一、网络端口映射
(1)使用 -P 参数创建一个python应用容器,容器内部端口随机映射到主机的高端口(flask的默认端口随机映射主机的32772端口):
[root@VM_0_8_centos ~]# docker run -d -P training/webapp python app.py d99251fc2b340b8d9006c64b7239baccc3ea760fb4e81ec2cc55e3b0698c3812 [root@VM_0_8_centos ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES d99251fc2b34 training/webapp "python app.py" About a minute ago Up About a minute 0.0.0.0:32772->5000/tcp suspicious_goodall
(2)使用 -p 参数创建一个python应用容器,容器内部端口绑定到指定的主机端口(绑定了主机端口5000):
[root@VM_0_8_centos ~]# docker run -d -p 5000:5000 training/webapp python app.py f94e5ff3c33ec5851f7b236d87f74fe3f4554161742c3d932e2b2aea636684c6 [root@VM_0_8_centos ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f94e5ff3c33e training/webapp "python app.py" 6 seconds ago Up 5 seconds 0.0.0.0:5000->5000/tcp funny_boyd d99251fc2b34 training/webapp "python app.py" 11 minutes ago Up 11 minutes 0.0.0.0:32772->5000/tcp suspicious_goodall
(3)指定容器绑定的网络地址(比如绑定 127.0.0.1):
[root@VM_0_8_centos ~]# docker run -d -p 127.0.0.1:5001:5000 training/webapp python app.py ce33ed77d163c7458a7ce2469e7d3de594e12e98aed74b2511b9fa63b5de2f7e [root@VM_0_8_centos ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ce33ed77d163 training/webapp "python app.py" 5 seconds ago Up 4 seconds 127.0.0.1:5001->5000/tcp compassionate_engelbart f94e5ff3c33e training/webapp "python app.py" 2 minutes ago Up 2 minutes 0.0.0.0:5000->5000/tcp funny_boyd d99251fc2b34 training/webapp "python app.py" 14 minutes ago Up 14 minutes 0.0.0.0:32772->5000/tcp suspicious_goodall
这样就可以通过访问 127.0.0.1:5001 来访问容器的 5000 端口。
(4)上面的例子中,默认都是绑定 tcp 端口,如果要绑定 UDP 端口,可以在端口后面加上 /udp:
[root@VM_0_8_centos ~]# docker run -d -p 127.0.0.1:5000:5000/udp training/webapp python app.py c9572d8ddaf7fd04d01ae6e550bcf8c53029c31c37a505470f44f1dae5216adc [root@VM_0_8_centos ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c9572d8ddaf7 training/webapp "python app.py" 7 seconds ago Up 6 seconds 5000/tcp, 127.0.0.1:5000->5000/udp serene_hoover ce33ed77d163 training/webapp "python app.py" 13 minutes ago Up 13 minutes 127.0.0.1:5001->5000/tcp compassionate_engelbart f94e5ff3c33e training/webapp "python app.py" 16 minutes ago Up 16 minutes 0.0.0.0:5000->5000/tcp funny_boyd d99251fc2b34 training/webapp "python app.py" 27 minutes ago Up 27 minutes 0.0.0.0:32772->5000/tcp suspicious_goodall
(5)docker port 命令可以让我们快捷地查看端口的绑定情况:
Hello world![root@VM_0_8_centos ~]# docker port ce33ed77d163 5000 127.0.0.1:5001
二、Docker 容器互联
端口映射并不是唯一将docker连接到另一容器的方法。
docker有一个连接系统允许将多个容器连接到一起,共享连接信息。
docker连接会创建一个父子关系,其中父容器可以看到子容器的信息。
(1)容器命名
当我们创建一个容器的时候,docker会自动给这个容器命名,当然我们也可以使用 --name 表示来给容器命名:
[root@VM_0_8_centos ~]# docker run -d -P --name webapp training/webapp python app.py 91fc9e72258f88178f28c41c4a7569c3ea98be4026c4accb631ced36db6952bf [root@VM_0_8_centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 91fc9e72258f training/webapp "python app.py" 8 seconds ago Up 7 seconds 0.0.0.0:32773->5000/tcp webapp
(2)新建网络
创建一个新的 Docker 网络:
[root@VM_0_8_centos ~]# docker network create -d bridge test-net
c5bc87f7b959f73134f6cef67b22281d0a8742f59679b8b25f02a07920451fcf
[root@VM_0_8_centos ~]# docker network ls NETWORK ID NAME DRIVER SCOPE e23b89fb4e31 bridge bridge local 41c12a9c2096 host host local c5bc87f7b959 test-net bridge local
-d参数:指定 Docker 网络类型,有 bridge、overlay。其中 overlay 网络类型用于 Swarm mode。
(3)连接容器
运行一个容器并连接到新建的 test-net 网络:
[root@VM_0_8_centos ~]# docker run -itd --name test1 --network test-net ubuntu /bin/bash
ad27f04c194268d765f61ff5e95fddf85c3c4146c5fd62731be9ef6ee67ae584
打开新的终端,再运行一个容器并加入到 test-net 网络:
[root@VM_0_8_centos ~]# docker run -itd --name test2 --network test-net ubuntu /bin/bash
8674175fb6bd060f3d201a6b74721ab75c78d5853f7db58365c3df42c87b5ab0
[root@VM_0_8_centos ~]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8674175fb6bd ubuntu "/bin/bash" 20 minutes ago Up 20 minutes test2 ad27f04c1942 ubuntu "/bin/bash" 20 minutes ago Up 20 minutes test1
分别进入容器并安装ping:
[root@VM_0_8_centos ~]# docker exec -it ad27f04c1942 /bin/bash root@ad27f04c1942:/# apt-get update
root@ad27f04c1942:/# apt install iputils-ping
[root@VM_0_8_centos ~]# docker exec -it test2 /bin/bash root@ad27f04c1942:/# apt-get update root@ad27f04c1942:/# apt install iputils-ping
分别ping对方:
root@ad27f04c1942:/# ping test2 PING test2 (172.18.0.3) 56(84) bytes of data. 64 bytes from test2.test-net (172.18.0.3): icmp_seq=1 ttl=64 time=0.056 ms 64 bytes from test2.test-net (172.18.0.3): icmp_seq=2 ttl=64 time=0.050 ms 64 bytes from test2.test-net (172.18.0.3): icmp_seq=3 ttl=64 time=0.055 ms 64 bytes from test2.test-net (172.18.0.3): icmp_seq=4 ttl=64 time=0.049 ms
root@8674175fb6bd:/# ping test1 PING test1 (172.18.0.2) 56(84) bytes of data. 64 bytes from test1.test-net (172.18.0.2): icmp_seq=1 ttl=64 time=0.036 ms 64 bytes from test1.test-net (172.18.0.2): icmp_seq=2 ttl=64 time=0.070 ms 64 bytes from test1.test-net (172.18.0.2): icmp_seq=3 ttl=64 time=0.051 ms 64 bytes from test1.test-net (172.18.0.2): icmp_seq=4 ttl=64 time=0.052 ms
这样,test1 容器和 test2 容器建立了互联关系。
当使用 exit命令提示There are stopped jobs.可以进行如下操作:
root@8674175fb6bd:/# ps -ef|grep ping root 316 17 0 05:49 pts/1 00:00:00 ping test1 root 318 17 0 05:49 pts/1 00:00:00 ping test2 root@8674175fb6bd:/# kill -9 316 root@8674175fb6bd:/# kill -9 318 root@8674175fb6bd:/# exit exit