1
概 述
Docker 容器启动的时候,使用默认的 bridge 网络是不支持指派固定 IP 的;
每次Docker 容器重启时,会按照顺序获取对应的IP 地址,这个就导致重启Docker, 容器的IP 地址会发生变化;
虽然可以通过创建自定义网络在启动容器时指定 IP , 但此问题不在本文章中阐述。
本文讲述的是 docker-compose 通过服务名或者别名连接容器服务的原理以及分析,其中主要涉及到 netfilter/iptables 防火墙,evth- pair 技术,DNS 等技术,由于 Docker 容器网络非常之复杂,本文不会对 docker 之外的技术以及 docker 无关本文的其它技术进行过多介绍。
2
Docker五种网络模式介绍
3
veth-pair技术
图1 veth-pair
网桥是一种对帧转发的技术,工作在 OSI 七层模型中的第二层(数据链路层),在数据链路层使用 MAC 地址转发数据。
veth pair 是成对出现的一种虚拟网络设备接口,一端连着网络协议栈,一端彼此相连,如图1;正因为有这个特性,它充当着一个桥梁,连接着各种虚拟网络设备,常被用于构建虚拟网络拓扑。
4
Docker DNS实现
*nat
:PREROUTING ACCEPT [2:168]
:INPUT ACCEPT [2:168]
:OUTPUT ACCEPT [9:620]
:POSTROUTING ACCEPT [17:1091]
:DOCKER_OUTPUT - [0:0]
:DOCKER_POSTROUTING - [0:0]
-A OUTPUT -d 127.0.0.11/32 -j DOCKER_OUTPUT
-A POSTROUTING -d 127.0.0.11/32 -j DOCKER_POSTROUTING
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 127.0.0.11:45481
-A DOCKER_OUTPUT -d 127.0.0.11/32 -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.11:46340
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p tcp -m tcp --sport 45481 -j SNAT --to-source :53
-A DOCKER_POSTROUTING -s 127.0.0.11/32 -p udp -m udp --sport 46340 -j SNAT --to-source :53 COMMIT
# Completed on Fri Mar 25 13:15:36 2022
composetest_web_1
[root@VM-12-7-centos composetest]#
11 hours ago Up 10 hours 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp
composetest_redis_1
af90b8c4350f composetest_web "flask run"
[root@VM-12-7-centos composetest]# netstat -pantu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address
Foreign Address
State
PID/Program name
[root@VM-12-7-centos composetest]# nc -nvz 127.0.0.11 53 Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 127.0.0.11:53.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
[root@VM-12-7-centos composetest]# lsof -o 3917|egrep 'UDP|TCP'
[root@VM-12-7-centos composetest]# docker inspect composetest_redis_1|grep Pid "Pid": 17693,
"PidMode": "",
"PidsLimit": null,
[root@VM-12-7-centos composetest]# ll /proc/17693/ns/net
lrwxrwxrwx 1 polkitd mysql 0 Mar 25 10:07 /proc/17693/ns/net -> net:[4026532226]
[root@VM-12-7-centos composetest]# ln -s /proc/17662/ns/net /var/run/netns/composetest_web_1 [root@VM-12-7-centos composetest]#
[root@VM-12-7-centos composetest]# ll /var/run/netns/composetest_web_1
lrwxrwxrwx 1 root root 18 Mar 25 04:52 /var/run/netns/composetest_web_1 -> /proc/17662/ns/net
[root@VM-12-7-centos ~]# ip netns exec composetest_web_1 ping baidu.com PING baidu.com (220.181.38.251) 56(84) bytes of data.
64 bytes from 220.181.38.251 (220.181.38.251): icmp_seq=1 ttl=48 time=27.5 ms
64 bytes from 220.181.38.251 (220.181.38.251): icmp_seq=2 ttl=48 time=27.4 ms
^C
--- baidu.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 27.441/27.495/27.549/0.054 ms
/ code # ping web
PING web (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.031 ms 64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.059 ms
^C
--- web ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 0.031/0.045/0.059 ms
/code #
/ code # ping redis
PING redis (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.071 ms 64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.073 ms 64 bytes from 172.18.0.3: seq=2 ttl=64 time=0.076 ms
^C
--- redis ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.071/0.073/0.076 ms
/code #
[root@VM-12-7-centos ~]# cat /etc/*release CentOS Linux release 7.6.1810 (Core)
[root@VM-12-7-centos ~]# docker --version
Docker version 20.10.14, build a224086
[root@VM-12-7-centos composetest]# pwd
/root/composetest
[root@VM-12-7-centos composetest]#
[root@VM-12-7-centos composetest]# cat requirements.txt flask
redis
[root@VM-12-7-centos composetest]#
[root@VM-12-7-centos composetest]# cat Dockerfile FROM python:3.7-alpine
WORKDIR /code
ENV FLASK_APP app.py
ENV FLASK_RUN_HOST 0.0.0.0
RUN apk add --no-cache gcc musl-dev linux-headers COPY requirements.txt requirements.txt
RUN pip install -r requirements.txt COPY . .
CMD ["flask", "run"]
[root@VM-12-7-centos composetest]# [root@VM-12-7-centos composetest]#
[root@VM-12-7-centos composetest]# cat docker-compose.yml # yaml 配置
version: '3' services:
web:
build: . ports:
- "5000:5000"
redis:
image: "redis:alpine"
[root@VM-12-7-centos composetest]# [root@VM-12-7-centos composetest]# [root@VM-12-7-centos composetest]# cat app.py import time
import redis
from flask import Flask
app = Flask( name )
cache = redis.Redis(host='redis', port=6379)
def get_hit_count(): retries = 5 while True:
try:
return cache.incr('hits')
except redis.exceptions.ConnectionError as exc: if retries == 0:
raise exc retries -= 1 time.sleep(0.5)
@app.route('/') def hello():
count = get_hit_count()
return 'Hello World! I have been seen {} times.\n'.format(count) [root@VM-12-7-centos composetest]#
[root@VM-12-7-centos composetest]#docker-compose up -d
END
本文作者:潘 安
本文来源:IT那活儿(上海新炬王翦团队)
文章转载自IT那活儿,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
