人们可以在区块链上留下旅游足迹,并选择共享,该公司DOCLOCK就是一种视觉区块链项目,用户可通过移动设备达到视觉区块链价值,可用摄像头进行扫描、随同地址、时间等信息上传至区块链。[2018/6/29]
然后查看tomcat01中的网络:dockerexec-ittomcat01ipa可以发现
Billions项目组ping172.17.0.2PING172.17.0.2(172.17.0.2)56(84)bytesofdata.64bytesfrom172.17.0.2:icmp_seq=1ttl=64time=0.038ms64bytesfrom172.17.0.2:icmp_seq=2ttl=64time=0.038ms^C---172.17.0.2pingstatistics---2packetstransmitted,2received,0%packetloss,time999msrttmin/avg/max/mdev=0.038/0.038/0.038/0.000ms
既然可以ping通,而且centos和tomcat01又属于两个不同的NetWorkNameSpace,他们是怎么连接的?看图
在这里插入图片描述其实在tomcat01中有一个eth0和centos的docker0中有一个veth是成对的,类似于之前实战中的veth-ns1和veth-ns2,要确认也很简单
yuminstallbridge-utilsbrctlshow
执行
Billions项目组dockernetworklsNETWORKIDNAMEDRIVERSCOPE92242fc0f805bridgebridgelocal96b999d7fcc2hosthostlocal17b86f9caa33nonenulllocal
不妨检查一下bridge:dockernetworkinspectbridge
"Containers":{"4b3500fed6b99c00b3ed1ae46bd6bc33040c77efdab343175363f32fbcf42e63":{"Name":"tomcat01","EndpointID":"40fc0925fcb59c9bb002779580107ab9601640188bf157fa57b1c2de9478053a","MacAddress":"02:42:ac:11:00:02","IPv4Address":"172.17.0.2/16","IPv6Address":""},"92d2ff3e9be523099ac4b45058c5bf4652a77a27b7053a9115ea565ab43f9ab0":{"Name":"tomcat02","EndpointID":"1d6c3bd73e3727dd368edf3cc74d2f01b5c458223f844d6188486cb26ea255bc","MacAddress":"02:42:ac:11:00:03","IPv4Address":"172.17.0.3/16","IPv6Address":""}}
在tomcat01容器中是可以访问互联网的,顺便把这张图画一下咯,NAT是通过iptables实现的
在这里插入图片描述
4.2自定义NetWork
创建一个network,类型为Bridge
dockernetworkcreatetomcat-net或者dockernetworkcreatetomcat-net--subnet=172.18.0.0/24tomcat-net
查看已有的NetWork:dockernetworkls
Billions项目组dockernetworklsNETWORKIDNAMEDRIVERSCOPEb5c9cfbc0410bridgebridgelocal96b999d7fcc2hosthostlocal17b86f9caa33nonenulllocal43915cba1f92tomcat-netbridgelocal
前Docker CEO加入Storj:Storj创始人Shawn Wilkinson称,原开源软件公司Docker的首席执行官Ben Golub将加入Storj,将有望加快Storj下一阶段的发展。Storj成立于2014年,目前在200个国家拥有9万个节点,每个月有6.9万注册用户,超过2.4亿笔交易。Storj全球均价1.11美元,上涨3.44%。[2018/3/13]
查看tomcat-net详情信息:dockernetworkinspecttomcat-net
Billions项目组dockerrun-d--namecustom-net-tomcat--networktomcat-nettomcat-ip:1.0264b3901f8f12fd7f4cc69810be6a24de48f82402b1e5b0df364bd1ee72d8f0e
查看custom-net-tomcat的网络信息:截取了关键信息
12:br-43915cba1f92:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:71:a6:67:c7brdff:ff:ff:ff:ff:ffinet172.18.0.1/16brd172.18.255.255scopeglobalbr-43915cba1f92valid_lftforeverpreferred_lftforeverinet6fe80::42:71ff:fea6:67c7/64scopelinkvalid_lftforeverpreferred_lftforever14:veth282a555@if13:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterbr-43915cba1f92stateUPgroupdefaultlink/ether3a:3d:83:15:3f:edbrdff:ff:ff:ff:ff:fflink-netnsid3inet6fe80::383d:83ff:fe15:3fed/64scopelinkvalid_lftforeverpreferred_lftforever
查看网卡接口信息
Billions项目组dockerexec-itcustom-net-tomcatping172.17.0.2PING172.17.0.2(172.17.0.2)56(84)bytesofdata.^C---172.17.0.2pingstatistics---3packetstransmitted,0received,100%packetloss,time2000ms
此时如果tomcat01容器能够连接上tomcat-net上应该就可以了
dockernetworkconnecttomcat-nettomcat01Billions项目组dockerexec-itcustom-net-tomcatpingtomcat01PINGtomcat01(172.18.0.3)56(84)bytesofdata.64bytesfromtomcat01.tomcat-net(172.18.0.3):icmp_seq=1ttl=64time=0.031ms
5深入分析Container网络-Host&None
5.1Host
Host模式下,容器将共享主机的网络堆栈,并且主机的所有接口都可供容器使用.容器的主机名将与主机系统上的主机名匹配
创建一个容器,并指定网络为host
dockerrun-d--namemy-tomcat-host--networkhosttomcat-ip:1.0
查看ip地址
dockerexec-itmy-tomcat-hostipa
检查host网络
dockernetworkinspecthost"Containers":{"f495a6892d422e61daab01e3fcfa4abb515753e5f9390af44c93cae376ca7464":{"Name":"my-tomcat-host","EndpointID":"77012b1ac5d15bde3105d2eb2fe0e58a5ef78fb44a88dc8b655d373d36cde5da","MacAddress":"","IPv4Address":"","IPv6Address":""}}
5.2None
None模式不会为容器配置任何IP,也不能访问外部网络以及其他容器.它具有环回地址,可用于运行批处理作业.
创建一个tomcat容器,并指定网络为none
dockerrun-d--namemy-tomcat-none--networknonetomcat-ip:1.0
查看ip地址
dockerexec-itmy-tomcat-none
检查none网络
dockernetworkinspectnone"Containers":{"c957b61dae93fbb9275acf73c370e5df1aaf44a986579ee43ab751f790220807":{"Name":"my-tomcat-none","EndpointID":"16bf30fb7328ceb433b55574dc071bf346efa58e2eb92b6f40d7a902ddc94293","MacAddress":"","IPv4Address":"","IPv6Address":""}}
6端口映射
创建一个tomcat容器,名称为port-tomcat
dockerrun-d--nameport-tomcattomcat-ip:1.0
思考如何访问tomcat的服务
dockerexec-itport-tomcatbashcurllocalhost:8080
如果要载centos7上访问呢
dockerexec-itport-tomcatipacurl172.17.0.4:8080
如果我们需要在centos中通过localhost来访问呢?这时我们就需要将port-tomcat中的8080端口映射到centos上了
dockerrm-fport-tomcatdockerrun-d--nameport-tomcat-p8090:8080tomcat-ip:1.0curllocalhost:8090
centos7是运行在win10上的虚拟机,如果想要在win10上通过ip:port方式访问呢?
Billions项目组这种方式等同于桥接网络。也可以给该网络指定使用物理机哪一块网卡,比如#config.vm.network"public_network",:bridge=>'en1:Wi-Fi(AirPort)'config.vm.network"public_network"centos7:ipa--->192.168.8.118win10:浏览器访问192.168.8.118:9080在这里插入图片描述
7多机之间通信
具体深入介绍会在DockerSwarm中详聊,本节简单介绍。
在同一台centos7机器上,发现无论怎么折腾,我们一定有办法让两个containerbqsp通信。那如果是在两台centos7机器上呢?画个图
在这里插入图片描述VXLAN技术实现:VirtualExtensibleLAN(虚拟可扩展局域网)。在这里插入图片描述
ps:掌握了Docker的网络,其实也就掌握整个技术的核心了,如果文章有帮助欢迎关注点赞收藏哦
https://www.ixiera.com
郑重声明: 本文版权归原作者所有, 转载文章仅为传播更多信息之目的, 如作者信息标记有误, 请第一时间联系我们修改或删除, 多谢。