Detailed Docker Network for kubernetes

Container Network Details

Virtual Network Type

  • Common network types for virtualization (virtual bridged networks)

    • Isolation bridge: 127.0.0.1
    • Host Bridge Only: No external communication
    • Router Bridge: Can be sent by nat, but cannot
    • NAT Bridge: NAT Connection Tracking for communication between host and external
  • Common network types for docker
    • Bridge network: bridge, docker0 for NAT
    • Federated Networks: Shared NET, IPC, UTS
    • Host network: Container shared host network
    • none network: closed network

Four types of docker network practice

  • none closed network: only lo network card, nothing else
[root@centos7-node1 ~]# docker run --name tinyweb2 -it --rm --network none wanghui122725501/myimg:v0.4 /bin/sh
/ # ifconfig -a
lo Link encap:Local Loopback  
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
  • Bridge: The default network is also bridge
[root@centos7-node1 ~]# docker run --name tinyweb2  -d --network bridge wanghui122725501/myimg:v0.4
[root@centos7-node1 ~]# docker exec -it tinyweb2    /bin/sh
/ # ifconfig -a
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:07  
          inet addr:172.17.0.7 Bcast:172.17.255.255 Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback  
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
  • Federated network: Host name, IP
[root@centos7-node1 ~]# docker run --name joinedc1 -it --rm --network container:tinyweb2 wanghui122725501/myimg:v0.4 /bin/sh 
/ # ifconfig 
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:07  
          inet addr:172.17.0.7 Bcast:172.17.255.255 Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback  
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
  • Host network: Share all host network cards
[root@centos7-node1 ~]# docker run --name tintweb3 -it --rm --network host wanghui122725501/myimg:v0.4 /bin/sh
/ # ifconfig
/data/web # /bin/httpd -h /data/web/html/

Host ip can be accessed directly to get corresponding results

docker other network parameters

  • Specify the hostname of the docker: use -h or --hostname
[root@centos7-node1 ~]# docker run --name bbox2 -it --rm --hostname mybbox2.cropy.cn busybox
/ # hostname 
mybbox2.cropy.cn
  • Increase hosts hostname resolution (--add-host can be used multiple times)
[root@centos7-node1 ~]# docker run --name bbox3 -it --rm --add-host bbox3.cropy.cn:172.17.0.10 --add-host gw.cropy.cn:172.17.0.1 busybox 
/ # ifconfig 
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:06  
          inet addr:172.17.0.6 Bcast:172.17.255.255 Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:7 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:586 (586.0 B) TX bytes:0 (0.0 B)

lo Link encap:Local Loopback  
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:65536 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.10 bbox3.cropy.cn
  • Increase DNS injection (--dns,--dns-search)
[root@centos7-node1 ~]# docker run --name bbox3 -it --rm --add-host bbox3.cropy.cn:172.17.0.10 --add-host gw.cropy.cn:172.17.0.1 --dns 172.17.0.1 --dns 114.114.114.114 --dns-search cropy.cn busybox
/ # cat /etc/resolv.conf 
search cropy.cn
nameserver 172.17.0.1
nameserver 114.114.114.114

Port Mapping

  • Mapping in non-docker environments
iptables -t nat -A PREROUTING -d GW_IP  -p tcp|udp --dport 10080 -j DNAT --to-destination BE_server_IP:port
  • EXPOSE(docker port publishing): -p option

  • Format for using the -p option
    • -p < containerPort>: Map the specified container port to any port of the host
    • -p < hostPort>:< containerPort>: Map container ports to specified ports of the host machine in which they reside
    • -p < ip>:< containerPort>: Map the port of the specified container to the dynamic port of the specified IP of the host.
    • -p < ip>:< hostPort>:< containerPort>: Map the port of the specified container to the specified port of the specified IP of the host.

Example

[root@centos7-node1 ~]# docker run --name mytinyweb3 -d --network bridge -p 80 wanghui122725501/myimg:v0.4    #Random Port Mapping
[root@centos7-node1 ~]# docker port mytinyweb3    #View mapping details (iptables-t nat-vnL is also possible)
80/tcp -> 0.0.0.0:32768
[root@centos7-node1 ~]# docker kill mytinyweb3 && docker rm mytinyweb3    
[root@centos7-node1 ~]# docker run --name mytinyweb3 -d --rm --network bridge -p 80:80 wanghui122725501/myimg:v0.4   #Specify Port Mapping
[root@centos7-node1 ~]# docker run --name mytinyweb3 -d  --network bridge -p 192.168.56.11::80 wanghui122725501/myimg:v0.4 
[root@centos7-node1 ~]# docker kill mytinyweb3 && docker rm mytinyweb3      
[root@centos7-node1 ~]# docker run --name mytinyweb3 -d  --network bridge -p 192.168.56.11:80:80 wanghui122725501/myimg:v0.4
[root@centos7-node1 ~]# docker kill mytinyweb3 && docker rm mytinyweb3    
[root@centos7-node1 ~]# docker run --name mytinyweb3 -d --network bridge -p 80:80 -p 443:443 wanghui122725501/myimg:v0.4   #Multiport Mapping

docker network operation

  • Common Commands
[root@centos7-node1 ~]# docker network --help
Usage:  docker network COMMAND
Manage networks
Commands:
  connect     Connect a container to a network
  create      Create a network
  disconnect  Disconnect a container from a network
  inspect     Display detailed information on one or more networks
  ls          List networks
  prune       Remove all unused networks
  rm          Remove one or more networks
  • Practice Operations
[root@centos7-node1 ~]# docker info | grep Network    #Network types that can support creation
  Network: bridge host ipvlan macvlan null overlay
[root@centos7-node1 ~]# docker network create --subnet 10.10.0.0/24 mybr0    #Create mybr0 network
[root@centos7-node1 ~]# docker run --name mytinyweb3 -it --network mybr0 -p 80 -p 443 wanghui122725501/myimg:v0.4 /bin/sh    #Create container and view ip    
/ # ifconfig 
eth0      Link encap:Ethernet  HWaddr 02:42:0A:0A:00:02  
          inet addr:10.10.0.2  Bcast:10.10.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:12 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1032 (1.0 KiB)  TX bytes:0 (0.0 B)
[root@centos7-node1 ~]# docker network connect bridge mytinyweb3    #Open a separate terminal and connect mytinyweb3 to the bridge (docker0: 172.17.0.0) network
/ # ifconfig    #Looking at the network, mytinyweb3 has two network cards
eth0      Link encap:Ethernet  HWaddr 02:42:0A:0A:00:02  
          inet addr:10.10.0.2  Bcast:10.10.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:656 (656.0 B)  TX bytes:0 (0.0 B)

eth1      Link encap:Ethernet  HWaddr 02:42:AC:11:00:06  
          inet addr:172.17.0.6  Bcast:172.17.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:656 (656.0 B)  TX bytes:0 (0.0 B)
[root@centos7-node1 ~]# docker network disconnect bridge mytinyweb3   #Remove the bridge network card from mytinyweb3
[root@centos7-node1 ~]# docker kill mytinyweb3 && docker rm mytinyweb3
[root@centos7-node1 ~]# docker network rm mybr0
  • Modify the address of the default docker0 bridge by setting bip
[root@centos7-node1 ~]# vim /etc/docker/daemon.json 
{
  "bip": "172.31.0.1/16",
  "registry-mirrors": ["https://0b8hhs68.mirror.aliyuncs.com"],
  "storage-driver": "overlay2",
  "graph":"/data/docker",
  "storage-opts": [
    "overlay2.override_kernel_check=true"
  ]
}
[root@centos7-node1 ~]# systemctl restart docker
[root@centos7-node1 ~]# ifconfig 
docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.31.0.1  netmask 255.255.0.0  broadcast 172.31.255.255

Tags: Linux network Docker DNS iptables

Posted on Tue, 02 Jun 2020 20:14:20 -0400 by dustbuster