docker的常用操作之三:网络配置
一, docker安装后容器使用哪些网络类型?
在宿主机执行如下命令:
[root@localhost liuhongdi]# docker network ls NETWORK ID NAME DRIVER SCOPE f43428a9b90d bridge bridge local b153ea4b7c25 host host local a39980dd7100 none null local
说明:
1,bridge:桥接网络,默认使用的网络类型
每次Docker容器重启后,会按照顺序获取IP地址,
所以容器重启后IP地址有可能发生改变
2,none:无指定网络,容器就不会分配局域网的IP
即容器不创建任何网卡,此时容器里的网络只有lo
参数: --network=none
3,host: 主机网络
参数:--network=host
容器的网络会附属在主机上,两者是互通的。即容器与宿主机共享网络栈,
容器内的网络配置和宿主机完全一样,如果在容器中运行一个Web服务,监听80端口,
则主机的80端口会自动映射到容器
说明:三种网络类型选哪个?
host:网络性能最好,但与宿主机隔离不够好
none: 适用于不需要联网的容器,安全
bridge:日常的使用还是选这个
说明:刘宏缔的架构森林是一个专注架构的博客,
网站:https://blog.imgtouch.com
本文: https://blog.imgtouch.com/index.php/2023/05/20/docker-wang-luo-pei-zhi-chang-yong-cao-zuo-docker1903/
对应的源码可以访问这里获取: https://github.com/liuhongdi/
说明:作者:刘宏缔 邮箱: 371125307@qq.com
二,docker中如何创建一个自定义的网络?
1,首先查看系统自动分配的ip
[root@localhost liuhongdi]# docker inspect -f='{{.Name}} {{.NetworkSettings.IPAddress}} {{.HostConfig.PortBindings}}' $(docker ps -aq) /redismaster01 172.17.0.2 map[]
2,要避免和系统自动分配的ip相冲突,
我们创建一个172.18.的16位网段 给网络命名为 redis_network
[root@localhost liuhongdi]# docker network create --subnet=172.18.0.0/16 redis_network 1852e4c609b9d4c2965b3c2dff45eac036ae766633b860a5ac0495a5b48dfcc9
3,如何查看已创建的网段?
[root@localhost liuhongdi]# docker network ls | grep redis_network
1852e4c609b9 redis_network bridge local
可以看到我们创建的网段,它的类型是bridge
4,此网段如何与宿主机通信?
[root@localhost liuhongdi]# ifconfig br-1852e4c609b9: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255 ether 02:42:80:6f:8a:09 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
可以看到:宿主机上已创建了相应的ip,
且已经添加到了路由表
查看路由表:
[root@localhost liuhongdi]# route | grep 172.18. 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-1852e4c609b9
说明:因为宿主机已经使用了172.18.0.1这个ip,
所以我们在自己指定ip时,不要再使用这个ip地址
5,如何删除自己创建的网络:
[root@localhost liuhongdi]# docker network rm redis_network Error response from daemon: error while removing network: network redis_network id 1852e4c609b9d4c2965b3c2dff45eac036ae766633b860a5ac0495a5b48dfcc9 has active endpoints
用rm命令即可:
说明:因为网络中的ip正在使用中,所以报错,
应该让使用网络的容器先退出网络
三,容器启动时指定ip
1,启动容器:
注意:net/ip两个参数都要指定,
如果没有指定net,系统会使用 默认的bridge网络,
会导致我们指定的ip不起作用
[root@localhost liuhongdi]# docker run -itd --name redismaster01 --net redis_network --ip 172.18.1.1 centos:latest bbf9de07d91b39d93d12757f8af9ce59e4035bbb88c038bca2842740ebcfa439
2,进入容器查看ip地址
[root@localhost liuhongdi]# docker exec -it redismaster01 /bin/bash [root@bbf9de07d91b /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:12:01:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.18.1.1/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever
四,容器启动时提定hostname
1,启动容器时,用 --hostname参数指定
[root@localhost liuhongdi]# docker run -itd --name redismaster01 --hostname redismaster01 centos:latest 83d138f8ba7865504c6a5d88958c6deb2eca5975c482633c184817aa434ef761
2,查看启动是否成功
[root@localhost liuhongdi]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 83d138f8ba78 centos:latest "/bin/bash" 6 seconds ago Up 5 seconds redismaster01
3,登录到容器
[root@localhost liuhongdi]# docker exec -it redismaster01 /bin/bash [root@redismaster01 /]# more /etc/hostname redismaster01 [root@redismaster01 /]# hostname redismaster01
五,容器启动时做端口的映射
1,启动容器,映射端口到宿主机:
[root@localhost liuhongdi]# docker run -itd --privileged --name redismaster01 --net redis_network --ip 172.18.1.1 -p 80:80 centos:latest /usr/sbin/init 3223c71a1c864751171770288d431c5a180e3e2ddc7c6ba20891ac3d21534b36
说明:
-p ip:hostPort:containerPort
IP表示宿主机的IP地址 (有多个ip时可以在此指定)
hostPort表示宿主机的端口
containerPort表示容器的端口
2,进入容器,安装nginx
[root@localhost liuhongdi]# docker exec -it redismaster01 /bin/bash [root@3223c71a1c86 /]# [root@3223c71a1c86 /]# yum install nginx
3,启动nginx
[root@3223c71a1c86 /]# systemctl start nginx
4,从宿主机访问容器的ip,默认80端口
查看容器内的ip:
[root@3223c71a1c86 /]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:12:01:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 172.18.1.1/16 brd 172.18.255.255 scope global eth0 valid_lft forever preferred_lft forever
从宿主机访问容器的80端口:如图:
5,从其他机器访问宿主机的80端口
查看宿主机的ip
[root@localhost liuhongdi]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.3.237 netmask 255.255.255.0 broadcast 192.168.3.255 inet6 fe80::2785:9624:cea4:c935 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:bb:c5:a6 txqueuelen 1000 (Ethernet) RX packets 96871 bytes 70048332 (66.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 22116 bytes 1782228 (1.6 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
从其他机器访问宿主机ip的80端口:
如图:
说明:访问容器的80端口和访问宿主机的80端口都可以看到nginx的页面
表明端口映射成功
6,端口的映射可以用ps命令来查看
例:
[root@localhost liuhongdi]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3223c71a1c86 centos:latest "/usr/sbin/init" 21 minutes ago Up 21 minutes 0.0.0.0:80->80/tcp redismaster01
PORTS一栏显示了端口映射的情况
六,容器启动后自动运行服务
与上面的例子相同:
1,启动容器,映射端口到宿主机:
[root@localhost liuhongdi]# docker run -itd --privileged --name redismaster01 --net redis_network --ip 172.18.1.1 -p 80:80 centos:latest /usr/sbin/init 3223c71a1c864751171770288d431c5a180e3e2ddc7c6ba20891ac3d21534b36
2,进入容器,安装nginx
[root@localhost liuhongdi]# docker exec -it redismaster01 /bin/bash [root@3223c71a1c86 /]# yum install nginx
3,启动nginx
[root@3223c71a1c86 /]# systemctl start nginx
4,使nginx开机自动启动
[root@3223c71a1c86 /]# systemctl enable nginx
Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service
5,退出,commit成一个新image
[root@localhost liuhongdi]# docker commit redismaster01 nginxautoboot:0.1 sha256:ac63ced85342543038b91d272f203030426a99944c72be8cccfba9233d172b90
说明:redismaster01 原容器的名字
nginxautoboot:0.1 新image的名字和tag
6,运行新的image
[root@localhost liuhongdi]# docker run -itd --privileged --name nginx --net redis_network --ip 172.18.1.2 -p 8080:80 nginxautoboot:0.1 /usr/sbin/init b07a73a81a2c459bf33dffb195ecf29184f8ff0c54e616fbc7dc957215a84705 [root@localhost liuhongdi]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b07a73a81a2c nginxautoboot:0.1 "/usr/sbin/init" 5 seconds ago Up 4 seconds 0.0.0.0:8080->80/tcp nginx
7,访问ip,看nginx端口是否启动
http://172.18.1.2/
如图:
七,修改docker的image文件的保存位置
1,docker的镜像文件默认保存在:/var/lib/docker
[root@localhost liuhongdi]# ls /var/lib/docker builder buildkit containers image network overlay2 plugins runtimes swarm tmp trust volumes
2,创建目标目录:
[root@localhost data]# mkdir /data/docker
3,编辑配置文件,配置存储目录
[root@localhost data]# vi /etc/docker/daemon.json
增加一行
"graph": "/data/docker"
4,重启docker服务
[root@localhost data]# systemctl stop docker
[root@localhost data]# systemctl start docker
5,查看存储目录
查看存储的驱动
[root@localhost data]# docker info | grep 'Storage Driver' Storage Driver: overlay2
查看存储目录
[root@localhost data]# docker info | grep 'Docker Root Dir' Docker Root Dir: /data/docker
6,查看docker对存储空间的占用:
[root@localhost overlay2]# docker system df TYPE TOTAL ACTIVE SIZE RECLAIMABLE Images 5 2 1.001GB 919.6MB (91%) Containers 2 0 81.43MB 81.43MB (100%) Local Volumes 0 0 0B 0B Build Cache 0 0 0B 0B
7,清理docker对存储空间的占用:
使用prune命令
[root@localhost data]# docker system prune WARNING! This will remove: - all stopped containers - all networks not used by at least one container - all dangling images - all dangling build cache Are you sure you want to continue? [y/N]
可见会删除的内容有:
停掉的容器
没有容器使用的网络
dangling 镜像:build 镜像时产生的没有tag的无用镜像
dangling build cache: build镜像时产生的cache
八,查看本地centos的版本:
[root@localhost lib]# cat /etc/redhat-release CentOS Linux release 8.1.1911 (Core)