前面给大家项目的介绍了Docker的基础内容Docker基础篇接下来给大家系统的介绍下Docker高级篇的内容:网络核心、Docker实战、DockerCompose、Harbor以及Swarm。欢迎关注收藏哦
Docker网络介绍
Docker是基于LinuxKernel的namespace,CGroups,UnionFileSystem等技术封装成的一种自定义容器格式,从而提供了一套虚拟运行环境。
namespace:用来做隔离的,比如pid、net、mnt
CGroups:ControllerGroups用来做资源限制,比如内存和CPU等
UnionFileSystems:用来做Image和Container分层
1.计算机网络模型
Docker网络官网:https://docs.docker.com/network/。
OSI:开放系统互联参考模型(OpenSystemInterconnect)
TCP/IP:传输控制协议/网际协议(TransmissionControl/InternetProtocol),是指能够在多个不同网络间实现信息传输的协议簇。TCP/IP协议不仅仅指的是TCP和IP两个协议,而是指一个由FTP、SMTP、TCP、UDP、IP等协议构成的协议簇,只是因为在TCP/IP协议中TCP协议和IP协议最具代表性,所以被称为TCP/IP协议。
分层思想:分层的基本想法是每一层都在它的下层提供的服务基础上提供更高级的增值服务,而最高层提供能运行分布式应用程序的服务
在这里插入图片描述客户端发送请求:在这里插入图片描述
服务端接受请求:
在这里插入图片描述
2Liunx中网卡
2.1查看网卡信息
查看网卡的命令:ipa
$ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft85987secpreferred_lft85987secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
数据:iearn yUSD Exploiter将5200枚ETH转入TornadoCash:金色财经报道,MetaSleuth发推称,iearn yUSD Exploiter 正在将资金转入TornadoCash ,目前有5200枚ETH已被转入 Tornado Cash,约 150 万美元的资金在0xf22开头的钱包地址中。[2023/5/26 9:44:01]
通过ipa可以看到当前的centos中有的4个网卡信息作用分别是
名称作用lo本地网卡eth0连接网络的网卡eth1和宿主机通信的网卡docker0docker的网卡
iplinkshow:
$iplinkshow1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNmodeDEFAULTgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:002:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPmodeDEFAULTgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ff3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPmodeDEFAULTgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ff4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNmodeDEFAULTgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ff
以文件的形式查看网卡:ls/sys/class/net
$ls/sys/class/netdocker0eth0eth1lo
2.2配置文件
在Linux中网卡对应的其实就是文件,所以找到对应的网卡文件即可,存放的路径
$cd/etc/sysconfig/network-scripts/$lsifcfg-eth0ifdown-ethifdown-pppifdown-tunnelifup-ipppifup-postifup-TeamPortnetwork-functions-ipv6ifcfg-eth1ifdown-ipppifdown-routesifupifup-ipv6ifup-pppifup-tunnelifcfg-loifdown-ipv6ifdown-sitifup-aliasesifup-isdnifup-routesifup-wirelessifdownifdown-isdnifdown-Teamifup-bnepifup-plipifup-sitinit.ipv6-globalifdown-bnepifdown-postifdown-TeamPortifup-ethifup-plusbifup-Teamnetwork-functions
2.3网卡操作
网卡中增加ip地址
Billions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft84918secpreferred_lft84918secinet192.168.100.120/24scopeglobaleth0Billions项目组Billions项目组增加了一个IP地址valid_lftforeverpreferred_lftforeverinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlink/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
安全团队:MonoX攻击者将约1300枚ETH转入TornadoCash:金色财经报道,据派盾(PeckShield)监测,MonoX Finance的攻击者将约1,300枚ETH(约210万美元)转入TornadoCash。
2021年11月,MonoX Finance遭受黑客攻击,损失约3100万美元。[2022/9/6 13:11:25]
删除IP地址:ipaddrdelete192.168.100.120/24deveth0
Billions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft84847secpreferred_lft84847secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<NO-CARRIER,BROADCAST,MULTICAST,UP>mtu1500qdiscnoqueuestateDOWNgroupdefaultlik/ether02:42:bf:79:9f:debrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforever
2.4网卡信息解析
状态:UP/DOWN/UNKOWN等
link/ether:MAC地址
inet:绑定的IP地址
3NetworkNamespace
NetworkNamespace是实现网络虚拟化的重要功能,它能创建多个隔离的网络空间,它们有独自的网络栈信息。不管是虚拟机还是容器,运行的时候仿佛自己就在独立的网络中。
3.1NetworkNamespce实战
添加一个namespace
ipnetnsaddns1
查看当前具有的namespace
ipnetnslistBillions项目组ipnetnslistns1
删除namespace
ipnetnsdeletens1Billions项目组ipnetnslistns1Billions项目组ipnetnslistBillions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoopstateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00在这里插入图片描述启动网络状态
跨链桥Horizon攻击者从此前转移以太坊的新地址中再度转出6012枚以太坊,并已开始转入TornadoCash:6月27日消息,PeckShield在Twitter上表示,跨链桥Horizon攻击者此前转移了超1.8万枚以太坊的新地址(0x1ec6开头)向0x4507开头的新地址转出6012枚以太坊,并已开始转入TornadoCash。[2022/6/28 1:34:46]
ipnetnsexecns1ifuploBillions项目组ipnetnsexecns1ifuploBillions项目组
关掉网络状态
Billions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoqueuestateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00
还可以通过link来设置状态
Billions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforeverBillions项目组ipnetnsexecns1ipa1:lo:<LOOPBACK>mtu65536qdiscnoqueuestateDOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverBillions项目组ipnetnsaddns2Billions项目组ipnetnsexecns1iplink1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNmodeDEFAULTgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:006:veth-ns1@if5:<BROADCAST,MULTICAST>mtu1500qdiscnoopstateDOWNmodeDEFAULTgroupdefaultqlen1000link/ether7e:bb:ee:13:a2:9abrdff:ff:ff:ff:ff:fflink-netnsid1Billions项目组ipnetnsexecns1iplinksetveth-ns1upBillions项目组ipa1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNgroupdefaultqlen1000link/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostlovalid_lftforeverpreferred_lftforeverinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether52:54:00:4d:77:d3brdff:ff:ff:ff:ff:ffinet10.0.2.15/24brd10.0.2.255scopeglobalnoprefixroutedynamiceth0valid_lft66199secpreferred_lft66199secinet6fe80::5054:ff:fe4d:77d3/64scopelinkvalid_lftforeverpreferred_lftforever3:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPgroupdefaultqlen1000link/ether08:00:27:6e:31:45brdff:ff:ff:ff:ff:ffinet192.168.56.10/24brd192.168.56.255scopeglobalnoprefixrouteeth1valid_lftforeverpreferred_lftforeverinet6fe80::a00:27ff:fe6e:3145/64scopelinkvalid_lftforeverpreferred_lftforever4:docker0:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:52:d4:0a:9fbrdff:ff:ff:ff:ff:ffinet172.17.0.1/16brd172.17.255.255scopeglobaldocker0valid_lftforeverpreferred_lftforeverinet6fe80::42:52ff:fed4:a9f/64scopelinkvalid_lftforeverpreferred_lftforever24:veth78a90d0@if23:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/ether7e:6b:8c:bf:7e:30brdff:ff:ff:ff:ff:fflink-netnsid2inet6fe80::7c6b:8cff:febf:7e30/64scopelinkvalid_lftforeverpreferred_lftforever26:vetha2bfbf4@if25:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterdocker0stateUPgroupdefaultlink/etherce:2f:ed:e5:61:32brdff:ff:ff:ff:ff:fflink-netnsid3inet6fe80::cc2f:edff:fee5:6132/64scopelinkvalid_lftforeverpreferred_lftforever
火币将于12月31日20:00暂停DOCK充提业务:据官方公告,为支持DOCK主网切换,Huobi Global将于2020年12月31日20:00暂停DOCK充币和提币业务。[2020/12/31 16:10:16]
然后查看tomcat01中的网络:dockerexec-ittomcat01ipa可以发现
Billions项目组ping172.17.0.2PING172.17.0.2(172.17.0.2)56(84)bytesofdata.64bytesfrom172.17.0.2:icmp_seq=1ttl=64time=0.038ms64bytesfrom172.17.0.2:icmp_seq=2ttl=64time=0.038ms^C---172.17.0.2pingstatistics---2packetstransmitted,2received,0%packetloss,time999msrttmin/avg/max/mdev=0.038/0.038/0.038/0.000ms
既然可以ping通,而且centos和tomcat01又属于两个不同的NetWorkNameSpace,他们是怎么连接的?看图
在这里插入图片描述其实在tomcat01中有一个eth0和centos的docker0中有一个veth是成对的,类似于之前实战中的veth-ns1和veth-ns2,要确认也很简单
yuminstallbridge-utilsbrctlshow
执行
Billions项目组dockernetworklsNETWORKIDNAMEDRIVERSCOPE92242fc0f805bridgebridgelocal96b999d7fcc2hosthostlocal17b86f9caa33nonenulllocal
不妨检查一下bridge:dockernetworkinspectbridge
"Containers":{"4b3500fed6b99c00b3ed1ae46bd6bc33040c77efdab343175363f32fbcf42e63":{"Name":"tomcat01","EndpointID":"40fc0925fcb59c9bb002779580107ab9601640188bf157fa57b1c2de9478053a","MacAddress":"02:42:ac:11:00:02","IPv4Address":"172.17.0.2/16","IPv6Address":""},"92d2ff3e9be523099ac4b45058c5bf4652a77a27b7053a9115ea565ab43f9ab0":{"Name":"tomcat02","EndpointID":"1d6c3bd73e3727dd368edf3cc74d2f01b5c458223f844d6188486cb26ea255bc","MacAddress":"02:42:ac:11:00:03","IPv4Address":"172.17.0.3/16","IPv6Address":""}}
在tomcat01容器中是可以访问互联网的,顺便把这张图画一下咯,NAT是通过iptables实现的
在这里插入图片描述
4.2自定义NetWork
创建一个network,类型为Bridge
dockernetworkcreatetomcat-net或者dockernetworkcreatetomcat-net--subnet=172.18.0.0/24tomcat-net
查看已有的NetWork:dockernetworkls
Billions项目组dockernetworklsNETWORKIDNAMEDRIVERSCOPEb5c9cfbc0410bridgebridgelocal96b999d7fcc2hosthostlocal17b86f9caa33nonenulllocal43915cba1f92tomcat-netbridgelocal
Dock区块链正在集成Chainlink DOCK/USD喂价:据Chainlink官方消息,信任证管理区块链Dock正在集成Chainlink DOCK/USD喂价,Dock将使用这一预言机喂价对以美元为其网络服务定价,以降低汇率风险。[2020/12/16 15:20:03]
查看tomcat-net详情信息:dockernetworkinspecttomcat-net
Billions项目组dockerrun-d--namecustom-net-tomcat--networktomcat-nettomcat-ip:1.0264b3901f8f12fd7f4cc69810be6a24de48f82402b1e5b0df364bd1ee72d8f0e
查看custom-net-tomcat的网络信息:截取了关键信息
12:br-43915cba1f92:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuestateUPgroupdefaultlink/ether02:42:71:a6:67:c7brdff:ff:ff:ff:ff:ffinet172.18.0.1/16brd172.18.255.255scopeglobalbr-43915cba1f92valid_lftforeverpreferred_lftforeverinet6fe80::42:71ff:fea6:67c7/64scopelinkvalid_lftforeverpreferred_lftforever14:veth282a555@if13:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscnoqueuemasterbr-43915cba1f92stateUPgroupdefaultlink/ether3a:3d:83:15:3f:edbrdff:ff:ff:ff:ff:fflink-netnsid3inet6fe80::383d:83ff:fe15:3fed/64scopelinkvalid_lftforeverpreferred_lftforever
查看网卡接口信息
Billions项目组dockerexec-itcustom-net-tomcatping172.17.0.2PING172.17.0.2(172.17.0.2)56(84)bytesofdata.^C---172.17.0.2pingstatistics---3packetstransmitted,0received,100%packetloss,time2000ms
此时如果tomcat01容器能够连接上tomcat-net上应该就可以了
dockernetworkconnecttomcat-nettomcat01Billions项目组dockerexec-itcustom-net-tomcatpingtomcat01PINGtomcat01(172.18.0.3)56(84)bytesofdata.64bytesfromtomcat01.tomcat-net(172.18.0.3):icmp_seq=1ttl=64time=0.031ms
5深入分析Container网络-Host&None
5.1Host
Host模式下,容器将共享主机的网络堆栈,并且主机的所有接口都可供容器使用.容器的主机名将与主机系统上的主机名匹配
创建一个容器,并指定网络为host
dockerrun-d--namemy-tomcat-host--networkhosttomcat-ip:1.0
查看ip地址
dockerexec-itmy-tomcat-hostipa
检查host网络
dockernetworkinspecthost"Containers":{"f495a6892d422e61daab01e3fcfa4abb515753e5f9390af44c93cae376ca7464":{"Name":"my-tomcat-host","EndpointID":"77012b1ac5d15bde3105d2eb2fe0e58a5ef78fb44a88dc8b655d373d36cde5da","MacAddress":"","IPv4Address":"","IPv6Address":""}}
5.2None
None模式不会为容器配置任何IP,也不能访问外部网络以及其他容器.它具有环回地址,可用于运行批处理作业.
创建一个tomcat容器,并指定网络为none
dockerrun-d--namemy-tomcat-none--networknonetomcat-ip:1.0
查看ip地址
dockerexec-itmy-tomcat-none
检查none网络
dockernetworkinspectnone"Containers":{"c957b61dae93fbb9275acf73c370e5df1aaf44a986579ee43ab751f790220807":{"Name":"my-tomcat-none","EndpointID":"16bf30fb7328ceb433b55574dc071bf346efa58e2eb92b6f40d7a902ddc94293","MacAddress":"","IPv4Address":"","IPv6Address":""}}
6端口映射
创建一个tomcat容器,名称为port-tomcat
dockerrun-d--nameport-tomcattomcat-ip:1.0
思考如何访问tomcat的服务
dockerexec-itport-tomcatbashcurllocalhost:8080
如果要载centos7上访问呢
dockerexec-itport-tomcatipacurl172.17.0.4:8080
如果我们需要在centos中通过localhost来访问呢?这时我们就需要将port-tomcat中的8080端口映射到centos上了
dockerrm-fport-tomcatdockerrun-d--nameport-tomcat-p8090:8080tomcat-ip:1.0curllocalhost:8090
centos7是运行在win10上的虚拟机,如果想要在win10上通过ip:port方式访问呢?
Billions项目组这种方式等同于桥接网络。也可以给该网络指定使用物理机哪一块网卡,比如#config.vm.network"public_network",:bridge=>'en1:Wi-Fi(AirPort)'config.vm.network"public_network"centos7:ipa--->192.168.8.118win10:浏览器访问192.168.8.118:9080在这里插入图片描述
7多机之间通信
具体深入介绍会在DockerSwarm中详聊,本节简单介绍。
在同一台centos7机器上,发现无论怎么折腾,我们一定有办法让两个container通信。那如果是在两台centos7机器上呢?画个图
在这里插入图片描述VXLAN技术实现:VirtualExtensibleLAN(虚拟可扩展局域网)。在这里插入图片描述
ps:掌握了Docker的网络,其实也就掌握整个技术的核心了,如果文章有帮助欢迎关注点赞收藏哦
https://www.ixiera.com
问题: 电脑还是手机都会经常不定时出现打不开网页,但是可以访问内网段设备的情况。需要重启openwrt,或者随便点一处“保存并应有”才能上网,不定时又会出现打不开网页,打开openwrt日志后发.
1900/1/1 0:00:00文/于斌 投资虚拟币,ICO的人士最近可能心情都不太美丽,9月4日中国政府发布防范代币发行融资风险的公告,ICO被定性为非法集资,随后的18个小时内.
1900/1/1 0:00:002月28日,百度发布2019年第四季度及全年未经审计的财务报告。财报显示,截至2019年12月31日,第四季度,百度实现营收289亿元人民币,归属百度的净利润达到92亿元人民币,同比增长95%;.
1900/1/1 0:00:00随着比特币启动隔离验证和区块容量扩容的消息带来的新一波暴涨行情,再加上席卷全球的勒索病点名只接受比特币“赎金”,比特币又一次进入大众视野.
1900/1/1 0:00:00涪陵榨菜发布2016年度业绩快报,公司去年总营收约11.2亿元人民币,同比增长20.34%,归属于上市公司股东的净利润约2.57亿元人民币,同比增长63.5%.
1900/1/1 0:00:002017-09-04原创互金咖“币民永远记住2017年9月4号下午15点!多少人血本无归啊,心痛!”这是一个币圈投资人在交易平台的留言。一个看似美丽的“郁金香泡沫”就这样轻轻被戳破了.
1900/1/1 0:00:00