Article catalog
1, Task description
1. Learn about Docker container network and how to configure basic network, including how to create network namespace, bind interface to bridge, port mapping, etc.
2. Learn about Docker advanced network configuration.
2, Network connection tool CRT required
3, Task implementation
1. Configure container network
(1) Start a / bin/bash container and specify the - net=none parameter.
docker run -i -t --rm --net=none nginx /bin/bash
All subsequent operations are performed in the clone session window
(2) Find the process ID of the container on the local host and create a network namespace for it.
docker inspect -f '{{.State.Pid}}' <370ddb764dc8,container ID> pid=1881 #The number is the process ID of the container mkdir -p /var/run/netns #Create a file ln -s /proc/$pid/ns/net /var/run/netns/$pid
(3) Check the IP and subnet mask information of the network card.
ip addr show docker0
(4) Create A pair of veth pair interfaces A and B, bind A to the bridge docker0, and enable.
ip link add A type veth peer name B #Create A pair of veth pair interfaces A and B yum install bridge-utils #Install bridge tools brctl addif docker0 A #Bind A to bridge docker0 ip link set A up #Enable network card A
(5) Place B in the container's network namespace, named eth0, start it and configure an available IP (bridge segment) and default gateway.
ip link set B netns $pid ip netns exec $pid ip link set dev B name eth0 ip netns exec $pid ip link set eth0 up ip netns exec $pid ip addr add 172.17.0.1/16 dev eth0 #The IP address here is the address of docker0 ip netns exec $pid ip route add default via 172.17.0.1
2. Access containers through port mapping
(1) Map all interface addresses.
docker run -d -p 5000:5000 training/webapp python app.py
(2) The specified port mapped to the specified address.
docker run -d -p 127.0.0.1:5001:5000 training/webapp python app.py
(3) Any port mapped to the specified address.
docker run -d -p 127.0.0.1::5000 training/webapp python app.py
docker run -d -p 127.0.0.1:5002:5000/udp training/webapp python app.py #Using udp tags to tag udp ports
Here's the udp tag
(4) View the mapping port configuration.
docker port <27e9654fb881,container ID> 5000 docker run -d -p 5003:5000 -p 3000:80 training/webapp python app.py #The container has its own internal network and IP address. You can use the "- p" tag multiple times to bind multiple ports
3. Configure container interconnection
(1) Custom container name.
docker run -d -P --name Web training/webapp python app.py #Keep in mind that containers do not conflict docker ps -l #Use docker ps -l to verify the set name docker inspect -f "{{.Name}}" <29fed0a98a33,container ID> #View the modified name of the container
(2) Container interconnection.
docker run -d --name db training/postgres #Create a new database container docker rm -f Web #Delete the previously created web container docker run -d -P --name Web --link db:db training/webapp python app.py #Then create a new web container and connect it to the db container docker run --rm --name Web2 --link db:db training/webapp env #Use the env command to view the environment variables of the web container docker run -t -i --rm --link db:db training/webapp /bin/bash //After entering the container cat /etc/hosts ping db
4. Create a point-to-point connection
(1) Create a point-to-point connection.
- Start two containers, clone two session boxes, three session boxes in total
docker run -i -t --rm --net=none training/webapp /bin/bash
- Locate the process number and create a trace file for the network namespace
docker inspect -f '{{.State.Pid}}' <container ID>
- Create a pair of peer interfaces and configure the route
mkdir -p /var/run/netns ln -s /proc/<Container process number 1>/ns/net /var/run/netns/<Container process number 1> ln -s /proc/<Container process number 2>/ns/net /var/run/netns/<Container process number 2> ip link add C type veth peer name D ip link set C netns <Container process number 1> ip netns exec <Container process number 1> ip addr add 10.1.1.1/32 dev C ip netns exec <Container process number 1> ip link set C up ip netns exec <Container process number 1> ip route add 10.1.1.2/32 dec C ip link set C netns <Container process number 2> ip netns exec <Container process number 2> ip addr add 10.1.1.1/32 dev D ip netns exec <Container process number 2> ip link set D up ip netns exec <Container process number 2> ip route add 10.1.1.2/32 dec D
- Container 1: ping 10.1.1.2
- Container 2: ping 10.1.1.1
- The two containers can ping each other