Docker网络
docker网络原理
1.linux环境使用ip addr查看网络
2.启动一个docker服务,然后查看容器的网络
3.此时查看linux网络
同时发现容器间和linux之间都可以相互ping通(说明容器间可以通过ip直接互联)
原理:我们每启动一个docker容器,docker都会给docker容器分配一个ip,只要我们安装了docker,就会有一个网卡docker0(docker0特点:是默认的,但是域名不能访问,使用--link可以打通连接),桥接模式,使用的技术是evth-pair技术(evth-pair 就是一对虚拟的设备接口,他们都是成对出现的,一端连着协议,一端彼此相连,正因为这个特性,evth-pair充当一个桥梁,连接各种虚拟网络设备。)
docker容器互联
启动tomcat1容器:docker run -d -P --name tomcat1 tomcat 启动tomcat2容器:docker run -d -P --name tomcat2 tomcat tomcat2 ping tomcat1:docker exec -it tomcat2 ping tomcat1 结论:ping不通,找不到该服务 启动tomcat1容器:docker run -d -P --name tomcat1 tomcat 启动tomcat2容器:docker run -d -P --name tomcat2 --link tomcat1 tomcat tomcat2 ping tomcat1:docker exec -it tomcat2 ping tomcat1 结论:ping通 但是使用tomcat1 ping tomcat2仍然ping不通
查看容器hosts发现
--link本质就是在hosts文件中增加了一个映射
docker自定义网络
查看所有的docker网络
网络模式:
bridge:桥接模式(默认docker启动容器时会有参数--net bridge)
none:不配置网络
host:和宿主机共享网络
container:容器网络连通(用的很少,局限很大)
自定义一个网络
C:\Users\wzj>docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet 33de0d356ebb6b099b630c00902436205d3afa702ac8e0bcab993be616d7d8a9 参数: --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 C:\Users\wzj>docker network ls NETWORK ID NAME DRIVER SCOPE d15df6050eb8 bridge bridge local b41c5bfa2a72 host host local 33de0d356ebb mynet bridge local 13fb56116fbd none null local
使用自己的网络创建容器
C:\Users\wzj>docker run -d -P --name tomcat1 --net mynet tomcat 56535903fbf8043e764bac919e82f79898ddaa2d68dea741317870106934bfac C:\Users\wzj>docker run -d -P --name tomcat2 --net mynet tomcat b3851940ef6189a0ac5e7abb48626c0fe9bb0cfda1c443671d52144522e11c92 C:\Users\wzj>docker network inspect mynet [ { "Name": "mynet", "Id": "33de0d356ebb6b099b630c00902436205d3afa702ac8e0bcab993be616d7d8a9", "Created": "2020-11-26T09:51:36.8522108Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "56535903fbf8043e764bac919e82f79898ddaa2d68dea741317870106934bfac": { "Name": "tomcat1", "EndpointID": "361bf66c78acb786596f07c06275ceb1332659e7bf5344d5235088e2d0af9323", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "b3851940ef6189a0ac5e7abb48626c0fe9bb0cfda1c443671d52144522e11c92": { "Name": "tomcat2", "EndpointID": "e80cf7b43ac193156965fc7ac027fa1488013bd9bcdbe1aef2cc84f24240f591", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] C:\Users\wzj>docker exec -it tomcat1 ping 192.168.0.3 PING 192.168.0.3 (192.168.0.3) 56(84) bytes of data. 64 bytes from 192.168.0.3: icmp_seq=1 ttl=64 time=0.078 ms 64 bytes from 192.168.0.3: icmp_seq=2 ttl=64 time=0.090 ms C:\Users\wzj>docker exec -it tomcat1 ping tomcat2 PING tomcat2 (192.168.0.3) 56(84) bytes of data. 64 bytes from tomcat2.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.153 ms 64 bytes from tomcat2.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.054 ms
发现使用我们自定义的docker网络不需要--link连通容器,就可以直接使用名字ping通
网络连通
使用docker自带的网络启动的容器ip是由docker0分配的,使用我们自定义网络启动的容器ip是由我们自定义的网络分配的,由于网段不同,所以这样启动的两个容器是没法连通的。
C:\Users\wzj>docker run -d -P --name tomcat1 tomcat c324a68f9db7bdd854f0fd0990af831f131694ab3b06fa7c9d75aadb47471e04 C:\Users\wzj>docker run -d -P --name tomcat_net_1 --net mynet tomcat 0a21a67740068c037345ec53c897917bb2a6d530f7df241f447e4f98f6cbd6e3 C:\Users\wzj>docker exec -it tomcat_net_1 ping tomcat1 ping: tomcat_net_1: No address associated with hostname 想要ping通的话需要做网络连通 C:\Users\wzj>docker network connect mynet tomcat1 连通后发现: C:\Users\wzj>docker network inspect mynet [ { "Name": "mynet", "Id": "33de0d356ebb6b099b630c00902436205d3afa702ac8e0bcab993be616d7d8a9", "Created": "2020-11-26T09:51:36.8522108Z", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "0a21a67740068c037345ec53c897917bb2a6d530f7df241f447e4f98f6cbd6e3": { "Name": "tomcat_net_1", "EndpointID": "f2856e77d60829df2ea5f59772ceea2c24693a22e6ab66791982e4d90eb818a6", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" }, "c324a68f9db7bdd854f0fd0990af831f131694ab3b06fa7c9d75aadb47471e04": { "Name": "tomcat1", "EndpointID": "2a04733947fa9a922eaf749c7f7bc83ea2e4c696d4804329c0d8b40e084b2cb9", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] C:\Users\wzj>docker exec -it tomcat_net_1 ping tomcat1 PING tomcat1 (192.168.0.3) 56(84) bytes of data. 64 bytes from tomcat1.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.081 ms 64 bytes from tomcat1.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.209 ms
结论:想要跨网络连通,需要使用docker network connect连通容器与网络
Fake it,till you make it
