-
Linux企业应用——Docker(五)之Docker网络
清除所有的不用的镜像、容器、数据卷、网络
dcoekr system prune- 1
一、三种原生网络
[root@k8s2 harbor]# docker network ls NETWORK ID NAME DRIVER SCOPE 696489daaaf3 bridge bridge local daf109ce4ab0 host host local 41928efc6031 none null local- 1
- 2
- 3
- 4
- 5
- 6
- 7
1.bridge桥接模式
• bridge模式下容器没有一个公有ip,只有宿主机可以直接访问,外部主机
是不可见的。
• 容器通过宿主机的NAT规则后可以访问外网。
[root@k8s2 harbor]# docker run -it --rm busybox / # ip addr 1: lo:- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
yum install -y bridge-utils- 1
docker安装时会创建一个名为 docker0 的Linux bridge,新建的容器
会自动桥接到这个接口。[root@k8s2 harbor]# brctl show bridge name bridge id STP enabled interfaces docker0 8000.02425d314189 no [root@k8s2 harbor]# ip addr 1: lo:- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
防火墙策略查看
[root@k8s2 harbor]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (1 references) target prot opt source destination DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-ISOLATION-STAGE-2 (1 references) target prot opt source destination DROP all -- anywhere anywhere RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
[root@k8s2 harbor]# docker run -d --name vm1 nginx 69935dabfb2a1f059b8ed97c7a2da1c58825a7bdc4edc84f79b2e55eff950d99 [root@k8s2 harbor]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 69935dabfb2a nginx "/docker-entrypoint.…" 4 seconds ago Up 3 seconds 80/tcp vm1 [root@k8s2 harbor]# docker inspect vm1|grep Pid "Pid": 11664, "PidMode": "", "PidsLimit": null, [root@k8s2 harbor]# cd /proc/11664 [root@k8s2 11664]# ls attr cmdline environ io mem ns pagemap sched stack task autogroup comm exe limits mountinfo numa_maps patch_state schedstat stat timers auxv coredump_filter fd loginuid mounts oom_adj personality sessionid statm uid_map cgroup cpuset fdinfo map_files mountstats oom_score projid_map setgroups status wchan clear_refs cwd gid_map maps net oom_score_adj root smaps syscall [root@k8s2 11664]# cd ns/ [root@k8s2 ns]# ls ipc mnt net pid user uts- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
docker inspect vm1可查看vm1容器被分配到ip地址
宿主机可以直接访问,但其他主机不能访问[root@k8s2 ns]# curl 172.17.0.2 <!DOCTYPE html>Welcome to nginx!<<span class="token operator">/</span>title> <style> html <span class="token punctuation">{ <!-- --></span> color-scheme: light dark<span class="token punctuation">;</span> <span class="token punctuation">}</span> body <span class="token punctuation">{ <!-- --></span> width: 35em<span class="token punctuation">;</span> margin: 0 auto<span class="token punctuation">;</span> font-family: Tahoma<span class="token punctuation">,</span> Verdana<span class="token punctuation">,</span> Arial<span class="token punctuation">,</span> sans-serif<span class="token punctuation">;</span> <span class="token punctuation">}</span> <<div class="hljs-button signin active" data-title="登录复制" data-report-click="{"spm":"1001.2101.3001.4334"}"></div></code><ul class="pre-numbering" style=""><li style="color: rgb(153, 153, 153);">1</li><li style="color: rgb(153, 153, 153);">2</li><li style="color: rgb(153, 153, 153);">3</li><li style="color: rgb(153, 153, 153);">4</li><li style="color: rgb(153, 153, 153);">5</li><li style="color: rgb(153, 153, 153);">6</li><li style="color: rgb(153, 153, 153);">7</li><li style="color: rgb(153, 153, 153);">8</li><li style="color: rgb(153, 153, 153);">9</li><li style="color: rgb(153, 153, 153);">10</li><li style="color: rgb(153, 153, 153);">11</li><li style="color: rgb(153, 153, 153);">12</li></ul></pre> </div> </div> </li> <li class="list-group-item ul-li"> <b>相关阅读:</b><br> <nobr> <a href="/Article/Index/858827">String的解析</a> <br /> <a href="/Article/Index/1475542">【数值计算方法】矩阵特征值与特征向量的计算(一):Jacobi 旋转法及其Python实现</a> <br /> <a href="/Article/Index/804926">工程实践 穿越CICD那些事</a> <br /> <a href="/Article/Index/754765">LayaBox---TypeScript---Symbols</a> <br /> <a href="/Article/Index/1034788">Mybatis MappedStatement</a> <br /> <a href="/Article/Index/1175369">制作一个简单HTML游戏网页(HTML+CSS)米哈游 1页 带轮播图</a> <br /> <a href="/Article/Index/1097956">每个程序员必须掌握的常用英语词汇</a> <br /> <a href="/Article/Index/1279831">爬虫逆向实战(34)-某视综数据(MD5、AES)</a> <br /> <a href="/Article/Index/1455328">react+video.js h5自定义视频暂停图标</a> <br /> <a href="/Article/Index/946862">iview的表格实现单元格行编辑功能</a> <br /> </nobr> </li> <li class="list-group-item from-a mb-2"> 原文地址:https://blog.csdn.net/energylocked/article/details/127689041 </li> </ul> </div> <div class="col-lg-4 col-sm-12"> <ul class="list-group" style="word-break:break-all;"> <li class="list-group-item ul-li-bg" aria-current="true"> 最新文章 </li> <li class="list-group-item ul-li"> <nobr> <a href="/Article/Index/1484446">攻防演习之三天拿下官网站群</a> <br /> <a href="/Article/Index/1515268">数据安全治理学习——前期安全规划和安全管理体系建设</a> <br /> <a href="/Article/Index/1759065">企业安全 | 企业内一次钓鱼演练准备过程</a> <br /> <a href="/Article/Index/1485036">内网渗透测试 | Kerberos协议及其部分攻击手法</a> <br /> <a href="/Article/Index/1877332">0day的产生 | 不懂代码的"代码审计"</a> <br /> <a href="/Article/Index/1887576">安装scrcpy-client模块av模块异常,环境问题解决方案</a> <br /> <a href="/Article/Index/1887578">leetcode hot100【LeetCode 279. 完全平方数】java实现</a> <br /> <a href="/Article/Index/1887512">OpenWrt下安装Mosquitto</a> <br /> <a href="/Article/Index/1887520">AnatoMask论文汇总</a> <br /> <a href="/Article/Index/1887496">【AI日记】24.11.01 LangChain、openai api和github copilot</a> <br /> </nobr> </li> </ul> <ul class="list-group pt-2" style="word-break:break-all;"> <li class="list-group-item ul-li-bg" aria-current="true"> 热门文章 </li> <li class="list-group-item ul-li"> <nobr> <a href="/Article/Index/888177">十款代码表白小特效 一个比一个浪漫 赶紧收藏起来吧!!!</a> <br /> <a href="/Article/Index/797680">奉劝各位学弟学妹们,该打造你的技术影响力了!</a> <br /> <a href="/Article/Index/888183">五年了,我在 CSDN 的两个一百万。</a> <br /> <a href="/Article/Index/888179">Java俄罗斯方块,老程序员花了一个周末,连接中学年代!</a> <br /> <a href="/Article/Index/797730">面试官都震惊,你这网络基础可以啊!</a> <br /> <a href="/Article/Index/797725">你真的会用百度吗?我不信 — 那些不为人知的搜索引擎语法</a> <br /> <a href="/Article/Index/797702">心情不好的时候,用 Python 画棵樱花树送给自己吧</a> <br /> <a href="/Article/Index/797709">通宵一晚做出来的一款类似CS的第一人称射击游戏Demo!原来做游戏也不是很难,连憨憨学妹都学会了!</a> <br /> <a href="/Article/Index/797716">13 万字 C 语言从入门到精通保姆级教程2021 年版</a> <br /> <a href="/Article/Index/888192">10行代码集2000张美女图,Python爬虫120例,再上征途</a> <br /> </nobr> </li> </ul> </div> </div> </div> <!-- 主体 --> <!--body结束--> <!--这里是footer模板--> <!--footer--> <nav class="navbar navbar-inverse navbar-fixed-bottom"> <div class="container"> <div class="row"> <div class="col-md-12"> <div class="text-muted center foot-height"> Copyright © 2022 侵权请联系<a href="mailto:2656653265@qq.com">2656653265@qq.com</a> <a href="https://beian.miit.gov.cn/" target="_blank">京ICP备2022015340号-1</a> </div> <div style="width:300px;margin:0 auto; padding:0px 5px;"> <a href="/regex.html">正则表达式工具</a> <a href="/cron.html">cron表达式工具</a> <a href="/pwdcreator.html">密码生成工具</a> </div> <div style="width:300px;margin:0 auto; padding:5px 0;"> <a target="_blank" href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=11010502049817" style="display:inline-block;text-decoration:none;height:20px;line-height:20px;"> <img src="" style="float:left;" /><p style="float:left;height:20px;line-height:20px;margin: 0px 0px 0px 5px; color:#939393;">京公网安备 11010502049817号</p></a> </div> </div> </div> </div> </nav> <!--footer--> <!--footer模板结束--> <script src="/js/plugins/jquery/jquery.js"></script> <script src="/js/bootstrap.min.js"></script> <!--这里是scripts模板--> <!--scripts模板结束--> </body> </html>
