Docker 官网教程实践自定义 bridge 网络

前言

这篇笔记是 docker 官网教程自定义 bridge 网络的实践。

用户自定义 bridge 网络是在生产环境中推荐到最佳方式，因此这篇教程要特别注意。

这个教程中，启动了2个 alpine 容器，将他们附着到用户自定义网络 alpine-net 。这些容器无法连接到默认到 bridge 网络。然后再启动第3个容器 alpine ，连接到默认 bridge 网络。第4个容器 alpine 连接到两个网络。

我正在学习Docker容器技术，相关笔记汇总在Docker容器技术学习笔记汇总

1 创建 alpine-net 网络

# docker network create --driver bridge alpine-net
694e28e19bbc5083491ee0d5c75b6fc8aef6c4274582be9f5a7c0184abb8f087

2 列出网络

# docker network ls
NETWORK ID          NAME                        DRIVER              SCOPE
694e28e19bbc        alpine-net                  bridge              local
02231307198a        bridge                      bridge              local
81b1d878dd80        host                        host                local
194a422ad895        none                        null                local

查看网络 alpine-net

# docker network inspect alpine-net
[{"Name": "alpine-net","Id": "694e28e19bbc5083491ee0d5c75b6fc8aef6c4274582be9f5a7c0184abb8f087","Created": "2020-02-08T20:14:17.312752369+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "192.168.80.0/20","Gateway": "192.168.80.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {},"Options": {},"Labels": {}}
]

网络 alpine-net 的网关是 192.168.80.1，与默认 bridge 网络不同。

3 创建 4 个容器

# docker run -dit --name alpine1 --network alpine-net alpine ash
8e0ab36ed621c23b0fb50256f4e67f3ee22eb114400e37a5c71bd22275b9668b
# docker run -dit --name alpine2 --network alpine-net alpine ash
347af28200e49c07a1b6845387ce9abf8d0dd34a21680145097d638b73b0f4c8
# docker run -dit --name alpine3 alpine ash
bf038a99bceec1d897cc60c7de0548e296ab308f9486691279172524e74aeb18
# docker run -dit --name alpine4 --network alpine-net alpine ash
4c192d113af8513acd39cacb36d668604cecfafe990801d5e37f17e500c322aa
# docker network connect bridge alpine4
#

# docker container ls
CONTAINER ID        IMAGE                              COMMAND                  CREATED             STATUS              PORTS                    NAMES
4c192d113af8        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine4
bf038a99bcee        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine3
347af28200e4        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine2
8e0ab36ed621        alpine                             "ash"                    2 minutes ago       Up 2 minutes                                 alpine1

4 再次查看网络 bridge 和 alpine-net

# docker network inspect bridge
[{"Name": "bridge","Id": "02231307198a766660ed883e7117e65d04dbc0a111b68ce6b65e9f50e4887674","Created": "2019-09-10T15:39:22.052117578+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"4c192d113af8513acd39cacb36d668604cecfafe990801d5e37f17e500c322aa": {"Name": "alpine4","EndpointID": "35e16d957e312067b77354a7d7febd95e3d168b66508a859db3c6c15743639cd","MacAddress": "02:42:ac:11:00:04","IPv4Address": "172.17.0.4/16","IPv6Address": ""},"bf038a99bceec1d897cc60c7de0548e296ab308f9486691279172524e74aeb18": {"Name": "alpine3","EndpointID": "d7749027672de5a6a265e7f9245446b2bdfd9df6474eb327e11a5ad7a2393328","MacAddress": "02:42:ac:11:00:03","IPv4Address": "172.17.0.3/16","IPv6Address": ""}},"Options": {"com.docker.network.bridge.default_bridge": "true","com.docker.network.bridge.enable_icc": "true","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.host_binding_ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}}
]

alpine3、alpine4 都连接到 bridge 网络。

# docker network inspect alpine-net
[{"Name": "alpine-net","Id": "694e28e19bbc5083491ee0d5c75b6fc8aef6c4274582be9f5a7c0184abb8f087","Created": "2020-02-08T20:14:17.312752369+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "192.168.80.0/20","Gateway": "192.168.80.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"347af28200e49c07a1b6845387ce9abf8d0dd34a21680145097d638b73b0f4c8": {"Name": "alpine2","EndpointID": "82dc832bd1f0d8406039c30964f8c5c31cc393cb0dd53c9758bf0c52f52da4ca","MacAddress": "02:42:c0:a8:50:03","IPv4Address": "192.168.80.3/20","IPv6Address": ""},"4c192d113af8513acd39cacb36d668604cecfafe990801d5e37f17e500c322aa": {"Name": "alpine4","EndpointID": "09fcc106f88b619d32204fa6399c9bfdbda34822de4035a9f5295f6db841c859","MacAddress": "02:42:c0:a8:50:04","IPv4Address": "192.168.80.4/20","IPv6Address": ""},"8e0ab36ed621c23b0fb50256f4e67f3ee22eb114400e37a5c71bd22275b9668b": {"Name": "alpine1","EndpointID": "1b8782cb01f48f19b34e8caf4fcc08a66e326fa60c6af8743b7e40434302b93b","MacAddress": "02:42:c0:a8:50:02","IPv4Address": "192.168.80.2/20","IPv6Address": ""}},"Options": {},"Labels": {}}
]

容器 alpine1、alpine2、alpine4 都连接到了 alpine-net 网络。

5 同网络内的容器可以通信

alpine1 可以和 alpine2、alpine4 通信，并且可以直接通过容器名来通信

在用户自定义网络中，容器不仅能通过IP地址通信，可以通过解析容器名来得到IP地址。这个能力称为 automatic service discovery 自动服务发现。

# docker attach alpine1
/ # ping -c 2 alpine2
PING alpine2 (192.168.80.3): 56 data bytes
64 bytes from 192.168.80.3: seq=0 ttl=64 time=0.113 ms
64 bytes from 192.168.80.3: seq=1 ttl=64 time=0.095 ms--- alpine2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.095/0.104/0.113 ms
/ # ping -c 2 alpine4
PING alpine4 (192.168.80.4): 56 data bytes
64 bytes from 192.168.80.4: seq=0 ttl=64 time=0.100 ms
64 bytes from 192.168.80.4: seq=1 ttl=64 time=0.089 ms--- alpine4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.089/0.094/0.100 ms
/ # ping -c 2 alpine1
PING alpine1 (192.168.80.2): 56 data bytes
64 bytes from 192.168.80.2: seq=0 ttl=64 time=0.029 ms
64 bytes from 192.168.80.2: seq=1 ttl=64 time=0.060 ms--- alpine1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.029/0.044/0.060 ms
/ #

6 不同网络的容器无法通信

alpine1 不能连接 alpine3，因为它不在 alpine-net 网络中。

不仅仅不能通过容器名来ping通，也不能通过ip来ping通。

/ # ping -c 2 alpine3ping: bad address 'alpine3'
/ # ping -c 2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes--- 172.17.0.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

Detach 容器 alpine1 ，使用快捷命令 CTRL + p、CTRL + q （按住 CTRL 输入 p 和 q）。

7 连接多个网络的容器可以和多个网络进行通信

alpine4 连接了默认到 bridge 和 alpine-net 网络，因此它能和其他容器通信。但对 alpine3 容器对通信需要采用它的 ip 地址，因为它在默认的 bridge 网络中。

# docker attach alpine4
/ # ping -c 2 alpine1
PING alpine1 (192.168.80.2): 56 data bytes
64 bytes from 192.168.80.2: seq=0 ttl=64 time=0.105 ms
64 bytes from 192.168.80.2: seq=1 ttl=64 time=0.097 ms--- alpine1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.097/0.101/0.105 ms
/ # ping -c 2 alpine2
PING alpine2 (192.168.80.3): 56 data bytes
64 bytes from 192.168.80.3: seq=0 ttl=64 time=0.104 ms
64 bytes from 192.168.80.3: seq=1 ttl=64 time=0.085 ms--- alpine2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.085/0.094/0.104 ms
/ # ping -c 2 alpine3
ping: bad address 'alpine3'
/ # ping -c 2 alpine4
PING alpine4 (192.168.80.4): 56 data bytes
64 bytes from 192.168.80.4: seq=0 ttl=64 time=0.039 ms
64 bytes from 192.168.80.4: seq=1 ttl=64 time=0.057 ms--- alpine4 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.039/0.048/0.057 ms
/ # ping -c 2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.112 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.089 ms--- 172.17.0.3 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.089/0.100/0.112 ms

8 所有基于 bridge 驱动的网络都能接通宿主机网络

最后测试下几个容器是否能联通网络。

/ # ping -c 2 baidu.com
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=248 time=35.715 ms
64 bytes from 220.181.38.148: seq=1 ttl=248 time=35.568 ms--- baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 35.568/35.641/35.715 ms
/ # read escape sequence
# docker attach alpine1
/ # ping -c 2 baidu.com
PING baidu.com (39.156.69.79): 56 data bytes
64 bytes from 39.156.69.79: seq=0 ttl=248 time=38.493 ms
64 bytes from 39.156.69.79: seq=1 ttl=248 time=38.408 ms--- baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 38.408/38.450/38.493 ms
/ # read escape sequence
# docker attach alpine3
/ # ping -c 2 baidu.com
PING baidu.com (220.181.38.148): 56 data bytes
64 bytes from 220.181.38.148: seq=0 ttl=248 time=37.688 ms
64 bytes from 220.181.38.148: seq=1 ttl=248 time=37.655 ms--- baidu.com ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 37.655/37.671/37.688 ms

9 停止并删除所有容器以及 alpine-net 网络

Stop and remove all containers and the alpine-net network.

# docker stop alpine1 alpine2 alpine3 alpine4

# docker rm alpine1 alpine2 alpine3 alpine4

# docker network rm alpine-net

小结

容器网络有如下规则：

同网络内的容器可以通信
不同网络的容器无法通信
连接多个网络的容器可以和多个网络进行通信

命令操作上：

命令	功能
docker network create NETWORK	创建网络
docker network rm NETWORK	删除网络
docker network ls	罗列网络
docker network inspect NETWORK	查看具体网络到详情
docker network connect NETWORK CONTAINER	将容器连接到网络
docker run --network NETWORK CONTAINER	运行容器并指定网络

END