75.[Docker]容器间的网络通信

来源：互联网发布：万网域名指向编辑：程序博客网时间：2024/06/06 03:50

网络驱动
创建自己的网络
向网络中添加容器

转载请注明原始出处：http://blog.csdn.net/a464057216/article/details/72550745

网络驱动

Docker为容器间通信提供了网络驱动，网络驱动默认有两种：bridge和overlay，也可以自己开发新的网络驱动。
基于网络驱动可以创建网络，Docker默认提供如下三个网络：

# Written by: CSDN - Mars Loo的博客$ docker network lsNETWORK ID          NAME                DRIVER          SCOPE8941f56a7834        bridge              bridge               locald3bbdc86cde1        host                  host                  local0f1dda0a58b9         none                null                   local

默认在名字为bridge的网络中启动容器，比如在后台运行ubuntu的镜像：

# Written by: CSDN - Mars Loo的博客$ docker run -itd --name=networktest ubuntuce73a7317ee3805fd55464ac8f34ee68a4d00fd5704676565e6a66f0a6acd75c

查询bridge网络的详细信息，在Containers中确实包含ubuntu容器信息：

# Written by: CSDN - Mars Loo的博客$ docker network inspect bridge[    {        "Name": "bridge",        "Id": "8941f56a78340f8be1188262b0aeff7495edcff6945e51c88e4cc189fe7bd7d5",        "Created": "2017-05-17T00:50:28.032012719-07:00",        "Scope": "local",        "Driver": "bridge",        "EnableIPv6": false,        "IPAM": {            "Driver": "default",            "Options": null,            "Config": [                {                    "Subnet": "172.17.0.0/16",                    "Gateway": "172.17.0.1"                }            ]        },        "Internal": false,        "Attachable": false,        "Containers": {            "ce73a7317ee3805fd55464ac8f34ee68a4d00fd5704676565e6a66f0a6acd75c": {                "Name": "networktest",                "EndpointID": "5afcfd095b757c303c895861d32d9b6877f666e569da8958da2d2aab74834087",                "MacAddress": "02:42:ac:11:00:02",                "IPv4Address": "172.17.0.2/16",                "IPv6Address": ""            }        },        "Options": {            "com.docker.network.bridge.default_bridge": "true",            "com.docker.network.bridge.enable_icc": "true",            "com.docker.network.bridge.enable_ip_masquerade": "true",            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",            "com.docker.network.bridge.name": "docker0",            "com.docker.network.driver.mtu": "1500"        },        "Labels": {}    }]

将ubuntu容器从bridge网络中摘掉（但是bridge网络是不可以删除的）：

# Written by: CSDN - Mars Loo的博客$ docker network disconnect bridge networktest

查询bridge网络：

# Written by: CSDN - Mars Loo的博客$ docker network inspect bridge[    {        "Name": "bridge",        "Id": "8941f56a78340f8be1188262b0aeff7495edcff6945e51c88e4cc189fe7bd7d5",        "Created": "2017-05-17T00:50:28.032012719-07:00",        "Scope": "local",        "Driver": "bridge",        "EnableIPv6": false,        "IPAM": {            "Driver": "default",            "Options": null,            "Config": [                {                    "Subnet": "172.17.0.0/16",                    "Gateway": "172.17.0.1"                }            ]        },        "Internal": false,        "Attachable": false,        "Containers": {},        "Options": {            "com.docker.network.bridge.default_bridge": "true",            "com.docker.network.bridge.enable_icc": "true",            "com.docker.network.bridge.enable_ip_masquerade": "true",            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",            "com.docker.network.bridge.name": "docker0",            "com.docker.network.driver.mtu": "1500"        },        "Labels": {}    }]

创建自己的网络

使用bridge网络驱动的网络限制在运行Docker的单个主机上，使用overlay网络驱动的网络可以包含多个主机。下面以创建bridge网络为例：

# Written by: CSDN - Mars Loo的博客$ docker network create -d bridge test_bridge6525133ccb8e20622d1c9cf0b4f5e4fd961d466ed52bf9f93ea452a260148229

-d参数表示test_bridge网络使用的网络驱动是bridge（默认的网络驱动就是bridge，所以其实这里也可以省略-d参数），通过docker network ls和docker network inspect <network_name>查看网络相关信息。

向网络中添加容器

网络是容器与容器隔离或容器与网络隔离最自然的方式，启动容器时，将容器加入一个单独的网络可以增强安全性：

# Written by: CSDN - Mars Loo的博客$ docker run -d --net=test_bridge --name db training/postgresUnable to find image 'training/postgres:latest' locallylatest: Pulling from training/postgresa3ed95caeb02: Pull complete 6e71c809542e: Pull complete 2978d9af87ba: Pull complete e1bca35b062f: Pull complete 500b6decf741: Pull complete 74b14ef2151f: Pull complete 7afd5ed3826e: Pull complete 3c69bb244f5e: Pull complete d86f9ec5aedf: Pull complete 010fabf20157: Pull complete Digest: sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907eStatus: Downloaded newer image for training/postgres:latestbbbb713708d3ac4349f0d262428f4a2c74831a6a0d8dd545e336c18002bc070b

通过如下命令可以查看容器的网络信息：

# Written by: CSDN - Mars Loo的博客$ docker inspect --format='{{json .NetworkSettings.Networks}}' db{"test_bridge":{"IPAMConfig":null,"Links":null,"Aliases":["bbbb713708d3"],"NetworkID":"6525133ccb8e20622d1c9cf0b4f5e4fd961d466ed52bf9f93ea452a260148229","EndpointID":"299c3a688b977bce6459f8c0636e055a470dbb43d39f1775ac536a85deb27e19","Gateway":"172.19.0.1","IPAddress":"172.19.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:13:00:02"}}

启动一个新容器web，运行在默认的bridge网络：docker run -d --name web training/webapp python app.py
查询web容器的IP地址：

# Written by: CSDN - Mars Loo的博客$ docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' web172.17.0.3

打开已运行容器db的shell，ping这个地址：

# Written by: CSDN - Mars Loo的博客$ docker exec -it db bashroot@bbbb713708d3:/# ping 172.17.0.13PING 172.17.0.13 (172.17.0.13) 56(84) bytes of data.^C--- 172.17.0.13 ping statistics ---11 packets transmitted, 0 received, 100% packet loss, time 10013ms

无法ping通，说明两个容器不在同一个子网。Docker允许一个容器关联多个网络，现在将web容器关联到db所在的test_bridge网络：

# Written by: CSDN - Mars Loo的博客$ docker network connect test_bridge web

再打开db的shell，ping容器web：

# Written by: CSDN - Mars Loo的博客$ docker exec -it db bashroot@bbbb713708d3:/# ping webPING web (172.19.0.3) 56(84) bytes of data.64 bytes from web.test_bridge (172.19.0.3): icmp_seq=1 ttl=64 time=0.499 ms64 bytes from web.test_bridge (172.19.0.3): icmp_seq=2 ttl=64 time=0.147 ms^C--- web ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 1002msrtt min/avg/max/mdev = 0.147/0.323/0.499/0.176 ms

注意ping命令中的目的地址直接使用web容器的容器名即可，从IP地址来看，web容器在test_bridge中确实获得了一个新的IP地址。细心的朋友会发现，在Docker的初级使用：容器这篇博客的Python代码中，连接Redis时host参数填写的是redis：
这里写图片描述

如果觉得我的文章对您有帮助，欢迎关注我(CSDN:Mars Loo的博客)或者为这篇文章点赞，谢谢！

阅读全文

1 0