Docker's third move - network, network communication, container volume, communication volume

1, Docker network mode

Container network
docker0 network
Virtual gateway of docker container
Loopback: whether the loopback network card and TCP/IP network card are effective
virtual bridge: linux
The white body inherits a virtualization function (kvm Architecture) and is a virtualization platform of the original architecture. After installing a virtualization platform, the system will be installed automatically
Install virtual network card
(example: after installing workstation, VMnet1 VMnet8 vmnet0 will be added to the network adapter)
docker 0: the gateway of the container, which binds the physical network card and is responsible for NAT address translation and port mapping
docker 0 itself is a container

Docker has four modes:
1. Host mode
The host container will not virtualize its own card, configure its own IP, etc., but use the IP and port of the host
If the host mode is used when starting the container, the container will not get a separate Network
Namespace, but shares a Network Namespace with the host. The container will not virtualize its own network card,
Configure your own IP, etc. instead, you will use the IP and port of the host. However, other aspects of the container, such as file system, access
The process list is also isolated from the host.
The container using host mode can directly use the IP address of the host to communicate with the outside world, and the service port inside the container can also be used
To use the port of the host, NAT is not required. The biggest advantage of host is that the network performance is relatively good, but docker
The port already used on the host can no longer be used, and the network isolation is not good.

2. container mode
The container created by container will not create its own network card, set IP, etc., but share IP with a specified container
Port range
This pattern specifies that the newly created container and an existing container share a network namespace instead of sharing a network namespace with each other
Host sharing. The newly created container will not create its own network card and configure its own IP, but share with a specified container
Enjoy IP, port range, etc. Similarly, the two containers are isolated except for the network aspects, such as file system and process list
of ( ⭐⭐⭐⭐⭐ The processes of the two containers can communicate through lo0 network card devices)

3. None mode: this mode turns off the network function of the container
In this network mode, the container has only lo loopback network port and no other network card. The none mode can be used when the container is created
-The network=none parameter specifies
This type of network can not be networked, but the closed network can well ensure the security of the container.

4. Bridge mode:
This mode assigns and sets IP for each container, connects the container to a docker virtual bridge, and communicates with the host through docker 0 bridge and iptables nat table configuration
When the Docker process starts, a virtual bridge named docker0 will be created on the host, and the Docker container started on the host will be connected to the virtual bridge. The working mode of the virtual bridge is similar to that of the physical switch, so that all containers on the host can be connected to a layer-2 network through the switch.
Assign an IP to the container from the docker0 subnet, and set the IP address of docker0 as the default gateway of the container. Create a pair of virtual network card veth pair devices on the host. Docker places one end of the veth pair device in the newly created container and names it etho (network card of the container) , the other end is placed in the host, named after vethxxx, and the network device is added to the docker0 bridge. You can view it through the brctl show command.
Bridge mode is the default network mode of docker. If you do not write the - net parameter, it is the bridge mode. When you use docker run -p, docker actually makes DNAT rules in iptables to realize the port forwarding function. You can use jptables. -t nat -vnL to view it.

2, docker custom network

View network list

docker network ls

View container IP

docker inspect   Container worker D

View container information (including configuration, environment, gateway, mount, cmd, etc.)

docker inspect   container ID

Custom network fixed IP

docker network create --subnet= mynetwork    #Define network, default bridge
docker run -itd --name centos-v2 --net mynetwork --ip centos:7 /bin/bash #Specify IP 

Exposed port

docker pull nginx   download nginx 
docker run -itd nginx:latest /bin/bash       Run container
docker run -itd -p 444:80 nginx /bin/bash    open nginx Specify port

docker exec e3f6c5f03f79 nginx    Execute the container command and run nginx 
Format: docker exec       container ID/container Name   Execute command

docker run  -itd -P nginx /bin/bash     -P Random port range: 49153-65535
docker exec 4212da198593 nginx         function nginx

docker run -d -p 5555:80 nginx   #Create a container and specify the port to start nginx

Files from the host are passed into the container
docker cp /opt/abc container id:/opt/abc

Did you enter the container systemctl Command resolution:add to --privileged=true(Specifies whether this container is a privileged container), which cannot be used if this parameter is used attach
docker run -itd --name centos-systemd --privileged=true centos:7 /sbin/init 
docker exec -it centos-systemd  /bin/bash         Go in the container
yum install httpd 
systemctl status httpd 

docker inspect d2d6395f1f9d 

3, Docker data management

Data management operations
● it is convenient to view the data generated in the container
● data sharing among multiple containers

Two management methods
● data volume
● data volume container

Data sharing (purpose)
① Data sharing between host and container
② Data sharing between containers

docker data volume

A data volume is a special directory that provides container usage

The host directory / var/www mounts / data1 in the container and / var / HTML mounts / data2 in the container

docker run -it -v /var/www:/data1 -v /var/html:/data2  --name centos-v1 centos:7 /bin/bash

Application scenario
 principle:Mount the configuration file directory inside the container to the specified directory of the host
1.Modify the configuration file, for example, nginx.conf /usr/local/nginx/conf/nginx.conf==>/container_nginx/conf/nginx.conf

2.Log collection generated inside the container
 Mount the directory where the log files are stored in the container to the specified directory of the host/container_nginx/log/access_log/access_log

3.Incoming variable
 Mount to the host, add the variable content on the host, and put the variable into the shared directory,
In container/etc/profile Just load it directly
export xxdir=/data/data1/xx.

Data volume container

The data volume container is an ordinary container
Mount the data volume in the web container to the new container

Principle: let two containers share data
For example, if you want to communicate between php and mysql, use the socket communication file

Data volume container
docker run -name web1 -v /data1 -v /data2 -it centos:7 /bin/bash 
 New container mount data volume container web2
 docker run -it --volumes-from web1 --name web2 centos:7 /bin/bash

Container interconnection (using centos image)

docker run -itd -P --name web1 centos /bin/bash   
Create and run container naming web1,Automatic port number mapping
docker run -itd -P --name web2 --link web1:web1 centos /bin/bash
 Create and run container naming web2,link to web1 Communicate with it

enter web2 container ping web1
docker exec -it web2 /bin/bash
yum install -y net-tools 
Opening a terminal
docker exec -it web1 /bin/bash 
root@8cf42e85b562 /]# yum install -y net-tools 

Tags: Linux Operation & Maintenance Docker

Posted on Wed, 15 Sep 2021 02:11:39 -0400 by websesame