在默认网络中启动容器
Dcoker提供两种网络设备,bridge 和 overlay。也可以自己写一个网络驱动插件,当然这是很难的。
每个Docker引擎自动包含三个默认网络:
zane@zane-V:~$ docker network ls NETWORK ID NAME DRIVER SCOPE ae35ae5e583d bridge bridge local 7dbe50e049ea host host local 08bfed547b1e none null local
bridge网络,是默认网络。
zane@zane-V:~$ docker run -idt --name=networktest ubuntu 48e90b1c0df18f319b177f76f95f240a91e4b763eb6cba5eca4ced381ea6a06c zane@zane-V:~$ docker run -id --name=networktest2 ubuntu 9c826c86dca3337f5236e41aed83bd42b69f86e45b984d50000f09536613452c
只要检测网络就能很容易的找到容器的IP地址
zane@zane-V:~$ docker network inspect bridge [ { "Name": "bridge", "Id": "ae35ae5e583db7f0efc074ab631068c8b3c4ccd7e59570a5f188f70aad32b423", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Containers": { "48e90b1c0df18f319b177f76f95f240a91e4b763eb6cba5eca4ced381ea6a06c": { "Name": "networktest", "EndpointID": "640ea3ff77ec002fe55665c87f93c0bf557e4e9b5fccc5caa2c360febdfa561b", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" }, "9c826c86dca3337f5236e41aed83bd42b69f86e45b984d50000f09536613452c": { "Name": "networktest2", "EndpointID": "8d3fe4c25f6936e2e96cf396b39f5b7313b465af05904cd38e1d1853d72b521e", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ]
从网络中移除容器通过 disconnect:
zane@zane-V:~$ docker network disconnect bridge networktest
创建自己的桥接网络
- Docker引擎本地支持bridge 和 overlay两种网络。
- bridge限于运行docker引擎的单个主机。
- overlay网络可以包括多台主机和更高级的主题。
创建一个桥接网络
zane@zane-V:~$ docker network create -d bridge my-bridge-network
c741cdd168b05202bb223ffd48b91899a038e5f26d71d1593f66a94a0f2f741d
-d:告诉Dcoker为新的网络使用bridge 驱动。可省略
查看
zane@zane-V:~$ docker network ls NETWORK ID NAME DRIVER SCOPE ae35ae5e583d bridge bridge local 7dbe50e049ea host host local c741cdd168b0 my-bridge-network bridge local 08bfed547b1e none null local zane@zane-V:~$ docker network inspect my-bridge-network [ { "Name": "my-bridge-network", "Id": "c741cdd168b05202bb223ffd48b91899a038e5f26d71d1593f66a94a0f2f741d", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1/16" } ] }, "Internal": false, "Containers": {}, "Options": {}, "Labels": {} } ]
增加容器到新建的网络中
当在第一次运行容器的时候可以指定他的运行网络。
zane@zane-V:~$ docker run -d --net=my-bridge-network --name db training/postgres Unable to find image 'training/postgres:latest' locally latest: Pulling from training/postgres a3ed95caeb02: Pull complete 6e71c809542e: Already exists 2978d9af87ba: Pull complete e1bca35b062f: Pull complete 500b6decf741: Pull complete 74b14ef2151f: Pull complete 7afd5ed3826e: Pull complete 3c69bb244f5e: Pull complete d86f9ec5aedf: Pull complete 010fabf20157: Pull complete Digest: sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907e Status: Downloaded newer image for training/postgres:latest 100a88a646afb40f22861dc3276b71235fe4d6dc8f501f59671f829bd4f2fb17
现在运行一个web 应用但不指定网络
zane@zane-V:~$ docker run -d --name web training/webapp python app.py
aca8e2cd333ab85b536b0eecee08bf5d8285f5f9f087217e6d0cbc2aa126271c
查看两个容器的IP
zane@zane-V:~$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web 172.17.0.4 zane@zane-V:~$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' db 172.18.0.2
这样两个容器因为在不同的网络中,所以是不通的。
zane@zane-V:~$ docker exec -it db bash root@100a88a646af:/# ping 172.17.0.4 PING 172.17.0.4 (172.17.0.4) 56(84) bytes of data. ^C --- 172.17.0.4 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2014ms
Dcoker允许将容器连接到多个网络中只要你高兴就好。
你甚至可以连接已经在运行中的容器到另一个网络。
连接运行中的web app 到my-bridge-network
zane@zane-V:~$ docker network connect my-bridge-network web zane@zane-V:~$ docker network inspect my-bridge-network [ { "Name": "my-bridge-network", "Id": "c741cdd168b05202bb223ffd48b91899a038e5f26d71d1593f66a94a0f2f741d", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "172.18.0.0/16", "Gateway": "172.18.0.1/16" } ] }, "Internal": false, "Containers": { "100a88a646afb40f22861dc3276b71235fe4d6dc8f501f59671f829bd4f2fb17": { "Name": "db", "EndpointID": "668cfaad3f14ef45f9fed15aff80f7099890d658ca893dfe2bc799cf0214988b", "MacAddress": "02:42:ac:12:00:02", "IPv4Address": "172.18.0.2/16", "IPv6Address": "" }, "aca8e2cd333ab85b536b0eecee08bf5d8285f5f9f087217e6d0cbc2aa126271c": { "Name": "web", "EndpointID": "3a30fa1c648aa0c6d5c55890bcfef04a4f7260cb0fdbcf11108a00f40fc461e0", "MacAddress": "02:42:ac:12:00:03", "IPv4Address": "172.18.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ]
查看db 容器和web是否相通,可以直接ping 容器名称哦。
$ docker exec -it db bash root@100a88a646af:/# ping web PING web (172.18.0.3) 56(84) bytes of data. 64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=1 ttl=64 time=0.039 ms 64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=2 ttl=64 time=0.037 ms 64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=3 ttl=64 time=0.032 ms 64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=4 ttl=64 time=0.093 ms 64 bytes from web.my-bridge-network (172.18.0.3): icmp_seq=5 ttl=64 time=0.041 ms
总结
- 两种网络驱动
- bridge(默认)
- 仅限于docker引擎的单个主机
- overlay
- 包括多台主机和更高的主题
- bridge(默认)
- 检测网络
- docker network inspect bridge
- 查看网络
- docker network ls
- 在bridge中增/删容器
- docker network disconnect bridge 容器名
- docker network connect bridge 容器名
- 创建新桥接网络
- docker network create -d bridge my-bridge-network
- 增加容器到新网络中
- docker run -d --net=my-bridge-network --name db training/postgres
- 相同网络中的容器可以互通