Docker6之Network containers
how to network your containers.
Launch a container on the default network
Docker includes support for networking containers through the use of network drivers.
drivers. By default, Docker provides two network drivers for you, the bridge
and the overlay
drivers.
You can also write a network driver plugin so that you can create your own drivers but that is an advanced task.
Every installation of the Docker Engine automatically includes three default networks. You can list them:
1 2 3 4 5 6 | $ docker network ls NETWORK ID NAME DRIVER 18a2866682b8 none null c288470c46f6 host host 7b369448dccb bridge bridge |
The network named bridge
is a special network. Unless you tell it otherwise, Docker always launches your containers in this network.
1 2 3 | $ docker run -itd --name=networktest ubuntu 74695c9cea6d9810718fddadc01a727a5dd3ce6a69d09752239736c030599741 |
Inspecting the network is an easy way to find out the container’s IP address.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 | $ docker network inspect bridge [ { "Name" : "bridge" , "Id" : "f7ab26d71dbd6f557852c7156ae0574bbf62c42f539b50c8ebde0f728a253b6f" , "Scope" : "local" , "Driver" : "bridge" , "EnableIPv6" : false , "IPAM" : { "Driver" : "default" , "Options" : null, "Config" : [ { "Subnet" : "172.17.0.1/16" , "Gateway" : "172.17.0.1" } ] }, "Internal" : false , "Containers" : { "3386a527aa08b37ea9232cbcace2d2458d49f44bb05a6b775fba7ddd40d8f92c" : { "Name" : "networktest" , "EndpointID" : "647c12443e91faf0fd508b6edfe59c30b642abb60dfab890b4bdccee38750bc1" , "MacAddress" : "02:42:ac:11:00:02" , "IPv4Address" : "172.17.0.2/16" , "IPv6Address" : "" } }, "Options" : { "com.docker.network.bridge.default_bridge" : "true" , "com.docker.network.bridge.enable_icc" : "true" , "com.docker.network.bridge.enable_ip_masquerade" : "true" , "com.docker.network.bridge.host_binding_ipv4" : "0.0.0.0" , "com.docker.network.bridge.name" : "docker0" , "com.docker.network.driver.mtu" : "9001" }, "Labels" : {} } ] |
You can remove a container from a network by disconnecting the container.
To do this, you supply both the network name and the container name.
You can also use the container ID.
In this example, though, the name is faster.
1 | $ docker network disconnect bridge networktest |
While you can disconnect a container from a network, you cannot remove the builtin bridge
network named bridge
.
Networks are natural ways to isolate containers from other containers or other networks.
So, as you get more experienced with Docker, you’ll want to create your own networks.
Create your own bridge network
Docker Engine natively supports both bridge networks and overlay networks.
A bridge network is limited to a single host running Docker Engine.
An overlay network can include multiple hosts and is a more advanced topic.
For this example, you’ll create a bridge network:
1 | $ docker network create -d bridge my_bridge |
The -d
flag tells Docker to use the bridge
driver for the new network.
You could have left this flag off as bridge
is the default value for this flag.
Go ahead and list the networks on your machine:
1 2 3 4 5 6 7 | $ docker network ls NETWORK ID NAME DRIVER 7b369448dccb bridge bridge 615d565d498c my_bridge bridge 18a2866682b8 none null c288470c46f6 host host |
If you inspect the network, you’ll find that it has nothing in it.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | $ docker network inspect my_bridge [ { "Name" : "my_bridge" , "Id" : "5a8afc6364bccb199540e133e63adb76a557906dd9ff82b94183fc48c40857ac" , "Scope" : "local" , "Driver" : "bridge" , "IPAM" : { "Driver" : "default" , "Config" : [ { "Subnet" : "10.0.0.0/24" , "Gateway" : "10.0.0.1" } ] }, "Containers" : {}, "Options" : {}, "Labels" : {} } ] |
Add containers to a network
To build web applications that act in concert but do so securely, create a network.
Networks, by definition, provide complete isolation for containers.
You can add containers to a network when you first run a container.
Launch a container running a PostgreSQL database and pass it the --net=my_bridge
flag to connect it to your new network:
1 | $ docker run -d --net=my_bridge --name db training /postgres |
If you inspect your my_bridge
you’ll see it has a container attached. You can also inspect your container to see where it is connected:
1 2 3 4 5 | $ docker inspect -- format = '{{json .NetworkSettings.Networks}}' db { "my_bridge" :{ "NetworkID" : "7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99" , "EndpointID" : "508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043" , "Gateway" : "10.0.0.1" , "IPAddress" : "10.0.0.254" , "IPPrefixLen" :24, "IPv6Gateway" : "" , "GlobalIPv6Address" : "" , "GlobalIPv6PrefixLen" :0, "MacAddress" : "02:42:ac:11:00:02" }} |
Now, go ahead and start your by now familiar web application. This time don’t specify a network.
1 | $ docker run -d --name web training /webapp python app.py |
Which network is your web
application running under?
Inspect the application and you’ll find it is running in the default bridge
network.
1 2 3 4 5 | $ docker inspect -- format = '{{json .NetworkSettings.Networks}}' web { "bridge" :{ "NetworkID" : "7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812" , "EndpointID" : "508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043" , "Gateway" : "172.17.0.1" , "IPAddress" : "10.0.0.2" , "IPPrefixLen" :24, "IPv6Gateway" : "" , "GlobalIPv6Address" : "" , "GlobalIPv6PrefixLen" :0, "MacAddress" : "02:42:ac:11:00:02" }} |
Then, get the IP address of your web
1 2 3 4 | $ docker inspect -- format = '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web 172.17.0.2 |
Now, open a shell to your running db
container:
1 2 3 4 5 6 7 8 | $ docker exec -it db bash root@a205f0dd33b2:/ # ping 172.17.0.2 ping 172.17.0.2 PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data. ^C --- 172.17.0.2 ping statistics --- 44 packets transmitted, 0 received, 100% packet loss, time 43185ms |
After a bit, use CTRL-C
to end the ping
and you’ll find the ping failed.
That is because the two containers are running on different networks.You can fix that.
Then, use the exit
command to close the container.
Docker networking allows you to attach a container to as many networks as you like. You can also attach an already running container.
Go ahead and attach your running web
app to the my_bridge
.
1 | $ docker network connect my_bridge web |
Open a shell into the db
application again and try the ping command. This time just use the container name web
rather than the IP address.
1 2 3 4 5 6 7 8 9 10 11 | $ docker exec -it db bash root@a205f0dd33b2:/ # ping web PING web (10.0.0.2) 56(84) bytes of data. 64 bytes from web (10.0.0.2): icmp_seq=1 ttl=64 time =0.095 ms 64 bytes from web (10.0.0.2): icmp_seq=2 ttl=64 time =0.060 ms 64 bytes from web (10.0.0.2): icmp_seq=3 ttl=64 time =0.066 ms ^C --- web ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min /avg/max/mdev = 0.060 /0 .073 /0 .095 /0 .018 ms |
The ping
shows it is contacting a different IP address, the address on the my_bridge
which is different from its address on the bridge
network.
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 没有源码,如何修改代码逻辑?
· 一个奇形怪状的面试题:Bean中的CHM要不要加volatile?
· [.NET]调用本地 Deepseek 模型
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· .NET Core 托管堆内存泄露/CPU异常的常见思路
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· DeepSeek R1 简明指南:架构、训练、本地部署及硬件要求
· 没有源码,如何修改代码逻辑?
· NetPad:一个.NET开源、跨平台的C#编辑器
· 面试官:你是如何进行SQL调优的?
2016-12-23 代码性能优化-----减少数据库读取次数
2016-12-23 代码性能优化-----前端页面异步实现