专栏首页twowinterDocker 官网教程实践 自定义 bridge 网络

Docker 官网教程实践 自定义 bridge 网络

前言

这篇笔记是 docker 官网教程 自定义 bridge 网络的实践。

用户自定义 bridge 网络是在生产环境中推荐到最佳方式,因此这篇教程要特别注意。

这个教程中,启动了2个 alpine 容器,将他们附着到用户自定义网络 alpine-net 。这些容器无法连接到默认到 bridge 网络。然后再启动第3个容器 alpine ,连接到默认 bridge 网络。第4个容器 alpine 连接到两个网络。

我正在学习Docker容器技术,相关笔记汇总在Docker容器技术 学习笔记汇总

1 创建 alpine-net 网络

# docker network create --driver bridge alpine-net
694e28e19bbc5083491ee0d5c75b6fc8aef6c4274582be9f5a7c0184abb8f087

2 列出网络

# docker network ls
NETWORK ID          NAME                        DRIVER              SCOPE
694e28e19bbc        alpine-net                  bridge              local
02231307198a        bridge                      bridge              local
81b1d878dd80        host                        host                local
194a422ad895        none                        null                local

查看网络 alpine-net

# docker network inspect alpine-net
[
    {
        "Name": "alpine-net",
        "Id": "694e28e19bbc5083491ee0d5c75b6fc8aef6c4274582be9f5a7c0184abb8f087",
        "Created": "2020-02-08T20:14:17.312752369+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.80.0/20",
                    "Gateway": "192.168.80.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

网络 alpine-net 的网关是 192.168.80.1,与默认 bridge 网络不同。

3 创建 4 个容器

# docker run -dit --name alpine1 --network alpine-net alpine ash
8e0ab36ed621c23b0fb50256f4e67f3ee22eb114400e37a5c71bd22275b9668b
# docker run -dit --name alpine2 --network alpine-net alpine ash
347af28200e49c07a1b6845387ce9abf8d0dd34a21680145097d638b73b0f4c8
# docker run -dit --name alpine3 alpine ash
bf038a99bceec1d897cc60c7de0548e296ab308f9486691279172524e74aeb18
# docker run -dit --name alpine4 --network alpine-net alpine ash
4c192d113af8513acd39cacb36d668604cecfafe990801d5e37f17e500c322aa
# docker network connect bridge alpine4
# 
# docker container ls
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS              PORTS                    NAMES
4c192d113af8        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine4
bf038a99bcee        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine3
347af28200e4        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine2
8e0ab36ed621        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine1

4 再次查看网络 bridge 和 alpine-net

# docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "02231307198a766660ed883e7117e65d04dbc0a111b68ce6b65e9f50e4887674",
        "Created": "2019-09-10T15:39:22.052117578+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "4c192d113af8513acd39cacb36d668604cecfafe990801d5e37f17e500c322aa": {
                "Name": "alpine4",
                "EndpointID": "35e16d957e312067b77354a7d7febd95e3d168b66508a859db3c6c15743639cd",
                "MacAddress": "02:42:ac:11:00:04",
                "IPv4Address": "172.17.0.4/16",
                "IPv6Address": ""
            },
            "bf038a99bceec1d897cc60c7de0548e296ab308f9486691279172524e74aeb18": {
                "Name": "alpine3",
                "EndpointID": "d7749027672de5a6a265e7f9245446b2bdfd9df6474eb327e11a5ad7a2393328",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

alpine3alpine4 都连接到 bridge 网络。

# docker network inspect alpine-net
[
    {
        "Name": "alpine-net",
        "Id": "694e28e19bbc5083491ee0d5c75b6fc8aef6c4274582be9f5a7c0184abb8f087",
        "Created": "2020-02-08T20:14:17.312752369+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.80.0/20",
                    "Gateway": "192.168.80.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "347af28200e49c07a1b6845387ce9abf8d0dd34a21680145097d638b73b0f4c8": {
                "Name": "alpine2",
                "EndpointID": "82dc832bd1f0d8406039c30964f8c5c31cc393cb0dd53c9758bf0c52f52da4ca",
                "MacAddress": "02:42:c0:a8:50:03",
                "IPv4Address": "192.168.80.3/20",
                "IPv6Address": ""
            },
            "4c192d113af8513acd39cacb36d668604cecfafe990801d5e37f17e500c322aa": {
                "Name": "alpine4",
                "EndpointID": "09fcc106f88b619d32204fa6399c9bfdbda34822de4035a9f5295f6db841c859",
                "MacAddress": "02:42:c0:a8:50:04",
                "IPv4Address": "192.168.80.4/20",
                "IPv6Address": ""
            },
            "8e0ab36ed621c23b0fb50256f4e67f3ee22eb114400e37a5c71bd22275b9668b": {
                "Name": "alpine1",
                "EndpointID": "1b8782cb01f48f19b34e8caf4fcc08a66e326fa60c6af8743b7e40434302b93b",
                "MacAddress": "02:42:c0:a8:50:02",
                "IPv4Address": "192.168.80.2/20",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]

容器 alpine1alpine2alpine4 都连接到了 alpine-net 网络。

5 同网络内的容器可以通信

alpine1 可以和 alpine2alpine4 通信,并且可以直接通过容器名来通信

在用户自定义网络中,容器不仅能通过IP地址通信,可以通过解析容器名来得到IP地址。这个能力称为 automatic service discovery 自动服务发现。

# docker attach alpine1
/ # ping -c 2 alpine2
PING alpine2 (192.168.80.3): 56 data bytes
64 bytes from 192.168.80.3: seq=0 ttl=64 time=0.113 ms
64 bytes from 192.168.80.3: seq=1 ttl=64 time=0.095 ms

--- alpine2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.095/0.104/0.113 ms
/ # ping -c 2 alpine4
PING alpine4 (192.168.80.4): 56 data bytes
64 bytes from 192.168.80.4: seq=0 ttl=64 time=0.100 ms
64 bytes from 192.168.80.4: seq=1 ttl=64 time=0.089 ms

--- alpine4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.089/0.094/0.100 ms
/ # ping -c 2 alpine1
PING alpine1 (192.168.80.2): 56 data bytes
64 bytes from 192.168.80.2: seq=0 ttl=64 time=0.029 ms
64 bytes from 192.168.80.2: seq=1 ttl=64 time=0.060 ms

--- alpine1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.029/0.044/0.060 ms
/ # 

6 不同网络的容器无法通信

alpine1 不能连接 alpine3,因为它不在 alpine-net 网络中。

不仅仅不能通过容器名来ping通,也不能通过ip来ping通。

/ # ping -c 2 alpine3

ping: bad address 'alpine3'
/ # ping -c 2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes

--- 172.17.0.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

Detach 容器 alpine1 ,使用快捷命令 CTRL + pCTRL + q (按住 CTRL 输入 p 和 q)。

7 连接多个网络的容器可以和多个网络进行通信

alpine4 连接了默认到 bridgealpine-net 网络,因此它能和其他容器通信。但对 alpine3 容器对通信需要采用它的 ip 地址,因为它在默认的 bridge 网络中。

# docker attach alpine4
/ # ping -c 2 alpine1
PING alpine1 (192.168.80.2): 56 data bytes
64 bytes from 192.168.80.2: seq=0 ttl=64 time=0.105 ms
64 bytes from 192.168.80.2: seq=1 ttl=64 time=0.097 ms

--- alpine1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.097/0.101/0.105 ms
/ # ping -c 2 alpine2
PING alpine2 (192.168.80.3): 56 data bytes
64 bytes from 192.168.80.3: seq=0 ttl=64 time=0.104 ms
64 bytes from 192.168.80.3: seq=1 ttl=64 time=0.085 ms

--- alpine2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.085/0.094/0.104 ms
/ # ping -c 2 alpine3
ping: bad address 'alpine3'
/ # ping -c 2 alpine4
PING alpine4 (192.168.80.4): 56 data bytes
64 bytes from 192.168.80.4: seq=0 ttl=64 time=0.039 ms
64 bytes from 192.168.80.4: seq=1 ttl=64 time=0.057 ms

--- alpine4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.039/0.048/0.057 ms
/ # ping -c 2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.112 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.089 ms

--- 172.17.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.089/0.100/0.112 ms

8 所有基于 bridge 驱动的网络都能接通宿主机网络

最后测试下几个容器是否能联通网络。

/ # ping -c 2 baidu.com
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=248 time=35.715 ms
64 bytes from 220.181.38.148: seq=1 ttl=248 time=35.568 ms

--- baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 35.568/35.641/35.715 ms
/ # read escape sequence
# docker attach alpine1
/ # ping -c 2 baidu.com
PING baidu.com (39.156.69.79): 56 data bytes
64 bytes from 39.156.69.79: seq=0 ttl=248 time=38.493 ms
64 bytes from 39.156.69.79: seq=1 ttl=248 time=38.408 ms

--- baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 38.408/38.450/38.493 ms
/ # read escape sequence
# docker attach alpine3
/ # ping -c 2 baidu.com
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=248 time=37.688 ms
64 bytes from 220.181.38.148: seq=1 ttl=248 time=37.655 ms

--- baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 37.655/37.671/37.688 ms

9 停止并删除所有容器以及 alpine-net 网络

Stop and remove all containers and the alpine-net network.

# docker stop alpine1 alpine2 alpine3 alpine4
# docker rm alpine1 alpine2 alpine3 alpine4
# docker network rm alpine-net

小结

容器网络有如下规则:

  • 同网络内的容器可以通信
  • 不同网络的容器无法通信
  • 连接多个网络的容器可以和多个网络进行通信

命令操作上:

命令

功能

docker network create NETWORK

创建网络

docker network rm NETWORK

删除网络

docker network ls

罗列网络

docker network inspect NETWORK

查看具体网络到详情

docker network connect NETWORK CONTAINER

将容器连接到网络

docker run --network NETWORK CONTAINER

运行容器并指定网络

END

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • Docker Compose笔记 03 CentOS 快速安装 Docker 全家桶

    主要参考:https://docs.docker.com/install/linux/docker-ce/centos/

    twowinter
  • 设备数据解析脚本案例之 四字节数据转化成单精度浮点数

    利用腾讯云物联网开发平台的设备数据引擎,可以非常灵活地调整设备上报上来的数据,将其转化成产品的数据模版JSON协议,方便应用的统一处理。

    twowinter
  • Docker Compose笔记 02 安装笔记

    在Docker Compose笔记 01 基础介绍中已经介绍了Docker Compose,这节讲讲安装方法,比较简单,都在https://docs.docke...

    twowinter
  • 在 Azure App Service 上启用 Application Request Routing

    我们在IIS上经常使用 Application Request Routing (ARR) 模块做反向代理。Azure App Service 使用的也是 II...

    Edi Wang
  • 【php设计模式】模板模式

    定义一个操作中算法的骨架,而将一些步骤延迟到子类中,模板方法使得子类可以不改变算法的结构即可重定义该算法的某些特定步骤。

    码缘
  • 通过3个Hello World应用来了解ASP.NET 5应用是如何运行的(3)

    设置自定义的入口程序体现应用本身与应用托管之间的分离,它使我们可以创建独立于托管环境的应用,并根据需要寄宿于任何一个我们希望的宿主程序下,对于Web应用来说这一...

    蒋金楠
  • 不解密数据竟也能识别TLS加密的恶意流量?

    加密一直都是保护用户通讯隐私的重要特性,可如果恶意程序在传播过程中也加密的话,对这样的流量做拦截感觉就麻烦了很多。谈到加密,TLS(Transport Laye...

    FB客服
  • 一款二次元风格好看的视频解析官网

    源码下载:https://wuzuhua.cn/2019/07/29/jxgw.html

    空木白博客
  • 【javascript】谈谈HTML5: Web-Worker、canvas、indexedDB、拖拽事件

    前言:作为一名Web开发者,可能你并没有对这个“H5”这个字眼投入太多的关注,但实际上它早已不知不觉进入到你的开发中,并且总有一天会让你不得不正视它,了解它并运...

    外婆的彭湖湾
  • 设计模式实战-适配器模式,承上启下

    适配器,其实很好理解,生活中也随处可见,比如电源适配器、usb 适配器等等,那么适配器模式,也被称为Wrapper 模式。

    架构师修炼

扫码关注云+社区

领取腾讯云代金券