Docker Network Mode, Data Volume, and Data Volume Container

Keywords: Operation & Maintenance Docker

;

1. Four Network Modes of Docker

Network modeTo configureExplain
host-net=hostContainer shares a network namespace and network protocol stack with host
container-net=container:NAME or IDShare a network namespace between containers
none-net=noneContainers have separate network namespaces but do not have any network settings for them, such as assigning Veth pairs and bridge connections, configuring IP, and so on.
bridge-net=bridgeDefault mode

host mode

If the host mode is used when starting a container, the container will not get a separate Network Namespace but will share a Network Namespace with the host.Containers will not virtual out their own network cards, configure their own IP, etc., but use the host's IP and port.However, other aspects of the container, such as the file system, process list, and so on, are isolated from the host.

Containers using host mode can communicate with the outside world directly using the host's IP address. Service ports inside the container can also use the host's port without NAT. The most advantage of hosts is that network performance is better, but ports already used on docker host can no longer be used and network isolation is poor.

container mode

This pattern specifies that the newly created container and an existing container share a Network Namespace instead of sharing it with the host.The newly created container does not create its own network card, configure its own IP, but shares IP, port range, and so on with a specified container.Similarly, the two containers are isolated except for network aspects, such as file systems, process lists, and so on.The processes of the two containers can communicate through the lo network card device.

bridge mode

When the Docker process starts, a virtual network bridge named docker0 is created on the host, and the Docker container started on the host connects to the virtual network bridge.Virtual bridges work like physical switches so that all containers on the host are connected to a two-tier network through the switches.

Assign an IP from the docker0 subnet to the container for use, and set the IP address of the docker0 as the default gateway for the container.Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container, named eth0 (the container's network card), and the other end in the host, named vethxxx after a similar name, and adds this network device to the docker0 bridge.You can view it through the brctl show command.

The bridge mode is the docker's default network mode, and the Write-net parameter is the bridge mode.When using docker run-p, docker actually makes DNA T rules in iptables to implement port forwarding.You can view it using iptables-t nat-vnL.

2. Doker Custom Network

2.1 docker default network list

[root@docker ~]# docker network list
NETWORK ID     NAME      DRIVER    SCOPE
830a2384b6ef   bridge    bridge    local
75814a6a9369   host      host      local
64caab163028   none      null      local
[root@docker ~]# 

2.2 Custom Networks

Syntax: docker network create --subnet specified subnet segment subnet segment name

[root@docker ~]# docker network create --subnet 172.100.0.0/16 subnet01
549f92f97df5b0ead3eddc0083e4b80fd67031d09a59ed95ede805d070bb82c4
[root@docker ~]# docker netwokr list
docker: 'netwokr' is not a docker command.
See 'docker --help'
[root@docker ~]# docker network list
NETWORK ID     NAME       DRIVER    SCOPE
830a2384b6ef   bridge     bridge    local
75814a6a9369   host       host      local
64caab163028   none       null      local
549f92f97df5   subnet01   bridge    local
[root@docker ~]# 

2.3 Specify a fixed IP when creating containers

Syntax: docker run -[i, t, d] -- name container name -- network name specified by net -- subnet IP of network name specified by IP needs to be mirrored to run [run environment: /bin/bash/bin/sh/bin/init]

[root@docker ~]# docker run -itd --name centos01 --net subnet01 --ip 172.100.0.2 centos:7 /bin/bash
da6b97c02eef994139c33a77992b2770b6d9ffecabbe9ed450da089df0bf9d03
[root@docker ~]# docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED         STATUS         PORTS     NAMES
da6b97c02eef   centos:7   "/bin/bash"   2 seconds ago   Up 2 seconds             centos01
[root@docker ~]# docker inspect centos01 | grep "IPAdd"
            "SecondaryIPAddresses": null,
            "IPAddress": "",
                    "IPAddress": "172.100.0.2",
[root@docker ~]# 

2.4 Exposed Port

[root@docker ~]# Docker run-d --name nginx_01-P nginx:latest // -P indicates random exposure of one port host (range 49153-65535)
b7e746884fd5a4dfb46403dbe094014397c0fce43f18e37af8e75dbbe661b8e2
[root@docker ~]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS         PORTS                                     NAMES
b7e746884fd5   nginx:latest   "/docker-entrypoint...."   4 seconds ago   Up 3 seconds   0.0.0.0:49153->80/tcp, :::49153->80/tcp   nginx_01
da6b97c02eef   centos:7       "/bin/bash"              7 minutes ago   Up 7 minutes                                             centos01
[root@docker ~]# Docker run-d --name nginx_02-p 80:80 nginx:latest //-p Need to manually specify the port exposed to the host
2e7fc63828f3bd551ccc6d31ed3029e0aaf754273ed890112f438553cad3ed35
[root@docker ~]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS          PORTS                                     NAMES
2e7fc63828f3   nginx:latest   "/docker-entrypoint...."   2 seconds ago    Up 1 second     0.0.0.0:80->80/tcp, :::80->80/tcp         nginx_02
b7e746884fd5   nginx:latest   "/docker-entrypoint...."   23 seconds ago   Up 22 seconds   0.0.0.0:49153->80/tcp, :::49153->80/tcp   nginx_01
da6b97c02eef   centos:7       "/bin/bash"              8 minutes ago    Up 8 minutes                                              centos01
[root@docker ~]# 

2.5 Containers interconnected

Container interconnection is the establishment of a dedicated network communication tunnel between containers by the name of the container, thus enabling the interconnection of containers.
Use the --link option when running docker run to connect containers.
The format is--link name:alias where name is the container name to be joined alias is the alias for this connection
Note: Container interconnection is achieved by the name of the container, - name can create a name (unique) for the container. If a container with the same name has already been named, you need to delete the container with the same name you created before you want to use the container name again.

[root@docker ~]# docker ps -a
CONTAINER ID   IMAGE          COMMAND                  CREATED          STATUS          PORTS                                     NAMES
2e7fc63828f3   nginx:latest   "/docker-entrypoint...."   2 seconds ago    Up 1 second     0.0.0.0:80->80/tcp, :::80->80/tcp         nginx_02
b7e746884fd5   nginx:latest   "/docker-entrypoint...."   23 seconds ago   Up 22 seconds   0.0.0.0:49153->80/tcp, :::49153->80/tcp   nginx_01
da6b97c02eef   centos:7       "/bin/bash"              8 minutes ago    Up 8 minutes                                              centos01
[root@docker ~]# docker run -d --name nginx_03 -P --link nginx_02:nginx03_link_nginx02 nginx:latest 
                                                  You need to follow the container here nginx_02 Signal communication
f6bd68ad95e507ae3510556e9049aef99bb53963894bd6844145c705320ab91f
[root@docker ~]# docker exec -it nginx_03 /bin/bash
root@f6bd68ad95e5:/# ping nginx_02
bash: ping: command not found //Tip has no ping command
root@f6bd68ad95e5:/# Apt-get update & & apt-get install iputils-ping //download ping command
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://deb.debian.org/debian buster InRelease [122 kB]                  
Get:3 http://security.debian.org/debian-security buster/updates/main amd64 Packages [302 kB]
Get:4 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [15.2 kB]                                                                                           
Fetched 8464 kB in 1min 45s (80.9 kB/s)                                                                                                                                   
Reading package lists... Done
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following additional packages will be installed:
  libcap2 libcap2-bin libpam-cap
The following NEW packages will be installed:
  iputils-ping libcap2 libcap2-bin libpam-cap
0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 104 kB of archives.
After this operation, 319 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
......Omit some content
Setting up iputils-ping (3:20180629-2+deb10u2) ...
Processing triggers for libc-bin (2.28-10) ...
root@f6bd68ad95e5:/# ping nginx_02 //Container interconnection succeeded
PING nginx03_link_nginx02 (172.17.0.3) 56(84) bytes of data.
64 bytes from nginx03_link_nginx02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.229 ms
64 bytes from nginx03_link_nginx02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.096 ms
64 bytes from nginx03_link_nginx02 (172.17.0.3): icmp_seq=3 ttl=64 time=0.111 ms
^C
--- nginx03_link_nginx02 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.096/0.145/0.229/0.060 ms
root@f6bd68ad95e5:/# 

3. Data Volumes and Data Volume Containers

In Docker, data management operations for containers are involved in order to manage data generated in containers or configuration files for services.
There are two main ways to manage data in a Docker container: Data Volume and Data Volumes Containers.

3.1 Create a data volume

Syntax: docker run-v [name1] -v [name2]...--name Container name Mirror name: Label
-v can create data volumes in containers, multiple-v can create multiple

Create Container centos01 And mount the data volume to the container's /data1 /data2 On Directory
[root@docker ~]# docker run -itd -v /data1 -v /data2 --name centos01 centos:7 /bin/bash
addab0d2f660deed30f45cd8eb4e353491201f0dbc482973d780157c498b22de
[root@docker ~]# docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED         STATUS         PORTS     NAMES
addab0d2f660   centos:7   "/bin/bash"   7 seconds ago   Up 7 seconds             centos01
[root@docker ~]# docker exec -it centos01 /bin/bash
[root@addab0d2f660 /]# ll
total 12
-rw-r--r--   1 root root 12114 Nov 13  2020 anaconda-post.log
lrwxrwxrwx   1 root root     7 Nov 13  2020 bin -> usr/bin
drwxr-xr-x   2 root root     6 Sep  6 16:16 data1
drwxr-xr-x   2 root root     6 Sep  6 16:16 data2
......Omit some content
[root@addab0d2f660 /]# 

3.2 Mount the host directory as a data volume

Syntax: docker run-v/ Host Directory 1:/container directory 1-v/ Host Directory 2:/container directory 2...--name container name mirror name: label
-v can create data volumes in containers, multiple-v can create multiple
Note: The mounted host local directory must be an absolute path, and if the host does not, the directory will be automatically created and altered, as will the container

Create the container centos02 and mount the host's/data1/data2 directory to the container's/data1/data2 directory

[root@docker ~]# docker run -itd -v /data1:/data1 -v /data2:/data2 --name centos02 c
e04e4f382b3ff74396ec3eb2162ca765207e0c4bac8d1f61b45f48aed3c79bb7
[root@docker ~]# docker ps -a
CONTAINER ID   IMAGE      COMMAND       CREATED         STATUS         PORTS     NAM
e04e4f382b3f   centos:7   "/bin/bash"   4 seconds ago   Up 3 seconds             cen
addab0d2f660   centos:7   "/bin/bash"   8 minutes ago   Up 8 minutes             cen
[root@docker ~]# 

Host to see if a mount directory has been created

[root@docker ~]# cd /
[root@docker /]# ls
bin   data1  dev  home  lib64  mnt  proc  run   srv  tmp  var
boot  data2  etc  lib   media  opt  root  sbin  sys  usr

Create files and append content in the host mounted directory

[root@docker /]# cd data1
[root@docker data1]# echo "hell" >> 1.txt
[root@docker data1]# cd /data2
[root@docker data2]# echo "world" >> 2.txt
[root@docker data2]#

Enter the container to see if it is synchronized

[root@docker ~]# docker exec -it centos02 /bin/bash
[root@e04e4f382b3f /]# ls
anaconda-post.log  data1  dev  home  lib64  mnt  proc  run   srv  tmp  var
bin                data2  etc  lib   media  opt  root  sbin  sys  usr
[root@e04e4f382b3f /]# cd /data1
[root@e04e4f382b3f data1]# ls
1.txt
[root@e04e4f382b3f data1]# cat 1.txt
hell
[root@e04e4f382b3f data1]# cd /data2
[root@e04e4f382b3f data2]# ls
2.txt
[root@e04e4f382b3f data2]# cat 2.txt 
world
[root@e04e4f382b3f data2]#

Posted by php.ajax.coder on Mon, 06 Sep 2021 09:09:14 -0700