发现是可以ping通的,尝试在tomcat01容器中ping tomcat-tml容器
[root@192 ~]# docker exec -it tomcat01 /bin/bash root@6cd417097796:/usr/local/tomcat# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 10: eth0@if11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0 valid_lft forever preferred_lft forever root@6cd417097796:/usr/local/tomcat# ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.093 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.053 ms 64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.110 ms 64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.040 ms 64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.054 ms
可以看到两个容器也是可以连接上的。Docker中的所有的网络接口都是虚拟的。只要容器删除,容器对应的网桥也会删除,我们也可以通过命令查看网络配置:
[root@192 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 173795075c5b bridge bridge local fcddcee8a2d1 host host local 9efbda880fae none null local [root@192 ~]# docker inspect 173795075c5b [ { "Name": "bridge", "Id": "173795075c5b9efa3a03d912c8216dbb0fe59cb14783481646f5b501d8024f0d", "Created": "2022-03-05T22:10:16.317130085+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "3e862598e6302f79877216ac6be78d06db434616c8c22f740657dee5510d500d": { "Name": "tomcat02", "EndpointID": "92675e0156d77199b47a38128947b926276a258b96c0bf5d51917422ae478c6e", "MacAddress": "02:42:ac:11:00:04", "IPv4Address": "172.17.0.4/16", "IPv6Address": "" }, "50b626fc91d2660232e9b299b09d65c232e33cb2ccfcbbc65307fbadf6eb91ef": { "Name": "tomcat-tml", "EndpointID": "2ed2445572e557a2b9a7b77d021bc04ce0b46f60a79b726a75eb57fbd9cf061d", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" }, "6cd417097796215ffdb1563bb71ba2c500b8e91adb4049880fc0d7f1b366def9": { "Name": "tomcat01", "EndpointID": "7e48291ddc3bb7e9f1a6ecdaf1a034db0c37df6d3fadfb0ce8336c974cb6e328", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@192 ~]#
Docker容器互联
在微服务部署的场景下,注册中心是使用服务名来唯一识别微服务的,而我们上线部署的时候微服务对应的IP地址可能会改动,所以我们需要使用容器名来配置容器间的网络连接。使用–link可以完成这个功能。首先不设置连接的情况下,是无法通过容器名来进行连接的:
[root@192 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6cd417097796 tomcat:8.0 "catalina.sh run" 16 minutes ago Up 16 minutes 0.0.0.0:49155->8080/tcp, :::49155->8080/tcp tomcat01 50b626fc91d2 tianmaolin/tml-mydockerfile-tomcat:1.0 "/bin/sh -c '/usr/lo…" 11 hours ago Up 11 hours 0.0.0.0:49154->8080/tcp, :::49154->8080/tcp tomcat-tml [root@192 ~]# docker exec -it tomcat01 ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.111 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.117 ms 64 bytes from 172.17.0.3: icmp_seq=3 ttl=64 time=0.049 ms 64 bytes from 172.17.0.3: icmp_seq=4 ttl=64 time=0.042 ms 64 bytes from 172.17.0.3: icmp_seq=5 ttl=64 time=0.060 ms [root@192 ~]# docker exec -it tomcat01 ping tomcat-tml ping: unknown host tomcat-tml
接下来我们再创建一个容器tomcat02来连接tomcat01:
[root@192 ~]# docker run -d -P --name tomcat02 --link tomcat01 tomcat:8.0 [root@192 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3e862598e630 tomcat:8.0 "catalina.sh run" 32 seconds ago Up 30 seconds 0.0.0.0:49156->8080/tcp, :::49156->8080/tcp tomcat02 6cd417097796 tomcat:8.0 "catalina.sh run" 19 minutes ago Up 19 minutes 0.0.0.0:49155->8080/tcp, :::49155->8080/tcp tomcat01 50b626fc91d2 tianmaolin/tml-mydockerfile-tomcat:1.0 "/bin/sh -c '/usr/lo…" 11 hours ago Up 11 hours 0.0.0.0:49154->8080/tcp, :::49154->8080/tcp tomcat-tml [root@192 ~]# docker exec -it tomcat02 ping tomcat01 PING tomcat01 (172.17.0.2) 56(84) bytes of data. 64 bytes from tomcat01 (172.17.0.2): icmp_seq=1 ttl=64 time=0.094 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=2 ttl=64 time=0.045 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=3 ttl=64 time=0.043 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=4 ttl=64 time=0.043 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=5 ttl=64 time=0.047 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=6 ttl=64 time=0.087 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=7 ttl=64 time=0.047 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=8 ttl=64 time=0.115 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=9 ttl=64 time=0.048 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=10 ttl=64 time=0.047 ms 64 bytes from tomcat01 (172.17.0.2): icmp_seq=11 ttl=64 time=0.043 ms
但是反过来容器tomcat01通过容器名tomcat01直接ping容器tomcat02是不行的:
[root@192 ~]# docker exec -it tomcat01 ping tomcat02 ping: unknown host tomcat02 [root@192 ~]#
这是因为--link的原理是在指定运行的容器上的/etc/hosts文件中添加容器名和ip地址的映射,如下:
[root@192 ~]# docker exec -it tomcat02 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 tomcat01 6cd417097796 172.17.0.4 3e862598e630 [root@192 ~]#
而tomcat01容器不能够通过容器名连接tomcat02是因为tomcat01容器中并没有添加容器名tomcat02和ip地址的映射.
[root@192 ~]# docker exec -it tomcat01 cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 6cd417097796 [root@192 ~]#
目前–link设置容器互连的方式已经不推荐使用。因为docker0不支持容器名访问,所以更多地选择自定义网络。
自定义网络
因为docker0,默认情况下不能通过容器名进行访问。需要通过–link进行设置连接。这样的操作比较麻烦,更推荐的方式是自定义网络,容器都使用该自定义网络,就可以实现通过容器名来互相访问了
1 docker network相关命令
查看network的相关命令
[root@192 ~]# docker network --help Usage: docker network COMMAND Manage networks Commands: connect Connect a container to a network create Create a network disconnect Disconnect a container from a network inspect Display detailed information on one or more networks ls List networks prune Remove all unused networks rm Remove one or more networks Run 'docker network COMMAND --help' for more information on a command. [root@192 ~]#
查看默认的网络bridge的详细信息:
[root@192 ~]# docker network inspect bridge [ { "Name": "bridge", "Id": "173795075c5b9efa3a03d912c8216dbb0fe59cb14783481646f5b501d8024f0d", "Created": "2022-03-05T22:10:16.317130085+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16", "Gateway": "172.17.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "3e862598e6302f79877216ac6be78d06db434616c8c22f740657dee5510d500d": { "Name": "tomcat02", "EndpointID": "92675e0156d77199b47a38128947b926276a258b96c0bf5d51917422ae478c6e", "MacAddress": "02:42:ac:11:00:04", "IPv4Address": "172.17.0.4/16", "IPv6Address": "" }, "50b626fc91d2660232e9b299b09d65c232e33cb2ccfcbbc65307fbadf6eb91ef": { "Name": "tomcat-tml", "EndpointID": "2ed2445572e557a2b9a7b77d021bc04ce0b46f60a79b726a75eb57fbd9cf061d", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" }, "6cd417097796215ffdb1563bb71ba2c500b8e91adb4049880fc0d7f1b366def9": { "Name": "tomcat01", "EndpointID": "7e48291ddc3bb7e9f1a6ecdaf1a034db0c37df6d3fadfb0ce8336c974cb6e328", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] [root@192 ~]#
查看 network create命令的相关参数:
[root@192 ~]# docker network create --help Usage: docker network create [OPTIONS] NETWORK Create a network Options: --attachable Enable manual container attachment --aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[]) --config-from string The network from which to copy the configuration --config-only Create a configuration only network -d, --driver string Driver to manage the Network (default "bridge") --gateway strings IPv4 or IPv6 Gateway for the master subnet --ingress Create swarm routing-mesh network --internal Restrict external access to the network --ip-range strings Allocate container ip from a sub-range --ipam-driver string IP Address Management Driver (default "default") --ipam-opt map Set IPAM driver specific options (default map[]) --ipv6 Enable IPv6 networking --label list Set metadata on a network -o, --opt map Set driver specific options (default map[]) --scope string Control the network's scope --subnet strings Subnet in CIDR format that represents a network segment [root@192 ~]#
2 自定义一个docker网络
下面自定义一个网络:
docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
其中:
--driver bridge #指定bridge驱动程序来管理网络 --subnet 192.168.0.0/16 #指定网段的CIDR格式的子网 --gateway 192.168.0.1 #指定主子网的IPv4或IPv6网关
创建后可以看到我们自己创建的网络连接模式:mynet
[root@192 ~]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet a2b305685ea4b50d95d9ae9cd6459b5e688ce5a375a263799359c90509cfc217 [root@192 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE 173795075c5b bridge bridge local fcddcee8a2d1 host host local a2b305685ea4 mynet bridge local 9efbda880fae none null local [root@192 ~]#
网络mynet创建成功后,查看网络信息:
[root@192 ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "a2b305685ea4b50d95d9ae9cd6459b5e688ce5a375a263799359c90509cfc217", "Created": "2022-03-06T11:00:16.666708624+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": {}, "Options": {}, "Labels": {} } ] [root@192 ~]#
下面启动两个容器,指定使用该自定义网络mynet,测试处于自定义网络下的容器,是否可以直接通过容器名进行网络访问。
[root@192 ~]# docker run -d -P --name tomcat-tml-net-01 --net mynet tomcat:8.0 b9e24d2619cbca9d6bec360201a2cf0eb5672e556412c8569f1b5a72579b7ea1 [root@192 ~]# docker run -d -P --name tomcat-tml-net-02 --net mynet tomcat:8.0 650925c833ed134325dd4ead9a30b5a35a87023db01b09fd882c410af5af1db1 [root@192 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 650925c833ed tomcat:8.0 "catalina.sh run" 4 seconds ago Up 2 seconds 0.0.0.0:49158->8080/tcp, :::49158->8080/tcp tomcat-tml-net-02 b9e24d2619cb tomcat:8.0 "catalina.sh run" 18 seconds ago Up 16 seconds 0.0.0.0:49157->8080/tcp, :::49157->8080/tcp tomcat-tml-net-01 3e862598e630 tomcat:8.0 "catalina.sh run" 14 minutes ago Up 14 minutes 0.0.0.0:49156->8080/tcp, :::49156->8080/tcp tomcat02 6cd417097796 tomcat:8.0 "catalina.sh run" 34 minutes ago Up 34 minutes 0.0.0.0:49155->8080/tcp, :::49155->8080/tcp tomcat01 50b626fc91d2 tianmaolin/tml-mydockerfile-tomcat:1.0 "/bin/sh -c '/usr/lo…" 12 hours ago Up 12 hours 0.0.0.0:49154->8080/tcp, :::49154->8080/tcp tomcat-tml [root@192 ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "a2b305685ea4b50d95d9ae9cd6459b5e688ce5a375a263799359c90509cfc217", "Created": "2022-03-06T11:00:16.666708624+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "650925c833ed134325dd4ead9a30b5a35a87023db01b09fd882c410af5af1db1": { "Name": "tomcat-tml-net-02", "EndpointID": "86507a190d149c320b9456f4588f6408823a79769e4b09579f951f2ed1e49be7", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" }, "b9e24d2619cbca9d6bec360201a2cf0eb5672e556412c8569f1b5a72579b7ea1": { "Name": "tomcat-tml-net-01", "EndpointID": "0ba3aa6d85ecafaf260cdc05823f0ab1644e63167654e285125b1107e2f94142", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] [root@192 ~]#
下面通过容器名来测试容器 tomcat-tml-net-01 和容器 tomcat-tml-net-02之间是否能正常网络通信。
[root@192 ~]# docker exec -it tomcat-tml-net-01 ping tomcat-tml-net-02 PING tomcat-tml-net-02 (192.168.0.3) 56(84) bytes of data. 64 bytes from tomcat-tml-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.049 ms 64 bytes from tomcat-tml-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.108 ms 64 bytes from tomcat-tml-net-02.mynet (192.168.0.3): icmp_seq=3 ttl=64 time=0.048 ms 64 bytes from tomcat-tml-net-02.mynet (192.168.0.3): icmp_seq=4 ttl=64 time=0.110 ms 64 bytes from tomcat-tml-net-02.mynet (192.168.0.3): icmp_seq=5 ttl=64 time=0.082 ms ^C --- tomcat-tml-net-02 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4000ms rtt min/avg/max/mdev = 0.048/0.079/0.110/0.028 ms [root@192 ~]# docker exec -it tomcat-tml-net-02 ping tomcat-tml-net-01 PING tomcat-tml-net-01 (192.168.0.2) 56(84) bytes of data. 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.031 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.106 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=3 ttl=64 time=0.065 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=4 ttl=64 time=0.043 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=5 ttl=64 time=0.044 ms ^C --- tomcat-tml-net-01 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4001ms rtt min/avg/max/mdev = 0.031/0.057/0.106/0.028 ms [root@192 ~]#
可以看到,两个容器通过网络互相可以ping通了,容器之间实现了互联,我们自定义的网络默认已经帮我们维护了容器间的网络通信问题,这是实现网络互联的推荐方式。
Docker网络互联
没有设置的情况下,不同网络间的容器是无法进行网络连接的,就像我们刚刚设置的容器,来自docker0的tomcat01是无法连接来自mynet的tomcat-tml-net-01
[root@192 ~]# docker exec -it tomcat01 ping tomcat-tml-net-01 ping: unknown host tomcat-tml-net-01 [root@192 ~]#
可以看到是无法网络连接的。不同Docker网络之间的容器需要连接的话需要把作为调用方的容器注册一个ip到被调用方所在的网络上。需要使用docker connect命令。下面设置容器tomcat01连接到mynet网络上。并查看mynet的网络详情,可以看到给容器tomcat01分配了一个ip地址。docker network connect mynet tomcat01 查看:
[root@192 ~]# docker network connect mynet tomcat01 [root@192 ~]# docker exec -it tomcat01 ping tomcat-tml-net-01 PING tomcat-tml-net-01 (192.168.0.2) 56(84) bytes of data. 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.070 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=2 ttl=64 time=0.046 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=3 ttl=64 time=0.051 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=4 ttl=64 time=0.109 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=5 ttl=64 time=0.107 ms 64 bytes from tomcat-tml-net-01.mynet (192.168.0.2): icmp_seq=6 ttl=64 time=0.041 ms --- tomcat-tml-net-01 ping statistics --- 6 packets transmitted, 6 received, 0% packet loss, time 5001ms rtt min/avg/max/mdev = 0.041/0.070/0.109/0.029 ms
同时我们再看一下mynet,发现tomcat01也在mynet上分配了一个地址:
[root@192 ~]# docker network inspect mynet [ { "Name": "mynet", "Id": "a2b305685ea4b50d95d9ae9cd6459b5e688ce5a375a263799359c90509cfc217", "Created": "2022-03-06T11:00:16.666708624+08:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": {}, "Config": [ { "Subnet": "192.168.0.0/16", "Gateway": "192.168.0.1" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "650925c833ed134325dd4ead9a30b5a35a87023db01b09fd882c410af5af1db1": { "Name": "tomcat-tml-net-02", "EndpointID": "86507a190d149c320b9456f4588f6408823a79769e4b09579f951f2ed1e49be7", "MacAddress": "02:42:c0:a8:00:03", "IPv4Address": "192.168.0.3/16", "IPv6Address": "" }, "6cd417097796215ffdb1563bb71ba2c500b8e91adb4049880fc0d7f1b366def9": { "Name": "tomcat01", "EndpointID": "9c52ddbfadbca93cb404772ee9e3139c28cd067836a0a9f7fe5786fe98b1b568", "MacAddress": "02:42:c0:a8:00:04", "IPv4Address": "192.168.0.4/16", "IPv6Address": "" }, "b9e24d2619cbca9d6bec360201a2cf0eb5672e556412c8569f1b5a72579b7ea1": { "Name": "tomcat-tml-net-01", "EndpointID": "0ba3aa6d85ecafaf260cdc05823f0ab1644e63167654e285125b1107e2f94142", "MacAddress": "02:42:c0:a8:00:02", "IPv4Address": "192.168.0.2/16", "IPv6Address": "" } }, "Options": {}, "Labels": {} } ] [root@192 ~]#
