Docker 通过服务名直接ping通 --link、自定义网络(关键)、网络连通
Docker 容器间通过服务名直接ping通
目录
测试
$ docker exec -it tomcat02 ping tomcat01
ping: tomcat01: Name or service not known
-------------------------------------------
# 如何解决呢?
使用 --link
$ docker run -d -P --name tomcat03 --link tomcat02 tomcat
.baa309a3c4a6cfeb135caae7a1189a18f1671a74722db63ba2da109602586433
---------------------------------------------------------------------
$ docker exec -it tomcat03 ping tomcat02
PING tomcat02 (172.17.0.3) 56(84) bytes of data.
64 bytes from tomcat02 (172.17.0.3): icmp_seq=1 ttl=64 time=0.097 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=2 ttl=64 time=0.087 ms
64 bytes from tomcat02 (172.17.0.3): icmp_seq=3 ttl=64 time=0.087 ms
^C
--- tomcat02 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 28ms
rtt min/avg/max/mdev = 0.087/0.090/0.097/0.009 ms
---------------------------------------------------------------------
$ docker exec -it tomcat02 ping tomcat03
ping: tomcat03: Temporary failure in name resolution
发现使用--link就可以直接使用容器名ping通!容器顺序反之却ping不同
查看network相关信息
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
ea60398194ce bridge bridge local
85ad9f57c8bd host host local
22e54d43614b none null local
---------------------------------------------------------------------
$ docker network inspect ea60398194ce
[
{
"Name": "bridge",
"Id": "ea60398194ce0b55f6d244f364042e9c7ead486183c0dbbcc12c94191bf0a90b",
"Created": "2020-09-08T17:05:31.148215642+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default", # 默认的docker0
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16", # 最多配置255*255-2个
"Gateway": "172.17.0.1" # 配置的网关
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": { # 下面三个容器的相关配置:
"246fb3921ac148352d61a0216e3432b04285d87cd579298b51ac41ac157d1c50": {
"Name": "tomcat01",
"EndpointID": "7f7178e4c6493cdfcad1c944b851b8dc6720892a8e545c2a43fd47dc48d23b01",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"baa309a3c4a6cfeb135caae7a1189a18f1671a74722db63ba2da109602586433": {
"Name": "tomcat03",
"EndpointID": "98bf8739c964cbd0e8138dc13aa45248cc8b9bf490c28cb3af0fed517430c1a2",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"c4917215687a203472e900458c148909f63b93d026c9cfb5a90fc5adf5af4f84": {
"Name": "tomcat02",
"EndpointID": "b795a8848ba753a12135a752d93541d2869a59f91c4f4ca5b752b1954bf3760d",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
elfin@dell:~$
探究inspect
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
baa309a3c4a6 tomcat "catalina.sh run" 17 minutes ago Up 17 minutes 0.0.0.0:32771->8080/tcp tomcat03
c4917215687a tomcat "catalina.sh run" 2 hours ago Up 2 hours 0.0.0.0:32770->8080/tcp tomcat02
246fb3921ac1 tomcat "catalina.sh run" 3 hours ago Up 3 hours 0.0.0.0:32769->8080/tcp tomcat01
$ docker inspect c4917215687a
tomcat03里面本地配置了tomcat02的配置
$ docker exec -it tomcat03 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 tomcat02 c4917215687a
172.17.0.4 baa309a3c4a6
---------------------------------------------------------------------
$ docker exec -it tomcat02 cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.3 c4917215687a
现在已经不建议使用--link了
我们推荐使用自定义网络!
不使用docker0!
docker0问题:不支持容器名连接访问!
自定义网络
查看所有的docker网络
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
555e034b8248 bridge bridge local
85ad9f57c8bd host host local
22e54d43614b none null local
网络模式
| 名字 | 特征 |
|---|---|
| bridge | 桥接 docker搭桥 0.2、0.3之间要用0.1 (默认,自己创建也使用bridge模式) |
| none | 不配置网络 |
| host | 主机模式:和主机共享网络 |
| container | 容器网络连接!(用的少!有很大的局限) |
查看network
当前环境变更为windows环境
> docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
以下两个命令是等价的:
# 直接启动时 默认 --net bridge,这个使用的就是docker0网桥
> docker run -it -P --name elfin01 ubuntu:18.04
> docker run -it -P --name elfin01 --net bridge ubuntu:18.04
---------------------------------------------------------------
# docker0特点是默认域名不能访问,--link可以打通连接!
# 但是--link会有一些问题,建议自定义网络
查看如何创建网络及其参数
> docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by
Network driver (default map[])
--config-from string The network from which copying the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network's scope
--subnet strings Subnet in CIDR format that represents a
network segment
创建一个网络net-test
使用linux测试
$ docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 net-test
-------------------------------------------------------------------------------------
# --driver bridge 默认就是桥接,可以不写
# --subnet 192.168.0.0/16 子网的地址
# --gateway 192.168.0.1 网关,路由器地址
-------------------------------------------------------------------------------------
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
f15f3323f810 backend bridge local
af0551b97a07 bridge bridge local
21fbcd175d02 host host local
2c4fe12634cd layoutnet bridge local
9f1d4650cc11 net-test bridge local
daccfb2f7ebd none null local
-------------------------------------------------------------------------------------
$ docker network inspect net-test
[
{
"Name": "net-test",
"Id": "9f1d4650cc11549aee69d1b7521a9c51271865499b265f2295de37cc8622cfdb",
"Created": "2020-09-12T14:48:41.414502478+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
查看添加容器后的网络
# 启动两个容器并使用net-test网桥
$ docker run -it -P --name ubuntu01 --net net-test ubuntu:18.04
root@44afdcf9482d:/# elfin@dell:~$
$ docker run -it -P --name ubuntu02 --net net-test ubuntu:18.04
root@8ee354200bdf:/# elfin@dell:~$
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8ee354200bdf ubuntu:18.04 "/bin/bash" 13 seconds ago Up 11 seconds ubuntu02
44afdcf9482d ubuntu:18.04 "/bin/bash" 44 seconds ago Up 41 seconds ubuntu01
11fe3e37d9c3 pdflayout:1.0 "/bin/bash" 4 hours ago Up 2 hours 0.0.0.0:10010-10011->10010-10011/tcp layoutLM
4405afaa1d9a mysql:5.7 "docker-entrypoint.s…" 26 hours ago Up About an hour 33060/tcp, 0.0.0.0:13306->3306/tcp mysql57
----------------------------------------------------------------------------------
$ docker network inspect net-test
[
{
"Name": "net-test",
"Id": "9f1d4650cc11549aee69d1b7521a9c51271865499b265f2295de37cc8622cfdb",
"Created": "2020-09-12T14:48:41.414502478+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/16",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"44afdcf9482d82a228234054a1bd62edb1f68170289430850af077bea26993aa": {
"Name": "ubuntu01",
"EndpointID": "e946b840ec2084f9d46f67f9e22dfffa1bea2ec1011c841523f727f54dcf3e3d",
"MacAddress": "*************",
"IPv4Address": "192.168.0.2/16",
"IPv6Address": ""
},
"8ee354200bdf82ffd87992a307aa3d19a79b51c36cb5f37c7e21e02591adb43b": {
"Name": "ubuntu02",
"EndpointID": "7d21a12198596aa0b32df5032c82d1d6426140a81b50817fef524b2e86df3ef5",
"MacAddress": "************",
"IPv4Address": "192.168.0.3/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
----------------------------------------------------------------
# 可以发现容器中网络里的Containers字段有相应的显示。只要在这个网桥下的容器,他们之间可以相互访问!
自定义网络的优点
- 部署集群时,如mysql集群使用同一个网桥,使其能够相互访问;
- 不同集群、应用使用不同的网桥,做网络隔离;
- 有利于集群的健康安全,方便网络管理。
网络连通
清澈的爱,只为中国
