容器中网络使用
在默认网络上启动一个容器
Docker通过使用网络驱动程序支持网络容器。默认情况下,Docker为您提供了两个网络驱动程序,bridge和overlay.查看默认:
[root@aniu-k8s ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
83b13d1a6851 bridge bridge local
bb75b5a2446b host host local
350704680a43 none null local名为bridge的网络是一个特殊的网络。除非另有说明,否则Docker将始终在此网络中启动您的容器。现在试试这个:
[root@aniu-k8s ~]# docker run -itd --name=networktest ubuntu
dfe98e91cc6e3a1766819a94e7c16ed186668fc92e2cfe5988094b8c3f327647
这里写图片描述
笔者的em1为:192.168.10.10
- 检查网络是查找容器的IP地址的简单方法
[root@aniu-k8s ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "83b13d1a6851e0a564b82363ef95c0122608f37d6f70a9191440be9802893e01",
"Created": "2017-11-29T14:12:09.651104078+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"dfe98e91cc6e3a1766819a94e7c16ed186668fc92e2cfe5988094b8c3f327647": {
"Name": "networktest",
"EndpointID": "2fb0b8cac57a8ce1cf5f8de06f365451d6f987e526000c2277c036c97fa79d37",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]可以通过断开容器从网络中移除容器。为此,提供网络名称和容器名称。可以使用容器ID。在这个例子中,名字更快。
[root@aniu-k8s ~]# docker network disconnect bridge networktest
[root@aniu-k8s ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "83b13d1a6851e0a564b82363ef95c0122608f37d6f70a9191440be9802893e01",
"Created": "2017-11-29T14:12:09.651104078+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]虽然可以从网络断开容器,但不能删除名为网桥的内置网桥网络。网络是将容器与其他容器或其他网络隔离的自然方式。所以,当你对Docker有更多的经验时,你会想创建自己的网络。
创建自己的bridge网络
Docker引擎本身支持桥接网络和覆盖网络。桥接网络仅限于运行Docker Engine的单个主机。覆盖网络可以包括多个主机,并且是更高级的主题。对于这个例子,你将创建一个桥梁网络: 参考:https://docs.docker.com/engine/reference/commandline/network_create/
[root@aniu-k8s ~]# docker network create -d bridge my_bridge
31b20c144a8468d0128e738f4032dfba799b5260fcc4fd19124a432fa2b2ede2-d参数告诉Docker为新网络使用网桥驱动程序。您可以将此标志关闭,因为桥是此标志的默认值。继续并在您的机器上列出网络:
[root@aniu-k8s ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
83b13d1a6851 bridge bridge local
bb75b5a2446b host host local
31b20c144a84 my_bridge bridge local
350704680a43 none null local如果你检查网络,你会发现它没有任何东西
[root@aniu-k8s ~]# docker network inspect my_bridge
[
{
"Name": "my_bridge",
"Id": "31b20c144a8468d0128e738f4032dfba799b5260fcc4fd19124a432fa2b2ede2",
"Created": "2017-11-29T16:39:30.869809937+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16", # 仔细看,ip地址已经变化,可以通过指定--subnet=192.168.0.0/16 br0参数,自定义ip
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]将容器添加到网络
启动一个运行PostgreSQL数据库的容器,并传递 –net=my_bridge 标志将其连接到你的新网络:
$ docker run -d --net=my_bridge --name db training/postgres如果你检查你的my_bridge,你会看到它有一个容器连接。您也可以检查您的容器,以查看它连接的位置:
[root@aniu-k8s ~]# docker inspect --format='{{json .NetworkSettings.Networks}}' db
{"my_bridge":{"IPAMConfig":null,"Links":null,"Aliases":["0f6ce012b967"],"NetworkID":"31b20c144a8468d0128e738f4032dfba799b5260fcc4fd19124a432fa2b2ede2","EndpointID":"dde2f9d3463088873bfd086cecc37eb006824826df9be0eb951410e7752bf7e5","Gateway":"172.18.0.1","IPAddress":"172.18.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:12:00:02","DriverOpts":null}}继续启动自己熟悉的web应用程序,使用默认网络
docker run -d --name web training/webapp python app.py
这里写图片描述
您的Web应用程序在哪个网络下运行?检查应用程序,你会发现它运行在默认的桥梁网络。
[root@aniu-k8s ~]# docker inspect --format='{{json .NetworkSettings.Networks}}' web
{"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"83b13d1a6851e0a564b82363ef95c0122608f37d6f70a9191440be9802893e01","EndpointID":"22025b98fa050359d6e7dd2a716f2b265e5df7f6ca2c13210aef4b73c63f795c","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02","DriverOpts":null}}然后,获取您的网站的IP地址
[root@aniu-k8s ~]# docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web
172.17.0.2现在,打开一个shell连接到正在运行的db容器中:
[root@aniu-k8s ~]# docker exec -it db bash
root@0f6ce012b967:/# ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
^C
--- 172.17.0.2 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 5999ms
root@0f6ce012b967:/# exit
exit稍后,使用CTRL-C结束ping,您将发现ping失败。这是因为两个容器在不同的网络上运行。你可以解决这个问题。然后,使用exit命令关闭容器。 Docker网络允许您将容器连接到尽可能多的网络。您也可以附加一个已经运行的容器。继续并将正在运行的Web应用程序附加到my_bridge。
$ docker network connect my_bridge web
[root@aniu-k8s ~]# docker network inspect my_bridge
[
{
"Name": "my_bridge",
"Id": "31b20c144a8468d0128e738f4032dfba799b5260fcc4fd19124a432fa2b2ede2",
"Created": "2017-11-29T16:39:30.869809937+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"0f6ce012b96798d29d2363199c289315f7f52a06d01aa0702e727f8355a48190": {
"Name": "db",
"EndpointID": "dde2f9d3463088873bfd086cecc37eb006824826df9be0eb951410e7752bf7e5",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
},
"e7e11e1c094ba9b16456677ebe4658d4f6ea1cc3757debaccbdb049e7b769e50": {
"Name": "web",
"EndpointID": "2d88e9122ee58212261ea635041c3daf22a6098c9dad8c6a61468e05b28a01b2",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
这里写图片描述
再次打开一个shell到数据库应用程序,并尝试ping命令。这次只需使用容器名称而不是IP地址。
[root@aniu-k8s ~]# docker exec -it db bash
root@0f6ce012b967:/# ping web
PING web (172.18.0.3) 56(84) bytes of data.
64 bytes from web.my_bridge (172.18.0.3): icmp_seq=1 ttl=64 time=0.134 ms
64 bytes from web.my_bridge (172.18.0.3): icmp_seq=2 ttl=64 time=0.047 ms
64 bytes from web.my_bridge (172.18.0.3): icmp_seq=3 ttl=64 time=0.047 ms
64 bytes from web.my_bridge (172.18.0.3): icmp_seq=4 ttl=64 time=0.047 ms
64 bytes from web.my_bridge (172.18.0.3): icmp_seq=5 ttl=64 time=0.043 ms
^C
--- web ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.043/0.063/0.134/0.036 msping显示它正在联系不同的IP地址,my_bridge上的地址与桥接网络上的地址不同。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读