IT序号网

容器网络配置知识解答

luoye 2021年06月13日 程序员 159 0
 
在默认网络中启动容器

 
Dcoker提供两种网络设备,bridge 和 overlay。也可以自己写一个网络驱动插件,当然这是很难的。
每个Docker引擎自动包含三个默认网络:
zane@zane-V:~$ docker network ls 
NETWORK ID          NAME                DRIVER              SCOPE 
ae35ae5e583d        bridge              bridge              local                
7dbe50e049ea        host                host                local                
08bfed547b1e        none                null                local
bridge网络,是默认网络。
 
zane@zane-V:~$ docker run -idt --name=networktest ubuntu 
48e90b1c0df18f319b177f76f95f240a91e4b763eb6cba5eca4ced381ea6a06c 
zane@zane-V:~$ docker run -id --name=networktest2 ubuntu 
9c826c86dca3337f5236e41aed83bd42b69f86e45b984d50000f09536613452c 
只要检测网络就能很容易的找到容器的IP地址
zane@zane-V:~$ docker network inspect bridge 
[ 
    { 
        "Name": "bridge", 
        "Id": "ae35ae5e583db7f0efc074ab631068c8b3c4ccd7e59570a5f188f70aad32b423", 
        "Scope": "local", 
        "Driver": "bridge", 
        "EnableIPv6": false, 
        "IPAM": { 
            "Driver": "default", 
            "Options": null, 
            "Config": [ 
                { 
                    "Subnet": "172.17.0.0/16", 
                    "Gateway": "172.17.0.1" 
                } 
            ] 
        }, 
        "Internal": false, 
        "Containers": { 
            "48e90b1c0df18f319b177f76f95f240a91e4b763eb6cba5eca4ced381ea6a06c": { 
                "Name": "networktest", 
                "EndpointID": "640ea3ff77ec002fe55665c87f93c0bf557e4e9b5fccc5caa2c360febdfa561b", 
                "MacAddress": "02:42:ac:11:00:02", 
                "IPv4Address": "172.17.0.2/16", 
                "IPv6Address": "" 
            }, 
            "9c826c86dca3337f5236e41aed83bd42b69f86e45b984d50000f09536613452c": { 
                "Name": "networktest2", 
                "EndpointID": "8d3fe4c25f6936e2e96cf396b39f5b7313b465af05904cd38e1d1853d72b521e", 
                "MacAddress": "02:42:ac:11:00:03", 
                "IPv4Address": "172.17.0.3/16", 
                "IPv6Address": "" 
            } 
        }, 
        "Options": { 
            "com.docker.network.bridge.default_bridge": "true", 
            "com.docker.network.bridge.enable_icc": "true", 
            "com.docker.network.bridge.enable_ip_masquerade": "true", 
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", 
            "com.docker.network.bridge.name": "docker0", 
            "com.docker.network.driver.mtu": "1500" 
        }, 
        "Labels": {} 
    } 
]
从网络中移除容器通过 disconnect:
zane@zane-V:~$ docker network disconnect bridge networktest
创建自己的桥接网络

 
  • Docker引擎本地支持bridge 和 overlay两种网络。
  • bridge限于运行docker引擎的单个主机。
  • overlay网络可以包括多台主机和更高级的主题。
 
创建一个桥接网络
zane@zane-V:~$ docker network create -d bridge my-bridge-network 
c741cdd168b05202bb223ffd48b91899a038e5f26d71d1593f66a94a0f2f741d
 
-d:告诉Dcoker为新的网络使用bridge 驱动。可省略
 
查看
zane@zane-V:~$ docker network ls 
NETWORK ID          NAME                DRIVER              SCOPE 
ae35ae5e583d        bridge              bridge              local                
7dbe50e049ea        host                host                local                
c741cdd168b0        my-bridge-network   bridge              local                
08bfed547b1e        none                null                local       
        
zane@zane-V:~$ docker network inspect my-bridge-network 
[ 
    { 
        "Name": "my-bridge-network", 
        "Id": "c741cdd168b05202bb223ffd48b91899a038e5f26d71d1593f66a94a0f2f741d", 
        "Scope": "local", 
        "Driver": "bridge", 
        "EnableIPv6": false, 
        "IPAM": { 
            "Driver": "default", 
            "Options": {}, 
            "Config": [ 
                { 
                    "Subnet": "172.18.0.0/16", 
                    "Gateway": "172.18.0.1/16" 
                } 
            ] 
        }, 
        "Internal": false, 
        "Containers": {}, 
        "Options": {}, 
        "Labels": {} 
    } 
]
 
增加容器到新建的网络中

 
当在第一次运行容器的时候可以指定他的运行网络。
zane@zane-V:~$ docker run -d --net=my-bridge-network --name db training/postgres 
Unable to find image 'training/postgres:latest' locally 
latest: Pulling from training/postgres 
  
a3ed95caeb02: Pull complete 
6e71c809542e: Already exists 
2978d9af87ba: Pull complete 
e1bca35b062f: Pull complete 
500b6decf741: Pull complete 
74b14ef2151f: Pull complete 
7afd5ed3826e: Pull complete 
3c69bb244f5e: Pull complete 
d86f9ec5aedf: Pull complete 
010fabf20157: Pull complete 
Digest: sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907e 
Status: Downloaded newer image for training/postgres:latest 
100a88a646afb40f22861dc3276b71235fe4d6dc8f501f59671f829bd4f2fb17
 
 
现在运行一个web 应用但不指定网络
zane@zane-V:~$ docker run -d --name web training/webapp python app.py 
aca8e2cd333ab85b536b0eecee08bf5d8285f5f9f087217e6d0cbc2aa126271c
 
查看两个容器的IP
zane@zane-V:~$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web 
172.17.0.4 
zane@zane-V:~$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' db 
172.18.0.2
 
这样两个容器因为在不同的网络中,所以是不通的。
zane@zane-V:~$ docker exec -it db bash 
root@100a88a646af:/# ping 172.17.0.4 
PING 172.17.0.4 (172.17.0.4) 56(84) bytes of data. 
^C 
--- 172.17.0.4 ping statistics --- 
3 packets transmitted, 0 received, 100% packet loss, time 2014ms
 
Dcoker允许将容器连接到多个网络中只要你高兴就好。
你甚至可以连接已经在运行中的容器到另一个网络。
 
连接运行中的web app 到my-bridge-network
zane@zane-V:~$ docker network connect my-bridge-network web 
zane@zane-V:~$ docker network inspect my-bridge-network 
[ 
    { 
        "Name": "my-bridge-network", 
        "Id": "c741cdd168b05202bb223ffd48b91899a038e5f26d71d1593f66a94a0f2f741d", 
        "Scope": "local", 
        "Driver": "bridge", 
        "EnableIPv6": false, 
        "IPAM": { 
            "Driver": "default", 
            "Options": {}, 
            "Config": [ 
                { 
                    "Subnet": "172.18.0.0/16", 
                    "Gateway": "172.18.0.1/16" 
                } 
            ] 
        }, 
        "Internal": false, 
        "Containers": { 
            "100a88a646afb40f22861dc3276b71235fe4d6dc8f501f59671f829bd4f2fb17": { 
                "Name": "db", 
                "EndpointID": "668cfaad3f14ef45f9fed15aff80f7099890d658ca893dfe2bc799cf0214988b", 
                "MacAddress": "02:42:ac:12:00:02", 
                "IPv4Address": "172.18.0.2/16", 
                "IPv6Address": "" 
            }, 
            "aca8e2cd333ab85b536b0eecee08bf5d8285f5f9f087217e6d0cbc2aa126271c": { 
                "Name": "web", 
                "EndpointID": "3a30fa1c648aa0c6d5c55890bcfef04a4f7260cb0fdbcf11108a00f40fc461e0", 
                "MacAddress": "02:42:ac:12:00:03", 
                "IPv4Address": "172.18.0.3/16", 
                "IPv6Address": "" 
            } 
        }, 
        "Options": {}, 
        "Labels": {} 
    } 
]
 
查看db 容器和web是否相通,可以直接ping 容器名称哦。
$ docker exec -it db bash 
root@100a88a646af:/# ping web 
PING web (172.18.0.3) 56(84) bytes of data. 
64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=1 ttl=64 time=0.039 ms 
64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=2 ttl=64 time=0.037 ms 
64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=3 ttl=64 time=0.032 ms 
64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=4 ttl=64 time=0.093 ms 
64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=5 ttl=64 time=0.041 ms
总结

  • 两种网络驱动
    • bridge(默认)
      • 仅限于docker引擎的单个主机
    • overlay
      • 包括多台主机和更高的主题
  • 检测网络
    • docker network inspect bridge
  • 查看网络
    • docker network ls
  • 在bridge中增/删容器
    • docker network disconnect bridge 容器名
    • docker network connect bridge 容器名
  • 创建新桥接网络
    • docker network create -d bridge my-bridge-network
  • 增加容器到新网络中
    • docker run -d --net=my-bridge-network --name db training/postgres
  • 相同网络中的容器可以互通
 

发布评论
IT序号网

微信公众号号:IT虾米 (左侧二维码扫一扫)欢迎添加!

在容器中管理数据知识解答
你是第一个吃螃蟹的人
发表评论

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。