1. Four Network Modes of Docker
| Network mode | To configure | Explain |
|---|---|---|
| host | -net=host | Container shares a network namespace and network protocol stack with host |
| container | -net=container:NAME or ID | Share a network namespace between containers |
| none | -net=none | Containers have separate network namespaces but do not have any network settings for them, such as assigning Veth pairs and bridge connections, configuring IP, and so on. |
| bridge | -net=bridge | Default mode |
host mode
If the host mode is used when starting a container, the container will not get a separate Network Namespace but will share a Network Namespace with the host.Containers will not virtual out their own network cards, configure their own IP, etc., but use the host's IP and port.However, other aspects of the container, such as the file system, process list, and so on, are isolated from the host.
Containers using host mode can communicate with the outside world directly using the host's IP address. Service ports inside the container can also use the host's port without NAT. The most advantage of hosts is that network performance is better, but ports already used on docker host can no longer be used and network isolation is poor.
container mode
This pattern specifies that the newly created container and an existing container share a Network Namespace instead of sharing it with the host.The newly created container does not create its own network card, configure its own IP, but shares IP, port range, and so on with a specified container.Similarly, the two containers are isolated except for network aspects, such as file systems, process lists, and so on.The processes of the two containers can communicate through the lo network card device.
bridge mode
When the Docker process starts, a virtual network bridge named docker0 is created on the host, and the Docker container started on the host connects to the virtual network bridge.Virtual bridges work like physical switches so that all containers on the host are connected to a two-tier network through the switches.
Assign an IP from the docker0 subnet to the container for use, and set the IP address of the docker0 as the default gateway for the container.Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container, named eth0 (the container's network card), and the other end in the host, named vethxxx after a similar name, and adds this network device to the docker0 bridge.You can view it through the brctl show command.
The bridge mode is the docker's default network mode, and the Write-net parameter is the bridge mode.When using docker run-p, docker actually makes DNA T rules in iptables to implement port forwarding.You can view it using iptables-t nat-vnL.
2. Doker Custom Network
2.1 docker default network list
[root@docker ~]# docker network list NETWORK ID NAME DRIVER SCOPE 830a2384b6ef bridge bridge local 75814a6a9369 host host local 64caab163028 none null local [root@docker ~]#
2.2 Custom Networks
Syntax: docker network create --subnet specified subnet segment subnet segment name
[root@docker ~]# docker network create --subnet 172.100.0.0/16 subnet01 549f92f97df5b0ead3eddc0083e4b80fd67031d09a59ed95ede805d070bb82c4 [root@docker ~]# docker netwokr list docker: 'netwokr' is not a docker command. See 'docker --help' [root@docker ~]# docker network list NETWORK ID NAME DRIVER SCOPE 830a2384b6ef bridge bridge local 75814a6a9369 host host local 64caab163028 none null local 549f92f97df5 subnet01 bridge local [root@docker ~]#
2.3 Specify a fixed IP when creating containers
Syntax: docker run -[i, t, d] -- name container name -- network name specified by net -- subnet IP of network name specified by IP needs to be mirrored to run [run environment: /bin/bash/bin/sh/bin/init]
[root@docker ~]# docker run -itd --name centos01 --net subnet01 --ip 172.100.0.2 centos:7 /bin/bash
da6b97c02eef994139c33a77992b2770b6d9ffecabbe9ed450da089df0bf9d03
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
da6b97c02eef centos:7 "/bin/bash" 2 seconds ago Up 2 seconds centos01
[root@docker ~]# docker inspect centos01 | grep "IPAdd"
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAddress": "172.100.0.2",
[root@docker ~]#
2.4 Exposed Port
[root@docker ~]# Docker run-d --name nginx_01-P nginx:latest // -P indicates random exposure of one port host (range 49153-65535) b7e746884fd5a4dfb46403dbe094014397c0fce43f18e37af8e75dbbe661b8e2 [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b7e746884fd5 nginx:latest "/docker-entrypoint...." 4 seconds ago Up 3 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp nginx_01 da6b97c02eef centos:7 "/bin/bash" 7 minutes ago Up 7 minutes centos01 [root@docker ~]# Docker run-d --name nginx_02-p 80:80 nginx:latest //-p Need to manually specify the port exposed to the host 2e7fc63828f3bd551ccc6d31ed3029e0aaf754273ed890112f438553cad3ed35 [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 2e7fc63828f3 nginx:latest "/docker-entrypoint...." 2 seconds ago Up 1 second 0.0.0.0:80->80/tcp, :::80->80/tcp nginx_02 b7e746884fd5 nginx:latest "/docker-entrypoint...." 23 seconds ago Up 22 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp nginx_01 da6b97c02eef centos:7 "/bin/bash" 8 minutes ago Up 8 minutes centos01 [root@docker ~]#
2.5 Containers interconnected
Container interconnection is the establishment of a dedicated network communication tunnel between containers by the name of the container, thus enabling the interconnection of containers.
Use the --link option when running docker run to connect containers.
The format is--link name:alias where name is the container name to be joined alias is the alias for this connection
Note: Container interconnection is achieved by the name of the container, - name can create a name (unique) for the container. If a container with the same name has already been named, you need to delete the container with the same name you created before you want to use the container name again.
[root@docker ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2e7fc63828f3 nginx:latest "/docker-entrypoint...." 2 seconds ago Up 1 second 0.0.0.0:80->80/tcp, :::80->80/tcp nginx_02
b7e746884fd5 nginx:latest "/docker-entrypoint...." 23 seconds ago Up 22 seconds 0.0.0.0:49153->80/tcp, :::49153->80/tcp nginx_01
da6b97c02eef centos:7 "/bin/bash" 8 minutes ago Up 8 minutes centos01
[root@docker ~]# docker run -d --name nginx_03 -P --link nginx_02:nginx03_link_nginx02 nginx:latest
You need to follow the container here nginx_02 Signal communication
f6bd68ad95e507ae3510556e9049aef99bb53963894bd6844145c705320ab91f
[root@docker ~]# docker exec -it nginx_03 /bin/bash
root@f6bd68ad95e5:/# ping nginx_02
bash: ping: command not found //Tip has no ping command
root@f6bd68ad95e5:/# Apt-get update & & apt-get install iputils-ping //download ping command
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [122 kB]
Get:3 http://security.debian.org/debian-security buster/updates/main amd64 Packages [302 kB]
Get:4 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [15.2 kB]
Fetched 8464 kB in 1min 45s (80.9 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libcap2 libcap2-bin libpam-cap
The following NEW packages will be installed:
iputils-ping libcap2 libcap2-bin libpam-cap
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 104 kB of archives.
After this operation, 319 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
......Omit some content
Setting up iputils-ping (3:20180629-2+deb10u2) ...
Processing triggers for libc-bin (2.28-10) ...
root@f6bd68ad95e5:/# ping nginx_02 //Container interconnection succeeded
PING nginx03_link_nginx02 (172.17.0.3) 56(84) bytes of data.
64 bytes from nginx03_link_nginx02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.229 ms
64 bytes from nginx03_link_nginx02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.096 ms
64 bytes from nginx03_link_nginx02 (172.17.0.3): icmp_seq=3 ttl=64 time=0.111 ms
^C
--- nginx03_link_nginx02 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.096/0.145/0.229/0.060 ms
root@f6bd68ad95e5:/#
3. Data Volumes and Data Volume Containers
In Docker, data management operations for containers are involved in order to manage data generated in containers or configuration files for services.
There are two main ways to manage data in a Docker container: Data Volume and Data Volumes Containers.
3.1 Create a data volume
Syntax: docker run-v [name1] -v [name2]...--name Container name Mirror name: Label
-v can create data volumes in containers, multiple-v can create multiple
Create Container centos01 And mount the data volume to the container's /data1 /data2 On Directory [root@docker ~]# docker run -itd -v /data1 -v /data2 --name centos01 centos:7 /bin/bash addab0d2f660deed30f45cd8eb4e353491201f0dbc482973d780157c498b22de [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES addab0d2f660 centos:7 "/bin/bash" 7 seconds ago Up 7 seconds centos01 [root@docker ~]# docker exec -it centos01 /bin/bash [root@addab0d2f660 /]# ll total 12 -rw-r--r-- 1 root root 12114 Nov 13 2020 anaconda-post.log lrwxrwxrwx 1 root root 7 Nov 13 2020 bin -> usr/bin drwxr-xr-x 2 root root 6 Sep 6 16:16 data1 drwxr-xr-x 2 root root 6 Sep 6 16:16 data2 ......Omit some content [root@addab0d2f660 /]#
3.2 Mount the host directory as a data volume
Syntax: docker run-v/ Host Directory 1:/container directory 1-v/ Host Directory 2:/container directory 2...--name container name mirror name: label
-v can create data volumes in containers, multiple-v can create multiple
Note: The mounted host local directory must be an absolute path, and if the host does not, the directory will be automatically created and altered, as will the container
Create the container centos02 and mount the host's/data1/data2 directory to the container's/data1/data2 directory
[root@docker ~]# docker run -itd -v /data1:/data1 -v /data2:/data2 --name centos02 c e04e4f382b3ff74396ec3eb2162ca765207e0c4bac8d1f61b45f48aed3c79bb7 [root@docker ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAM e04e4f382b3f centos:7 "/bin/bash" 4 seconds ago Up 3 seconds cen addab0d2f660 centos:7 "/bin/bash" 8 minutes ago Up 8 minutes cen [root@docker ~]#
Host to see if a mount directory has been created
[root@docker ~]# cd / [root@docker /]# ls bin data1 dev home lib64 mnt proc run srv tmp var boot data2 etc lib media opt root sbin sys usr
Create files and append content in the host mounted directory
[root@docker /]# cd data1 [root@docker data1]# echo "hell" >> 1.txt [root@docker data1]# cd /data2 [root@docker data2]# echo "world" >> 2.txt [root@docker data2]#
Enter the container to see if it is synchronized
[root@docker ~]# docker exec -it centos02 /bin/bash [root@e04e4f382b3f /]# ls anaconda-post.log data1 dev home lib64 mnt proc run srv tmp var bin data2 etc lib media opt root sbin sys usr [root@e04e4f382b3f /]# cd /data1 [root@e04e4f382b3f data1]# ls 1.txt [root@e04e4f382b3f data1]# cat 1.txt hell [root@e04e4f382b3f data1]# cd /data2 [root@e04e4f382b3f data2]# ls 2.txt [root@e04e4f382b3f data2]# cat 2.txt world [root@e04e4f382b3f data2]#