实践¶
案例1-默认网络¶
运行以下两个命令以启动两个Ubuntu容器,每个容器都连接到默认bridge网络:
$ docker run -itd --name container1 ubuntu
ea30f1c9d86621b54e38b0c890c717b1a56391f0545560b883322edd398c7d98
$ docker run -itd --name container2 ubuntu
ecc3bdf69155dd76955ea2ef7573789ab293ecab61488e5d9c81e589d4395d2b
bridge启动两个容器后再次检查网络。确保两个Ubuntu容器都连接到网络:
$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "4784e1934901e6ec7b3575d824904e9022980563aa547059e2e842016e05cf4b",
"Created": "2019-02-15T17:33:24.059683063+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"ea30f1c9d86621b54e38b0c890c717b1a56391f0545560b883322edd398c7d98": {
"Name": "container1",
"EndpointID": "eb8055f5187b1dfa8c17049ca55c53d28c52de6c95ff42d0d23892f0151151f4",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"ecc3bdf69155dd76955ea2ef7573789ab293ecab61488e5d9c81e589d4395d2b": {
"Name": "container2",
"EndpointID": "e0fc810bf1fded3c80a7d89c84bc41a0f83b742f280cab7111002fd266c6ec7c",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
}
}
]
案例2-自己的桥接网络¶
创建自己的桥接网络¶
$ docker network create -d bridge tinywan_bridge
// Docker Engine本身支持桥接网络和覆盖网络。
// 桥接网络仅限于运行Docker Engine的单个主机
// 覆盖网络可以包含多个主机,是一个更高级的主题
// 在本例中,您将创建一个桥接网络
$ docker network ls // 查看
NETWORK ID NAME DRIVER SCOPE
4784e1934901 bridge bridge local
e8e19c0711e1 host host local
1e8bc1e399a7 none null local
9fd23f7f3998 tinywan_bridge bridge local <-- 新增
指定网络启动容器db¶
$ docker run -d --net=tinywan_bridge --name db redis:5.0-alpine
// 利用`--network`或者`--net`启动容器提供服务
// 或者使用全名:
$ docker run -d --network=tinywan_bridge --network-alias db redis:5.0-alpine
通过选项--network-alias将取名的db起了一个别名
$ docker inspect --format='{{json .NetworkSettings.Networks}}' db
{
"tinywan_bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"11379ad91a62"
],
"NetworkID": "9fd23f7f3998962d6b378f4cbab8cc9f8a2e7aa64bb3502dd1c0b3a5c1d0c7b0",
"EndpointID": "9c530e400049590b4ba63b75de96c0039b4ee52dbf36fad51df84a24fc028e3e",
"Gateway": "192.168.192.1",
"IPAddress": "192.168.192.2",
"IPPrefixLen": 20,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:c0:a8:c0:02",
"DriverOpts": null
}
}
方法1:手工附加网络连接db容器¶
使用默认网络启动容器web:
$ docker run -d --name web nginx
// 默认bridge网络中运行
$ docker inspect --format='{{json .NetworkSettings.Networks}}' web
{
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "4784e1934901e6ec7b3575d824904e9022980563aa547059e2e842016e05cf4b",
"EndpointID": "4f6372bc7152f73b6ddc13296ce365a024ada4074d19b2aaac8066b1a6f8ca92",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
//获取您的IP地址web容器的
$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web
172.17.0.2
在web容器ping db容器:
$ docker exec -it web bash
root@b6b8928824f8:/# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 2521 bytes 8728256 (8.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2460 bytes 175592 (171.4 KiB)
// ping失败。这是因为两个容器在不同的网络上运行
root@b6b8928824f8:/# ping 192.168.192.2
PING 192.168.192.2 (192.168.192.2) 56(84) bytes of data.
^C
--- 192.168.192.2 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6046ms
将容器附加到指定网络:
$ docker network connect tinywan_bridge web
$ docker inspect --format='{{range .NetworkSettings.Networks}} {{.IPAddress}}{{end}}' web
172.17.0.2 192.168.192.3
断开容器与docker0的连接:
$ docker network disconnect bridge web
// 我们的容器仍然连接着默认bridge docker0 ,而现在我们已经不需要它
再次在web容器ping db容器:
root@b6b8928824f8:/# ping db
// 成功ping通
注: 只使用容器名称db而不是IP地址
PING db (192.168.192.2) 56(84) bytes of data.
64 bytes from db.tinywan_bridge (192.168.192.2): icmp_seq=1 ttl=64 time=0.079 ms
方法2:启动容器指定网络连接db容器¶
启动容器:
$ docker run -d --network=tinywan_bridge --network-alias web --name web nginx
ping db容器:
root@b6b8928824f8:/# ping db
// 成功ping通
注: 只使用容器名称db而不是IP地址
PING db (192.168.192.2) 56(84) bytes of data.
64 bytes from db.tinywan_bridge (192.168.192.2): icmp_seq=1 ttl=64 time=0.079 ms
自定义网络&指定IP¶
[错误]使用默认的网络是不支持指派固定IP的:
~ docker run -itd --net bridge --ip 172.17.0.10 centos:latest/bin/bash
6eb1f228cf308d1c60db30093c126acbfd0cb21d76cb448c678bab0f1a7c0df6
docker: Error response from daemon: User specified IP address is supported on user defined networks only.
步骤1: 创建自定义网络:
➜ ~ docker network create --subnet=172.18.0.0/16 mynetwork
➜ ~ docker network ls
NETWORK ID NAME DRIVER SCOPE
9781b1f585ae bridge bridge local
1252da701e55 host host local
4f11ae9c85de mynetwork bridge local
237ea3d5cfbf none null local
步骤2: 创建Docker容器:
~ docker run -itd --name networkTest1 --net mynetwork --ip 172.18.0.2 centos:latest bash
[root@ec8e31938fe7 /]# ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:12:00:02
inet addr:172.18.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe12:2/64Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:88 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4056 (3.9 KiB) TX bytes:1068 (1.0 KiB)