详解Docker——你需要知道的Docker进阶知识四
Docker 网络
在我们安装 Docker 后,会自动创建三个网络。我们可以使用下面的命令来查看这些网络:
[root@VM_0_17_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
54e77f90579f bridge bridge local
c9b1125523d9 host host local
0d7ae6956393 none null local如上图所示,三个默认的网络分别为 bridge, host, none。
bridge
bridge,即桥接网络,在安装 docker 后会创建一个桥接网卡,该桥接网卡的名称为 docker0。可以通过下面的命令来查看
[root@VM_0_17_centos ~]# docker network inspect bridge | grep name
"com.docker.network.bridge.name": "docker0",
[root@VM_0_17_centos ~]# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
inet6 fe80::42:b2ff:fe56:cd prefixlen 64 scopeid 0x20<link>
ether 02:42:b2:56:00:cd txqueuelen 0 (Ethernet)
RX packets 199819 bytes 24756125 (23.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 178712 bytes 184863122 (176.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0在上图中,我们可以查看到对应的值。默认情况下,我们创建的容器都会自动连接到 bridge 网络。其详细信息如下所示:
[root@VM_0_17_centos ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "54e77f90579f347ba9c4e50801c303aa9bbc87220f4e91551190ef0bfe20fb73",
"Created": "2020-02-28T01:16:37.673981451+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
# 子网
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
# 名称
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]我们可以尝试创建一个容器,该容器会自动连接到 bridge 网络,例如我们创建一个名为 hellodocker001 的容器,创建后,再次查看 bridge 的信息:
[root@VM_0_17_centos ~]# docker container run -itd --name hellodocker001 centos /bin/bash
ad0872f8e5a7602967715a05bfeaddda003987f4dd44dc015605bd292539620e
[root@VM_0_17_centos ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "54e77f90579f347ba9c4e50801c303aa9bbc87220f4e91551190ef0bfe20fb73",
"Created": "2020-02-28T01:16:37.673981451+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.18.0.0/16",
"Gateway": "172.18.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
# 该容器的网络信息
"a75888f17b9f83741544e2e434be3d6d1feed6431b206767aca6bbe8cd9bb238": {
"Name": "hellodocker002",
"EndpointID": "1185979565eb4e40034f5aadb79140be8f0783ffb89981d7d205ed086f57696d",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
}
},这时可以查看到相应的容器的网络信息,该容器在连接到 bridge 网络后,会从子网的地址池中获得一个 IP 地址,即上图中的 172.18.0.2。
使用 docker container attach hellodocker002 命令,也可查看相应的地址信息:
[root@VM_0_17_centos ~]# docker container attach hellodocker002
[root@a75888f17b9f /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.3 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:ac:12:00:03 txqueuelen 0 (Ethernet)
RX packets 7 bytes 586 (586.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0并且对于连接到默认的 bridge 之间的容器可以通过 IP 地址互相通信。例如我们启动一个 hellodocker003 的容器,它可以与 hellodocker002 通过 IP 地址进行通信。
[root@VM_0_17_centos ~]# docker container attach hellodocker003
[root@185945b6b294 /]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.2 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:ac:12:00:02 txqueuelen 0 (Ethernet)
RX packets 11749 bytes 35762881 (34.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11457 bytes 802314 (783.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@VM_0_17_centos ~]# docker container attach hellodocker002
[root@a75888f17b9f /]# ping 172.18.0.2
PING 172.18.0.2 (172.18.0.2) 56(84) bytes of data.
64 bytes from 172.18.0.2: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=64 time=0.059 ms
64 bytes from 172.18.0.2: icmp_seq=3 ttl=64 time=0.075 ms
64 bytes from 172.18.0.2: icmp_seq=4 ttl=64 time=0.055 ms
--- 172.18.0.2 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 0.055/0.067/0.080/0.012 ms上述的操作我们通过 ping 命令演示了位于同一 Docker 网络的容器之间网络是连通的。但如果需要从主机外部访问容器内服务,则需要配置端口映射,也就是将容器内的端口映射为主机的端口,然后通过主机 IP + 端口来访问。端口映射通过 iptables 来实现。
下面的操作演示了 docker 实现端口映射的方式:
- 首先删除掉上面创建的两个容器。
- 这时,我们查看
nat表的转发规则,使用如下命令:
docker container ls -q | xargs docker container stop
docker container ls -aq | xargs docker container rm由于此时并未创建 docker 容器,nat 表中没有什么特殊的规则。接下来,我们使用上一节构建的 web:lastest 镜像创建一个容器 hellodocker001,并将本机的端口 10001 映射到容器中的 80 端口上,在浏览器中可以通过 localhost:10001 访问容器 hellodocker001 的 apache 服务,命令如下:
[root@VM_0_17_centos ~]# docker run -d -p 10001:80 --name hellodocker001 web:latest
56372378defc0f5964714872002b1d5dd74888c94a847ca77e99f2b72937254c
docker run命令的-p参数是通过端口映射的方式,将容器的端口发布到主机的端口上。其使用格式为-p ip:hostPort:containerPort。并且还可以指定范围,例如-p10001-10100:1-100,代表将容器1-100的端口映射到主机上的10001-10100端口上,两者一一对应。
- 创建成功后,我们可以在浏览器中输入
localhost:10001访问到容器hellodocker001的apache服务,并查看此时iptables中nat表和filter表的规则,其中分别新增了一条比较重要的内容,如下图所示:
[root@VM_0_17_centos ~]# sudo iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 732 packets, 26539 bytes)
pkts bytes target prot opt in out source destination
1289K 56M DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 732 packets, 26539 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 398 packets, 24505 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 483 packets, 28925 bytes)
pkts bytes target prot opt in out source destination
1537 92532 MASQUERADE all -- * !docker0 172.18.0.0/16 0.0.0.0/0
0 0 MASQUERADE tcp -- * * 172.18.0.2 172.18.0.2 tcp dpt:80
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0
85 4420 DNAT tcp -- !docker0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001 to:172.18.0.2:80[root@VM_0_17_centos ~]# sudo iptables -nvL
Chain INPUT (policy ACCEPT 4509 packets, 318K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
230K 188M DOCKER-USER all -- * * 0.0.0.0/0 0.0.0.0/0
230K 188M DOCKER-ISOLATION-STAGE-1 all -- * * 0.0.0.0/0 0.0.0.0/0
106K 172M ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
3809 175K DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
120K 16M ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
2 168 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 5005 packets, 631K bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
85 4420 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.18.0.2 tcp dpt:80
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
120K 16M DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
230K 188M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * docker0 0.0.0.0/0 0.0.0.0/0
120K 16M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
404K 279M RETURN all -- * * 0.0.0.0/0 0.0.0.0/0默认的 bridge 网络,每次重启容器,容器的 IP 地址都会发生变化。对于默认的 bridge 网络,不能在启动容器的时候指定 IP,这个只有自定义网络才支持。
旧版的容器互联
容器间都是通过在 /etc/hosts 文件中添加相应的解析,通过容器名,别名,服务名等来识别需要通信的容器。
这里,我们启动两个容器,来演示旧的容器互联:
- 首先启动一个名为
hellodocker001的容器,使用镜像busybox:
[root@VM_0_17_centos ~]# docker run -it --rm --name hellodocker001 busybox /bin/sh
/ # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
126: eth0@if127: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.2/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.18.0.2 d9b422546843
/ #这时打开一个新的终端,启动一个名为 hellodocker002 的容器,并使用 --link 参数与容器 hellodocker001 互联。
[root@VM_0_17_centos ~]# docker run -it --rm --name hellodocker002 --link hellodocker001 busybox /bin/sh
/ # ping -c 3 hellodocker001
PING hellodocker001 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.101 ms
64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.076 ms
64 bytes from 172.18.0.2: seq=2 ttl=64 time=0.077 ms
--- hellodocker001 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.076/0.084/0.101 ms
/ # cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.18.0.2 hellodocker001 d9b422546843
172.18.0.3 78b24ce9b0cf
/ #docker run 命令的
--link参数的格式为--link:alias。格式中的name为容器名,alias为别名。即可以通过alias访问到该容器。
如果此时 hellodocker001 容器退出,这时我们启动一个 hellodocker003,再次启动一个 hellodocker001:
[root@VM_0_17_centos ~]# docker run -itd --name hellodocker003 --rm busybox /bin/sh
d974c8bad86f15f2193a6a3b6e7273724e1b63c04cd27e37a690b18ae4bd655a
[root@VM_0_17_centos ~]# docker run -it --name hellodokcer001 --rm busybox /bin/sh
/ # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
134: eth0@if135: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:12:00:04 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.4/16 brd 172.18.255.255 scope global eth0
valid_lft forever preferred_lft forever
/ #按照顺序分配的原则,此时 hellodocker003 的 IP 地址为 192.168.0.4,重新创建的容器 hellodocker001 的 IP 地址为 192.168.0.5。然而容器 hellodocker002 中 /etc/hosts 文件中 hellodocker001 的 IP 地址依旧为 192.168.0.2:
容器hellodocker002
/ # ping hellodocker001
PING hellodocker001 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: seq=0 ttl=64 time=0.102 ms
64 bytes from 172.18.0.2: seq=1 ttl=64 time=0.078 ms
64 bytes from 172.18.0.2: seq=2 ttl=64 time=0.078 ms
64 bytes from 172.18.0.2: seq=3 ttl=64 time=0.065 ms
64 bytes from 172.18.0.2: seq=4 ttl=64 time=0.077 ms
64 bytes from 172.18.0.2: seq=5 ttl=64 time=0.096 ms
64 bytes from 172.18.0.2: seq=6 ttl=64 time=0.084 ms
^C
--- hellodocker001 ping statistics ---
7 packets transmitted, 7 packets received, 0% packet loss
round-trip min/avg/max = 0.065/0.082/0.102 ms
/ #如上所示,旧的容器 hellodocker002 通过 --link 连接到 hellodocker001。而在 hellodocker001 重启后,由于 IP 地址的变化,此时 hellodocker002 并不能正确的访问到 hellodocker001。
除了使用 --link 的方式来达到容器间互连,在 docker 中容器间通信更推荐使用自定义网络。
自定义网络
除了使用默认网络,我们还可以创建自己的 bridge 或 overlay 网络。
如下所示,我们创建一个名为 network1 的桥接网络,简单命令如下:
[root@VM_0_17_centos ~]# docker network create network1
420b3d5758ec0561f1a4a01b137b950e5e77b225a0e4e44f66e1a5cca29b3cbf
[root@VM_0_17_centos ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
54e77f90579f bridge bridge local
c9b1125523d9 host host local
420b3d5758ec network1 bridge local
0d7ae6956393 none null local创建成功后,可以使用 ifconfig 或者 ip addr show 命令查看该桥接网络的网络接口信息,如下所示:
[root@VM_0_17_centos ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:97:50:f3 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.17/20 brd 172.17.15.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe97:50f3/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:b2:56:00:cd brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:b2ff:fe56:cd/64 scope link
valid_lft forever preferred_lft forever
129: veth9b886cf@if128: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 3e:ba:b6:c2:da:ee brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::3cba:b6ff:fec2:daee/64 scope link
valid_lft forever preferred_lft forever
133: veth9f73fe6@if132: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 4e:17:79:ed:8e:4e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::4c17:79ff:feed:8e4e/64 scope link
valid_lft forever preferred_lft forever
135: veth6639e4a@if134: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 7e:01:c9:32:05:5a brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::7c01:c9ff:fe32:55a/64 scope link
valid_lft forever preferred_lft forever
136: br-420b3d5758ec: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:1f:5b:ac:62 brd ff:ff:ff:ff:ff:ff
inet 172.19.0.1/16 brd 172.19.255.255 scope global br-420b3d5758ec
valid_lft forever preferred_lft forever而对于该网络的详细信息可以通过 docker network inspect network1 命令来查看,如下图所示:
[root@VM_0_17_centos ~]# docker network inspect network1
[
{
"Name": "network1",
"Id": "420b3d5758ec0561f1a4a01b137b950e5e77b225a0e4e44f66e1a5cca29b3cbf",
"Created": "2020-03-11T23:07:37.340111748+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]其相应的网络接口名称和子网都是由 docker 随机生成,当然,我们也可以手动指定:
此时,我们可以运行一个容器 hellodocker001,指定其网络为 network1,使用 --network network1:
[root@VM_0_17_centos ~]# docker network create -d bridge --subnet=192.168.16.0/24 --gateway=192.168.16.1 network1
0278cb5b4135544391cce12c0cb7e7191d4b25ca5a5902b5c6a72585c43b9f93
[root@VM_0_17_centos ~]# docker run -it --name hellodocker001 --network network1 --rm busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:C0:A8:10:02
# ip地址从指定子网中获取
inet addr:192.168.16.2 Bcast:192.168.16.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1312 (1.2 KiB) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #使用 exit 退出该容器使其自动删除,这时我们再次创建该容器,但是不指定其 --network:
[root@VM_0_17_centos ~]# docker run -it --name hellodocker001 --rm busybox /bin/sh
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:12:00:03
inet addr:172.18.0.3 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:516 (516.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #此时,该容器连接到默认的 bridge 网络,这时,可以新打开一个终端,在其中运行如下命令,将 hellodocker001 连接到 network1 网络中:
[root@VM_0_17_centos ~]# docker network connect network1 hellodocker001这时再次在容器 hellodocker001 中使用 ifconfig 命令
/ # ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:12:00:03
inet addr:172.18.0.3 Bcast:172.18.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
# eth1连接到network1
eth1 Link encap:Ethernet HWaddr 02:42:C0:A8:10:02
inet addr:192.168.16.2 Bcast:192.168.16.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:656 (656.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #如上图中所示,出现了一个 eth1 接口,此时, eth0 连接到默认的 bridge 网络, eth1 连接到 network1 网络。
对于自定义的网络来说,docker 嵌入的 DNS 服务支持连接到该网络的容器名的解析。这意味着连接到同一个网络的容器都可以通过容器名去 ping 另一个容器。
如下所示,启动两个容器,连接到 network1:
[root@VM_0_17_centos ~]# docker run -itd --name hellodocker_2 --network network1 --rm busybox /bin/sh
b238d82ec8f35b7bac7ef4cdb116c10f577799b4005d7f28531ec701b8324ed7[root@VM_0_17_centos ~]# docker run -it --name hellodocker_3 --network network1 --rm busybox /bin/sh
/ # ping hellodocker_2
PING hellodocker_2 (192.168.16.4): 56 data bytes
64 bytes from 192.168.16.4: seq=0 ttl=64 time=0.134 ms
64 bytes from 192.168.16.4: seq=1 ttl=64 time=0.077 ms
64 bytes from 192.168.16.4: seq=2 ttl=64 time=0.079 ms
64 bytes from 192.168.16.4: seq=3 ttl=64 time=0.095 ms
64 bytes from 192.168.16.4: seq=4 ttl=64 time=0.085 ms
64 bytes from 192.168.16.4: seq=5 ttl=64 time=0.099 ms
--- hellodocker_2 ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 0.077/0.094/0.134 ms
/ #启动之后,由于上述的两个容器都是连接到 network1 网络,所以可以通过容器名 ping 通:
除此之外,在用户自定义的网络中,是可以通过 --ip 指定 IP 地址的,而在默认的 bridge 网络不能指定 IP 地址:
[root@VM_0_17_centos ~]# docker run -it --network network1 --ip 192.168.16.100 --rm busybox /bin/sh
/ #
# 连接到默认的 bridge 网络,下面的命令运行失败
[root@VM_0_17_centos ~]# docker run -it --ip 192.168.0.100 --rm busybox /bin/shhost和none
host 网络,容器可以直接访问主机上的网络。
例如,我们启动一个容器,指定网络为 host:
[root@VM_0_17_centos ~]# docker run -it --network host --rm busybox /bin/sh
/ # ifconfig
br-0278cb5b4135 Link encap:Ethernet HWaddr 02:42:F1:AB:34:44
inet addr:192.168.16.1 Bcast:192.168.16.255 Mask:255.255.255.0
inet6 addr: fe80::42:f1ff:feab:3444/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:28 (28.0 B) TX bytes:656 (656.0 B)
docker0 Link encap:Ethernet HWaddr 02:42:B2:56:00:CD
inet addr:172.18.0.1 Bcast:172.18.255.255 Mask:255.255.0.0
inet6 addr: fe80::42:b2ff:fe56:cd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:221013 errors:0 dropped:0 overruns:0 frame:0
TX packets:200086 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:25973448 (24.7 MiB) TX bytes:256263147 (244.3 MiB)
eth0 Link encap:Ethernet HWaddr 52:54:00:97:50:F3
inet addr:172.17.0.17 Bcast:172.17.15.255 Mask:255.255.240.0
inet6 addr: fe80::5054:ff:fe97:50f3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:31408016 errors:0 dropped:0 overruns:0 frame:0
TX packets:31205584 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4912191549 (4.5 GiB) TX bytes:4606313984 (4.2 GiB)none 网络,容器中不提供其它网络接口。
[root@VM_0_17_centos ~]# docker run -it --network none --rm busybox /bin/sh
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
/ #本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2020-03-12,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
