By

文章目录
  1. 1. docker网络配置
    1. 1.1. 自定义网桥
    2. 1.2. 路由配置
    3. 1.3. 参考链接

docker网络配置

为了实现容器到容器和容器到宿主机之间的通信,Docker本身就已经提供了几种解决方案。当Docker进程启动之后,它会配置一个虚拟的网桥叫docker0在宿主机上,实际上是 Linux 的一个 bridge。这个接口允许Docker去分配虚拟的子网给即将启动的容器们。这个网桥在容器内的网络和宿主机网络之间将作为接口的主节点。
Docker容器启动后,随机分配一个本地未占用的私有网段(在 RFC1918 中定义)中的一个地址给 docker0 接口。比如典型的 172.17.42.1,掩码为 255.255.0.0。
docker启动后的网络情况通过 ip addr查看。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether 00:50:56:82:b1:f1 brd ff:ff:ff:ff:ff:ff
    inet 10.215.136.231/23 brd 10.215.137.255 scope global ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe82:b1f1/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
    link/ether 52:54:00:c1:41:a1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 1000
    link/ether 52:54:00:c1:41:a1 brd ff:ff:ff:ff:ff:ff
16: br-guest: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether 36:eb:f8:1e:16:82 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 scope global br-guest
       valid_lft forever preferred_lft forever
    inet6 fe80::9048:7bff:febc:7ab4/64 scope link 
       valid_lft forever preferred_lft forever
33: veth173b178@if32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest state UP 
    link/ether 36:eb:f8:1e:16:82 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::34eb:f8ff:fe1e:1682/64 scope link 
       valid_lft forever preferred_lft forever

查看系统路由情况 route

1
2
3
4
5
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         localhost       0.0.0.0         UG    100    0        0 ens160
10.215.136.0    0.0.0.0         255.255.254.0   U     100    0        0 ens160
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-guest
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

自定义网桥

如果默认的网络地址与宿主网络有冲突,例如宿主的内网地址也是172.17.0.0网段,为了避免路由冲突,就需要手动设置网络桥接。
docker network ls 命令可以看到docker内置的三种network 默认下使用bridge.

1
2
3
4
NETWORK ID          NAME                DRIVER              SCOPE
72d22cad7fc5        bridge              bridge              local
cc516d0d2760        host                host                local
13f4ac8ecbf7        none                null                local

docker network inspect bridge 命令可以审查每个网络的使用情况

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
[
    {
        "Name": "bridge",
        "Id": "72d22cad7fc536005536cecfcccdbe37cd04a918de2a9f94a10625d99dfd02ba",
        "Created": "2017-09-20T18:04:05.999309984+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "192.168.1.0/24",
                    "Gateway": "192.168.1.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "692820549d464879576132739a99261cc2a1e71057e29d1c73a1fa7b1073a76e": {
                "Name": "gitlab_web_1",
                "EndpointID": "1309570071aa438e533e3353a19945b7f8ce94a99d49d0346dfc70223035e294",
                "MacAddress": "02:42:c0:a8:01:02",
                "IPv4Address": "192.168.1.2/24",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "br-guest",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

停止docker容器

1
systemctl stop docker

停止docker默认网桥并删除

1
2
3
brctl show
sudo ip link set dev docker0 down
sudo brctl delbr docker0

自定义网桥分配IP

1
2
3
sudo brctl addbr bridge0
sudo ip addr add 192.168.1.1/24 dev bridge0
sudo ip link set dev bridge0 up

查看是否配置成功

1
ip addr show bridge0

修改docker服务文件,默认桥接到创建的网桥上

1
2
3
vi /etc/systemd/system/docker.service
# 在ExecStart后添加-b参数
ExecStart=/usr/bin/dockerd -b=br-guest

重启docker服务

1
systemctl restart docker

docker服务启动后,可以通过 docker network inspect 检查容器是否采用了新配置的网桥

路由配置

如果网桥配置后路由仍无法访问,需要手动添加路由。将内网访问全部通过宿主网络连接。

1
sudo route add -net 172.17.0.0 netmask 255.255.224.0 gw 10.215.136.2  dev ens160

参考链接

docker网络配置

docker
dockergitlab
文章目录
  1. 1. docker网络配置
    1. 1.1. 自定义网桥
    2. 1.2. 路由配置
    3. 1.3. 参考链接