docker container network
Docker automatically provides three networks after installation and can be viewed using the docker network ls command
[root@localhost ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 9692fae45042 bridge bridge local cd5368439dc0 host host local c49a1db81682 none null local
Docker uses a Linux bridge to virtual a Docker container bridge (docker0) on the host machine. When Docker starts a container, it assigns the container an IP address, called Container-IP, based on the segment of the Docker bridge, and the Docker bridge is the default gateway for each container. Because containers within the same host are connected to the same network bridge, direct communication between containers is possible through Container-IP of the container.
docker Four network modes for Network mode To configure Explain host –network host Container and host sharing Network namespace container –network container:NAME_OR_ID Container is shared with another container Network namespace none –network none Containers have separate Network namespace, But there are no network settings for it, such as assignments veth pair Connect to bridges, configure IP etc. bridge –network bridge Default mode
bridge mode
When the Docker process starts, a virtual network bridge named docker0 is created on the host, and the Docker container started on the host connects to the virtual network bridge. Virtual bridges work like physical switches so that all containers on the host are connected to a two-tier network through the switches.
Assign an IP from the docker0 subnet to the container for use, and set the IP address of the docker0 as the default gateway for the container. Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container, named eth0 (the container's network card), and the other end in the host, named vethxxx after a similar name, and adds this network device to the docker0 bridge. You can view it through the brctl show command.
The bridge mode is the docker's default network mode, and the Write-no-network parameter is the bridge mode. When using docker run-p, docker actually makes DNA T rules in iptables to implement port forwarding. You can view it using iptables-t nat-vnL.
The bridge pattern is shown below:
Assuming that nginx is running in docker2 above, let's think about a few questions:
Is direct communication possible between two containers on the same host? For example, can you directly access the nginx site of docker2 on docker1?
Can I directly access the nginx site of docker2 on the host machine?
How do I access this nginx site on node1 on another host? DNA T release?
Docker bridges are virtual hosts, not real network devices, and external networks are inaccessible, which also means that external networks cannot access containers through direct Container-IP. If the container wants external access to be accessible, it can be enabled by mapping the container port to the host host host (port mapping), that is, docker run creates the container with the -p or -P parameter and accesses the container with [host IP]: [container port].
container mode
This pattern specifies that the newly created container and an existing container share a Network Namespace instead of sharing it with the host. The newly created container does not create its own network card, configure its own IP, but shares IP, port range, and so on with a specified container. Similarly, the two containers are isolated except for network aspects, such as file systems, process lists, and so on. The processes of the two containers can communicate through the lo network card device.
The container pattern is shown in the following figure:
host mode
If the host mode is used when starting a container, the container will not get a separate Network Namespace but will share a Network Namespace with the host. Containers will not virtual out their own network cards, configure their own IP, etc., but use the host's IP and port. However, other aspects of the container, such as the file system, process list, and so on, are isolated from the host.
Containers using host mode can communicate with the outside world directly using the host's IP address. Service ports inside the container can also use the host's port without NAT. The most advantage of hosts is that network performance is better, but ports already used on docker host can no longer be used and network isolation is poor.
The Host mode is shown in the following figure:
none mode
Using none mode, the Docker container has its own Network Namespace, but no network configuration is made for the Docker container. That is, this Docker container does not have network card, IP, routing, etc. We need to add network cards, configure IP, etc. for the Docker container ourselves.
In this network mode, the container has only lo loopback network and no other network card. The none mode can be specified at container creation through the network none. This type of network can not be connected to the network, and a closed network can very well ensure the security of the container.
Scenarios:
Start a container to process data, such as converting data formats
Some background computing and processing tasks
The none mode is shown in the following figure:
docker network inspect bridge #View detailed configuration of bridge network
[root@master ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE yanghaixx/nginx v2 8253e25bc4b2 23 hours ago 578MB yanghaixing/nginx v2 6f752f0c3901 24 hours ago 578MB yanghaixx/nginx v1 92ae4e6e225f 24 hours ago 578MB centos latest 5d0da3dc9764 2 months ago 231MB [root@master ~]# docker run -idt --name nginx88 -p 80:80 yanghaixx/nginx:v2 51aaf85a9bf3020e313bca7cf260b320b6e3217b837440f098e6b64bec85d689 [root@master ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 51aaf85a9bf3 yanghaixx/nginx:v2 "/usr/local/nginx/sb..." 5 seconds ago Up 4 seconds 0.0.0.0:80->80/tcp, :::80->80/tcp nginx88 f55f9bcc090a centos "/bin/bash" 24 hours ago Up 24 hours web [root@master ~]# docker run -it --name mysql --network container:51aaf85a9bf3 centos:latest /bin/bash [root@51aaf85a9bf3 /]# ls /usr/src/ debug kernels mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz [root@51aaf85a9bf3 /]# yum -y install which numactl-libs ncurses-compat-libs libaio.x86_64 libaio-devel.x86_64 Failed to set locale, defaulting to C.UTF-8 CentOS Linux 8 - AppStream 7.3 MB/s | 8.2 MB 00:01 CentOS Linux 8 - BaseOS 4.1 MB/s | 3.5 MB 00:00 CentOS Linux 8 - Extras 6.5 kB/s | 10 kB 00:01 Dependencies resolved. ====================================================================================================================================== Package Architecture Version Repository Size ====================================================================================================================================== Installing: libaio x86_64 0.3.112-1.el8 baseos 33 k libaio-devel x86_64 0.3.112-1.el8 baseos 19 k ncurses-compat-libs x86_64 6.1-9.20180224.el8 baseos 328 k numactl-libs x86_64 2.0.12-13.el8 baseos 36 k which x86_64 2.21-16.el8 baseos 49 k Upgrading: ncurses-base noarch 6.1-9.20180224.el8 baseos 81 k ncurses-libs x86_64 6.1-9.20180224.el8 baseos 334 k Transaction Summary ====================================================================================================================================== Install 5 Packages Upgrade 2 Packages Total download size: 880 k Downloading Packages: (1/7): libaio-devel-0.3.112-1.el8.x86_64.rpm 156 kB/s | 19 kB 00:00 (2/7): libaio-0.3.112-1.el8.x86_64.rpm 249 kB/s | 33 kB 00:00 (3/7): numactl-libs-2.0.12-13.el8.x86_64.rpm 537 kB/s | 36 kB 00:00 (4/7): which-2.21-16.el8.x86_64.rpm 738 kB/s | 49 kB 00:00 (5/7): ncurses-compat-libs-6.1-9.20180224.el8.x86_64.rpm 1.3 MB/s | 328 kB 00:00 (6/7): ncurses-base-6.1-9.20180224.el8.noarch.rpm 1.1 MB/s | 81 kB 00:00 (7/7): ncurses-libs-6.1-9.20180224.el8.x86_64.rpm 2.7 MB/s | 334 kB 00:00 -------------------------------------------------------------------------------------------------------------------------------------- Total 1.2 MB/s | 880 kB 00:00 warning: /var/cache/dnf/baseos-f6a80ba95cf937f2/packages/libaio-0.3.112-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY CentOS Linux 8 - BaseOS 1.6 MB/s | 1.6 kB 00:00 Importing GPG key 0x8483C65D: Userid : "CentOS (CentOS Official Signing Key) <security@centos.org>" Fingerprint: 99DB 70FA E1D7 CE22 7FB6 4882 05B5 55B3 8483 C65D From : /etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Upgrading : ncurses-base-6.1-9.20180224.el8.noarch 1/9 Installing : libaio-0.3.112-1.el8.x86_64 2/9 Installing : libaio-devel-0.3.112-1.el8.x86_64 3/9 Installing : ncurses-compat-libs-6.1-9.20180224.el8.x86_64 4/9 Upgrading : ncurses-libs-6.1-9.20180224.el8.x86_64 5/9 Installing : which-2.21-16.el8.x86_64 6/9 Installing : numactl-libs-2.0.12-13.el8.x86_64 7/9 Running scriptlet: numactl-libs-2.0.12-13.el8.x86_64 7/9 Cleanup : ncurses-libs-6.1-7.20180224.el8.x86_64 8/9 Cleanup : ncurses-base-6.1-7.20180224.el8.noarch 9/9 Running scriptlet: ncurses-base-6.1-7.20180224.el8.noarch 9/9 Verifying : libaio-0.3.112-1.el8.x86_64 1/9 Verifying : libaio-devel-0.3.112-1.el8.x86_64 2/9 Verifying : ncurses-compat-libs-6.1-9.20180224.el8.x86_64 3/9 Verifying : numactl-libs-2.0.12-13.el8.x86_64 4/9 Verifying : which-2.21-16.el8.x86_64 5/9 Verifying : ncurses-base-6.1-9.20180224.el8.noarch 6/9 Verifying : ncurses-base-6.1-7.20180224.el8.noarch 7/9 Verifying : ncurses-libs-6.1-9.20180224.el8.x86_64 8/9 Verifying : ncurses-libs-6.1-7.20180224.el8.x86_64 9/9 Upgraded: ncurses-base-6.1-9.20180224.el8.noarch ncurses-libs-6.1-9.20180224.el8.x86_64 Installed: libaio-0.3.112-1.el8.x86_64 libaio-devel-0.3.112-1.el8.x86_64 ncurses-compat-libs-6.1-9.20180224.el8.x86_64 numactl-libs-2.0.12-13.el8.x86_64 which-2.21-16.el8.x86_64 Complete! [root@51aaf85a9bf3 /]# useradd -r -M -s /sbin/nologin mysql [root@51aaf85a9bf3 /]# id mysql uid=998(mysql) gid=996(mysql) groups=996(mysql) [root@51aaf85a9bf3 /]# tar xf /usr/src/mysql-5.7.34-linux-glibc2.12-x86_64.tar.gz -C /usr/local/ [root@51aaf85a9bf3 /]# cd /usr/local/ [root@51aaf85a9bf3 local]# ls bin etc games include lib lib64 libexec mysql-5.7.34-linux-glibc2.12-x86_64 sbin share src [root@51aaf85a9bf3 local]# ln -sv mysql-5.7.34-linux-glibc2.12-x86_64 mysql 'mysql' -> 'mysql-5.7.34-linux-glibc2.12-x86_64' [root@51aaf85a9bf3 local]# chown -R mysql.mysql mysql* [root@51aaf85a9bf3 local]# ls -l total 0 drwxr-xr-x. 2 root root 6 Nov 3 2020 bin drwxr-xr-x. 2 root root 6 Nov 3 2020 etc drwxr-xr-x. 2 root root 6 Nov 3 2020 games drwxr-xr-x. 2 root root 6 Nov 3 2020 include drwxr-xr-x. 2 root root 6 Nov 3 2020 lib drwxr-xr-x. 3 root root 17 Sep 15 14:17 lib64 drwxr-xr-x. 2 root root 6 Nov 3 2020 libexec lrwxrwxrwx. 1 mysql mysql 35 Dec 3 16:50 mysql -> mysql-5.7.34-linux-glibc2.12-x86_64 drwxr-xr-x. 9 mysql mysql 129 Dec 3 16:50 mysql-5.7.34-linux-glibc2.12-x86_64 drwxr-xr-x. 2 root root 6 Nov 3 2020 sbin drwxr-xr-x. 5 root root 49 Sep 15 14:17 share drwxr-xr-x. 2 root root 6 Nov 3 2020 src [root@51aaf85a9bf3 local]# echo "export PATH=/usr/local/mysql/bin:$PATH" > /etc/profile.d/mysql.sh [root@51aaf85a9bf3 local]# bash [root@51aaf85a9bf3 local]# which mysql /usr/local/mysql/bin/mysql [root@51aaf85a9bf3 local]# mkdir /opt/data [root@51aaf85a9bf3 local]# chown -R mysql.mysql /opt/data [root@51aaf85a9bf3 local]# ls -l /opt/ total 0 drwxr-xr-x. 2 mysql mysql 6 Dec 3 16:50 data [root@51aaf85a9bf3 local]# /usr/local/mysql/bin/mysqld --initialize-insecure --user=mysql --datadir=/opt/data 2021-12-03T16:51:14.212919Z 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details). 2021-12-03T16:51:14.436407Z 0 [Warning] InnoDB: New log files created, LSN=45790 2021-12-03T16:51:14.467479Z 0 [Warning] InnoDB: Creating foreign key constraint system tables. 2021-12-03T16:51:14.532592Z 0 [Warning] No existing UUID has been found, so we assume that this is the first time that this server has been started. Generating a new UUID: 3a1b3094-5459-11ec-bb57-0242ac110003. 2021-12-03T16:51:14.534006Z 0 [Warning] Gtid table is not ready to be used. Table 'mysql.gtid_executed' cannot be opened. 2021-12-03T16:51:15.239785Z 0 [Warning] CA certificate ca.pem is self signed. 2021-12-03T16:51:15.425008Z 1 [Warning] root@localhost is created with an empty password ! Please consider switching off the --initialize-insecure option. [root@51aaf85a9bf3 local]# vi /etc/my.cnf [root@51aaf85a9bf3 local]# vi /usr/local/mysql/support-files/mysql.server [root@51aaf85a9bf3 local]# /usr/local/mysql/support-files/mysql.server start Starting MySQL.Logging to '/opt/data/mysql.err'. SUCCESS! [root@51aaf85a9bf3 local]# ss -anlt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:80 0.0.0.0:* LISTEN 0 80 *:3306 *:*