docker默认网段修改、docker网桥、docker network、用户自定义网桥
修改docker默认网段的方法创建网桥 然后使用新建的网桥作为默认网桥(非自定义网桥)[root@VM_0_12_centos ~]# yum install bridge-utilsLoaded plugins: fastestmirror, langpacksRepository epel is listed more than once in the configuration...
·
修改docker默认网段的两种方法
- 创建网桥 然后使用新建的网桥作为默认网桥(非自定义网桥)
[root@VM_0_12_centos ~]# yum install bridge-utils
Loaded plugins: fastestmirror, langpacks
Repository epel is listed more than once in the configuration
docker-ce-stable | 3.5 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
mysql-connectors-community | 2.5 kB 00:00:00
mysql-tools-community | 2.5 kB 00:00:00
mysql57-community | 2.5 kB 00:00:00
nodesource | 2.5 kB 00:00:00
os | 3.6 kB 00:00:00
updates | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
Package bridge-utils-1.5-9.el7.x86_64 already installed and latest version
Nothing to do
[root@VM_0_12_centos ~]# brctl addbr br0
device br0 already exists; can't create bridge with the same name
[root@VM_0_12_centos ~]# brctl addbr br1
[root@VM_0_12_centos ~]# ip addr add 10.122.0.0/16 dev br1
[root@VM_0_12_centos ~]# ip link set dev br1 up
[root@VM_0_12_centos ~]# ip addr show br1
123: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
link/ether ee:6e:b7:fb:4a:97 brd ff:ff:ff:ff:ff:ff
inet 10.122.0.0/16 scope global br1
valid_lft forever preferred_lft forever
[root@VM_0_12_centos ~]# vim /etc/docker/daemon.json
[root@VM_0_12_centos ~]# cat /etc/docker/daemon.json
{
"bridge": "br1"
}
[root@VM_0_12_centos ~]# systemctl restart docker.service
[root@VM_0_12_centos ~]# docker run -it --rm busybox cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.122.0.3 51c410e24a69
[root@VM_0_12_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
03faaf61101a bridge bridge local
d08980b50bd0 bridge0 bridge local
7a093c39f225 bridge3 bridge local
117f13eb9ab8 host host local
206f66306972 none null local
[root@VM_0_12_centos ~]# docker network inspect bridge -f '{{json .Options }}'
{"com.docker.network.bridge.default_bridge":"true","com.docker.network.bridge.enable_icc":"true","com.docker.network.bridge.enable_ip_masquerade":"true","com.docker.network.bridge.host_binding_ipv4":"0.0.0.0","com.docker.network.bridge.name":"br1","com.docker.network.driver.mtu":"1500"}
[root@VM_0_12_centos ~]# docker network inspect bridge -f '{{index .Options "com.docker.network.bridge.name"}}'
br1
容器的ip 显示docker的网桥设置已生效
2.修改默认网桥网段(docker0)
[root@VM_0_12_centos ~]# vim /etc/docker/daemon.json
[root@VM_0_12_centos ~]# cat /etc/docker/daemon.json
{
"bip": "10.125.0.1/16"
}
[root@VM_0_12_centos ~]# systemctl restart docker
[root@VM_0_12_centos ~]# docker run -it --rm busybox cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.125.0.3 e294ad32d849
[root@VM_0_12_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
da4f0fc850ad bridge bridge local
d08980b50bd0 bridge0 bridge local
7a093c39f225 bridge3 bridge local
117f13eb9ab8 host host local
206f66306972 none null local
[root@VM_0_12_centos ~]# docker network inspect bridge -f '{{index .Options "com.docker.network.bridge.name"}}'
docker0
上述是两种方法修改docker容器网段的方法, 本质是一样的(原因下述),都是docker的默认网桥,只是名字不一样,并不是自定义网桥,因此推荐第二种修改docker网段的方法。 而docker自定义网桥的功能,只有在docker network 创建的才有自定义网桥的种种便利及特性。
docker 自定义网桥
自定义网桥的优势
- 可以指定别名, 基于docker内部的DNS 实现别名解析ip
- 可以指定容器一个固定ip
- 首先测试下默认网桥是否可以是使用上述功能(切换至br1网桥)
[root@VM_0_12_centos ~]# vim /etc/docker/daemon.json
[root@VM_0_12_centos ~]# cat /etc/docker/daemon.json
{
"bridge": "br1"
}
[root@VM_0_12_centos ~]# systemctl restart docker
[root@VM_0_12_centos ~]# docker run -it --rm busybox tail -n 1 /etc/hosts
10.122.0.3 4be7569b8933
[root@VM_0_12_centos ~]# ip addr show br1
123: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether fa:dd:bd:81:e2:14 brd ff:ff:ff:ff:ff:ff
inet 10.122.0.1/16 brd 10.122.255.255 scope global br1
valid_lft forever preferred_lft forever
[root@VM_0_12_centos ~]# docker run --network-alias my1 --hostname my1 -it busybox sh
docker: Error response from daemon: network-scoped alias is supported only for containers in user defined networks.
[root@VM_0_12_centos ~]# docker run --rm --ip 10.122.4.3 -it busybox sh
docker: Error response from daemon: user specified IP address is supported on user defined networks only.
[root@VM_0_12_centos ~]# # 上述报错说明: 重新创建的br1 并不是自定义网桥
[root@VM_0_12_centos ~]# # 创建自定义网桥
[root@VM_0_12_centos ~]# docker network create --gateway=10.237.0.1 --subnet=10.237.0.0/16 br2
9f618061c9bd3d7ad8d41229e956504fe1a01dc6cb7b4ffd3557561d2d83736b
[root@VM_0_12_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
9f618061c9bd br2 bridge local
49afa1fe5079 bridge bridge local
d08980b50bd0 bridge0 bridge local
7a093c39f225 bridge3 bridge local
117f13eb9ab8 host host local
206f66306972 none null local
- 使用自定义网桥 ,并创建网络别名,hostname 查看ip
/ # [root@VM_0_12_centos ~]# docker run --network br2 --network-alias my1 --hostname my01 -it busybox sh
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
10.237.0.2 my01
- 使用自定义网桥 ,并创建网络别名,hostname 并指定固定ip查看ip
/ # [root@VM_0_12_centos ~]# docker run --network br2 --network-alias my2 --hostname my02 --ip 10.237.255.10 -it busybox sh
/ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
151: eth0@if152: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:0a:ed:ff:0a brd ff:ff:ff:ff:ff:ff
inet 10.237.255.10/16 brd 10.237.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # # ping my1
/ # ping my1
PING my1 (10.237.0.2): 56 data bytes
64 bytes from 10.237.0.2: seq=0 ttl=64 time=0.081 ms
64 bytes from 10.237.0.2: seq=1 ttl=64 time=0.093 ms
^C
--- my1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.081/0.087/0.093 ms
/ #
- 设定多个容器 网络别名为一个,测试可达到负载均衡的目的
# 启动三个统一网络别名的容器
[root@VM_0_12_centos ~]# docker run --network br2 --network-alias my1 -d --hostname my02 --ip 10.237.255.11 -it busybox
03b2ee5820e3718a8353ab900c586e0a4f2e2856a2bbf335039663e1d58f98f7
[root@VM_0_12_centos ~]# docker run --network br2 --network-alias my1 -d --hostname my02 --ip 10.237.255.13 -it busybox
11a3eb276ef4c94f195838162cf7894017fb6694d7fc54528e45558220238e12
[root@VM_0_12_centos ~]# docker run --network br2 --network-alias my1 -d --hostname my02 --ip 10.237.255.12 -it busybox
faf567c53db044cc8b5f22b3aba9c8f09b062d27a04df3a5cdaf4e4556bc194d
[root@VM_0_12_centos ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
faf567c53db0 busybox "sh" 3 minutes ago Up 3 minutes gallant_golick
11a3eb276ef4 busybox "sh" 3 minutes ago Up 3 minutes thirsty_nightingale
03b2ee5820e3 busybox "sh" 3 minutes ago Up 3 minutes amazing_sinoussi
e9f3d2fe4a8d busybox "sh" 40 minutes ago Up 40 minutes distracted_babbage
2c582cb994ed jpillora/dnsmasq "webproc --config /e…" 46 hours ago Up About an hour 0.0.0.0:53->53/udp, 0.0.0.0:5380->8080/tcp dnsmasq
[root@VM_0_12_centos ~]# for i in {1..10};do docker run --rm --network br2 --hostname my02 --ip 10.237.255.15 -it busybox ping -c 1 my1 |head -2;done
PING my1 (10.237.255.12): 56 data bytes
64 bytes from 10.237.255.12: seq=0 ttl=64 time=0.080 ms
PING my1 (10.237.255.12): 56 data bytes
64 bytes from 10.237.255.12: seq=0 ttl=64 time=0.095 ms
PING my1 (10.237.255.11): 56 data bytes
64 bytes from 10.237.255.11: seq=0 ttl=64 time=0.087 ms
PING my1 (10.237.255.11): 56 data bytes
64 bytes from 10.237.255.11: seq=0 ttl=64 time=0.080 ms
PING my1 (10.237.255.12): 56 data bytes
64 bytes from 10.237.255.12: seq=0 ttl=64 time=0.088 ms
PING my1 (10.237.255.13): 56 data bytes
64 bytes from 10.237.255.13: seq=0 ttl=64 time=0.085 ms
PING my1 (10.237.255.13): 56 data bytes
64 bytes from 10.237.255.13: seq=0 ttl=64 time=0.095 ms
PING my1 (10.237.255.13): 56 data bytes
64 bytes from 10.237.255.13: seq=0 ttl=64 time=0.091 ms
PING my1 (10.237.255.12): 56 data bytes
64 bytes from 10.237.255.12: seq=0 ttl=64 time=0.121 ms
PING my1 (10.237.255.13): 56 data bytes
64 bytes from 10.237.255.13: seq=0 ttl=64 time=0.100 ms
- 删除所有测试的镜像
[root@VM_0_12_centos ~]# docker rm -f `docker ps -a|grep busybox |cut -f 1 -d' '`
参考文章
未完待续
更多推荐
已为社区贡献1条内容
所有评论(0)