13.Docker网络：容器互联之自定义网络

我就是我 2022-12-03 01:36 206阅读 0赞

【目录导览】  
[1.Docker入门：什么是Docker？如何安装Docker？][1.Docker_Docker_Docker]  
[2.Docker入门：Docker命令][2.Docker_Docker]  
[3.Docker实战：Docker部署Nginx][3.Docker_Docker_Nginx]  
[4.Docker实战：Docker部署Tomcat][4.Docker_Docker_Tomcat]  
[5.Docker实战：Docker部署MySQL][5.Docker_Docker_MySQL]  
[6.Docker镜像：什么是Docker镜像？Docker镜像加载原理？][6.Docker_Docker_Docker]  
[7.Docker容器：什么是Docker容器？][7.Docker_Docker]  
[8.Docker数据卷：数据交互、数据卷、数据卷容器][8.Docker]  
[9.Docker镜像制作：Commit和DockerFile][9.Docker_Commit_DockerFile]  
[10.Docker入门学习回顾小结][10.Docker]  
[11.Docker网络：基础原理&示例][11.Docker]  
[12.Docker网络：容器互联之–link][12.Docker_link]  
[13.Docker网络：容器互联之自定义网络][13.Docker]  
[14.Docker网络：容器互联之不同网络间的容器互联][14.Docker]

# 1.如何创建自定义网络 #

#### step.1 查看当前环境中的网卡信息 ####

# 查看当前环境中的网卡信息
    docker network ls
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    c5440000e49f        bridge              bridge              local
    c115f00b8471        host                host                local
    4fdfe488370c        none                null                local

`其中bridge代表的网卡就是docker0`

#### step.2 创建自定义网络 ####

# 建议先清空一下当前Docker环境中的容器，确保在一个干净的网络环境下测试自定义网络
    docker rm -f $(docker ps -aq)
    
    # 可以先查看一下docker网络相关命令
    docker network --help
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network --help
    
    Usage:	docker network COMMAND
    
    Manage networks
    
    Commands:
      connect     Connect a container to a network
      create      Create a network
      disconnect  Disconnect a container from a network
      inspect     Display detailed information on one or more networks
      ls          List networks
      prune       Remove all unused networks
      rm          Remove one or more networks
    
    Run 'docker network COMMAND --help' for more information on a command.
    
    # 再看一下create的操作详情
    docker network create --help
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network create --help
    
    Usage:	docker network create [OPTIONS] NETWORK
    
    Create a network
    
    Options:
          --attachable           Enable manual container attachment
          --aux-address map      Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
          --config-from string   The network from which copying the configuration
          --config-only          Create a configuration only network
      -d, --driver string        Driver to manage the Network (default "bridge")
          --gateway strings      IPv4 or IPv6 Gateway for the master subnet
          --ingress              Create swarm routing-mesh network
          --internal             Restrict external access to the network
          --ip-range strings     Allocate container ip from a sub-range
          --ipam-driver string   IP Address Management Driver (default "default")
          --ipam-opt map         Set IPAM driver specific options (default map[])
          --ipv6                 Enable IPv6 networking
          --label list           Set metadata on a network
      -o, --opt map              Set driver specific options (default map[])
          --scope string         Control the network’s scope
          --subnet strings       Subnet in CIDR format that represents a network segment
    
    # 创建自定义网络
    docker network create --driver bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1  my_net
    # 参数解释： 
    # --driver bridge 网络模式设置为桥接模式 
    # --subnet 192.168.0.0/24 子网划分
    # --gateway 192.168.0.1 设置网关
    # my_net 设置自定义网络的名字
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network create --driver bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 my_net
    d3f68c147eccd5cfd1b82de45258cd16b6fea5b7ec964903c770ce5abb3b7448
    
    # 查看当前环境的网卡信息
    docker network ls
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network ls
    NETWORK ID          NAME                DRIVER              SCOPE
    c5440000e49f        bridge              bridge              local
    c115f00b8471        host                host                local
    d3f68c147ecc        my_net              bridge              local
    4fdfe488370c        none                null                local

`可以看到，多了一个my_net网卡信息。`

#### step.3 使用自定义网络 ####

# 先查看自定义网络详细信息
    docker network inspect my_net
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network inspect my_net
    [
        { 
            "Name": "my_net",
            "Id": "d3f68c147eccd5cfd1b82de45258cd16b6fea5b7ec964903c770ce5abb3b7448",
            "Created": "2020-08-31T18:13:33.323655501+08:00",
            "Scope": "local",
            "Driver": "bridge",
            "EnableIPv6": false,
            "IPAM": { 
                "Driver": "default",
                "Options": { },
                "Config": [
                    { 
                        "Subnet": "192.168.0.0/24",
                        "Gateway": "192.168.0.1"
                    }
                ]
            },
            "Internal": false,
            "Attachable": false,
            "Ingress": false,
            "ConfigFrom": { 
                "Network": ""
            },
            "ConfigOnly": false,
            "Containers": { },
            "Options": { },
            "Labels": { }
        }
    ]
    
    # 启动两个tomcat容器，并使用--net指定使用my_net网络
    docker run -d -P --name tomcat-1 --net my_net tomcat
    docker run -d -P --name tomcat-2 --net my_net tomcat
    
    # 测试两个容器的网络联通性
    # tomcat-1 ping一下tomcat-2
    docker exec -it tomcat-1 ping tomcat-2
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-1 ping tomcat-2
    PING tomcat-2 (192.168.0.3) 56(84) bytes of data.
    64 bytes from tomcat-2.my_net (192.168.0.3): icmp_seq=1 ttl=64 time=0.061 ms
    64 bytes from tomcat-2.my_net (192.168.0.3): icmp_seq=2 ttl=64 time=0.059 ms
    
    # tomcat-2 ping一下tomcat-1
    docker exec -it tomcat-2 ping tomcat-1
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-2 ping tomcat-1
    PING tomcat-1 (192.168.0.2) 56(84) bytes of data.
    64 bytes from tomcat-1.my_net (192.168.0.2): icmp_seq=1 ttl=64 time=0.044 ms
    64 bytes from tomcat-1.my_net (192.168.0.2): icmp_seq=2 ttl=64 time=0.064 ms

`可以看到tomcat-1容器与tomcat-2容器之间是可以网络互通的`

#### step.4 验证自定义网络是否支持ip变更后，仍能通过容器名通信 ####

# 查看tomcat-2的网络信息
    docker exec -it tomcat-2 ip addr
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-2 ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
        link/ether 02:42:c0:a8:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
        inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0
           valid_lft forever preferred_lft forever
    # 可以看到tomcat-2容器的ip自动分配的是192.168.0.2
    
    # 查看容器信息
    docker ps
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
    dbeccb2f7468        tomcat              "catalina.sh run"   20 minutes ago      Up 20 minutes       0.0.0.0:32772->8080/tcp   tomcat-2
    38a4932d7692        tomcat              "catalina.sh run"   20 minutes ago      Up 20 minutes       0.0.0.0:32771->8080/tcp   tomcat-1
    
    # 清除tomcat-2容器
    docker rm -f dbeccb2f7468
    
    # 查看容器信息
    docker ps
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
    38a4932d7692        tomcat              "catalina.sh run"   21 minutes ago      Up 21 minutes       0.0.0.0:32771->8080/tcp   tomcat-1
    
    # 启动一个tomcat-3容器
    docker run -d -P --name tomcat-3 --net my_net tomcat
    
    # 查看容器信息
    docker ps
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
    28aabfacad76        tomcat              "catalina.sh run"   11 seconds ago      Up 10 seconds       0.0.0.0:32773->8080/tcp   tomcat-3
    38a4932d7692        tomcat              "catalina.sh run"   22 minutes ago      Up 22 minutes       0.0.0.0:32771->8080/tcp   tomcat-1
    
    # 查看tomcat-3容器的网络信息
    docker exec -it tomcat-3 ip addr
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-3 ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
        link/ether 02:42:c0:a8:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
        inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0
           valid_lft forever preferred_lft forever
    
    # 再重新启动tomcat-2容器
    docker run -d -P --name tomcat-2 --net my_net tomcat
    
    # 查看容器信息
    docker ps
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
    CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS                     NAMES
    e6538d8bb4a0        tomcat              "catalina.sh run"   3 seconds ago       Up 2 seconds        0.0.0.0:32774->8080/tcp   tomcat-2
    28aabfacad76        tomcat              "catalina.sh run"   3 minutes ago       Up 3 minutes        0.0.0.0:32773->8080/tcp   tomcat-3
    38a4932d7692        tomcat              "catalina.sh run"   25 minutes ago      Up 25 minutes       0.0.0.0:32771->8080/tcp   tomcat-1
    
    # 查看tomcat-2容器的网络信息
    docker exec -it tomcat-2 ip addr
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-2 ip addr
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
           valid_lft forever preferred_lft forever
    17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
        link/ether 02:42:c0:a8:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
        inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0
           valid_lft forever preferred_lft forever
    # 可以看到tomcat-2容器的ip已经变成192.168.0.4了
    
    # 此时再用tomcat-1 ping一下tomcat-2
    docker exec -it tomcat-1 ping tomcat-2
    
    # 内容如下：
    [root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-1 ping tomcat-2
    PING tomcat-2 (192.168.0.4) 56(84) bytes of data.
    64 bytes from tomcat-2.my_net (192.168.0.4): icmp_seq=1 ttl=64 time=0.067 ms
    64 bytes from tomcat-2.my_net (192.168.0.4): icmp_seq=2 ttl=64 time=0.060 ms

`至此，可以验证，自定义网络是支持ip变化后，仍然可以通过容器名进行网络互通的。`

# 2.自定义网络与–link的区别 #

<table> 
 <thead> 
  <tr> 
   <th>区别点</th> 
   <th>自定义网络</th> 
   <th>–link</th> 
  </tr> 
 </thead> 
 <tbody> 
  <tr> 
   <td>容器间通信方式</td> 
   <td>容器名、ip</td> 
   <td>容器名、ip</td> 
  </tr> 
  <tr> 
   <td>通信方向</td> 
   <td>双向</td> 
   <td>单向</td> 
  </tr> 
  <tr> 
   <td>是否支持ip动态变化</td> 
   <td>支持</td> 
   <td>不支持</td> 
  </tr> 
  <tr> 
   <td>是否具备网络隔离性</td> 
   <td>具备</td> 
   <td>不具备</td> 
  </tr> 
 </tbody> 
</table>

# 3.自定义网络适用场景 #

*  自定义网络可以理解为构建了一个局域网，适用于一个集群
 *  不同的集群使用不同的（自定义）网络，保证集群的网络隔离性，更安全

eg: redis集群和mysql集群可以使用各自的自定义网络，互不干扰。

[1.Docker_Docker_Docker]: https://blog.csdn.net/w_y_x_y/article/details/107797739
[2.Docker_Docker]: https://blog.csdn.net/w_y_x_y/article/details/107797817
[3.Docker_Docker_Nginx]: https://blog.csdn.net/w_y_x_y/article/details/107797843
[4.Docker_Docker_Tomcat]: https://blog.csdn.net/w_y_x_y/article/details/107797859
[5.Docker_Docker_MySQL]: https://blog.csdn.net/w_y_x_y/article/details/108207365
[6.Docker_Docker_Docker]: https://blog.csdn.net/w_y_x_y/article/details/108207391
[7.Docker_Docker]: https://blog.csdn.net/w_y_x_y/article/details/108207413
[8.Docker]: https://blog.csdn.net/w_y_x_y/article/details/108207478
[9.Docker_Commit_DockerFile]: https://blog.csdn.net/w_y_x_y/article/details/108207516
[10.Docker]: https://blog.csdn.net/w_y_x_y/article/details/108207603
[11.Docker]: https://blog.csdn.net/w_y_x_y/article/details/108336126
[12.Docker_link]: https://blog.csdn.net/w_y_x_y/article/details/108336157
[13.Docker]: https://blog.csdn.net/w_y_x_y/article/details/108336332
[14.Docker]: https://blog.csdn.net/w_y_x_y/article/details/108336396