8. Docker 网络

1. 我们每启动一个docker容器，docker就会给docker容器分配一个ip，我们只要安装了docker，就会有一个网卡 docker01桥接模式，使用的技术是 evth-pair 技术
2. evth-pair 就是一对的虚拟设备接口，他们都是成对出现的，一段连着协议，一段彼此相连
3. evth-pair 充当一个桥梁，连接各种虚拟网络设备

8.1 容器互联 --link

这种方式已经不推荐使用

启动第一个tomcat

shell
[root@hecs-152658 tomcat]# docker run -d --name=tomcat01 tomcat
Unable to find image 'tomcat:latest' locally
latest: Pulling from library/tomcat
0ecb575e629c: Pull complete
7467d1831b69: Pull complete
feab2c490a3c: Pull complete
f15a0f46f8c3: Pull complete
26cb1dfcbebb: Pull complete
242c5446d23f: Pull complete
f22708c7c9c1: Pull complete
d8b7e17ca4bc: Pull complete
91588c31829d: Pull complete
d97abf351b5d: Pull complete
Digest: sha256:7f29cf0cb11a16bd3ff22c5716e655a7da872fb9b508b501588e30b2901ae446
Status: Downloaded newer image for tomcat:latest
ae5ac92a5e4521be8c61dba99276e53332088efdf5129f1f0125d14bc8d026a9

启动第二个tomcat

shell
[root@hecs-152658 tomcat]# docker run -d --name=tomcat02 tomcat
b75787d7ea29e5f71a63530efd8f5e320db621706919e273ebf2c4dab88daebf

使用 --link 启动第三个 tomcat

shell
[root@hecs-152658 tomcat]# docker run -d --name=tomcat03 --link tomcat01 tomcat
e5c74ea24959057b3478f2505610108b6c28a5a72011f24eafbb27dcfcdc4a81

测试不同 tomcat 之间的 ping 结果

shell
# tomcat02 不能连接 tomcat01
[root@hecs-152658 tomcat]# docker exec -it tomcat02 ping tomcat01
ping: tomcat01: Name or service not known
# tomcat03 能连接 tomcat01
[root@hecs-152658 tomcat]# docker exec -it tomcat03 ping tomcat01
PING tomcat01 (172.17.0.2) 56(84) bytes of data.
64 bytes from tomcat01 (172.17.0.2): icmp_seq=1 ttl=64 time=0.094 ms
64 bytes from tomcat01 (172.17.0.2): icmp_seq=2 ttl=64 time=0.060 ms
^C
--- tomcat01 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 50ms
rtt min/avg/max/mdev = 0.060/0.077/0.094/0.017 ms
# tomcat01 不能连接 tomcat03
[root@hecs-152658 tomcat]# docker exec -it tomcat01 ping tomcat03
ping: tomcat03: Name or service not known

实际上 link 就是在 hosts 上面加上配置

shell
[root@hecs-152658 tomcat]# docker exec -it tomcat03 /bin/bash
root@e5c74ea24959:/usr/local/tomcat# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2      tomcat01 ae5ac92a5e45
172.17.0.4      e5c74ea24959

# 这里发现 tomcat01 的配置，而且后面还有一串东西，感觉怎么那么像容器id呢，我们看下容器id，果然是
[root@hecs-152658 tomcat]# docker ps
CONTAINER ID   IMAGE                                                COMMAND                  CREATED         STATUS         PORTS                    NAMES
e5c74ea24959   tomcat                                               "catalina.sh run"        5 minutes ago   Up 5 minutes   8080/tcp                 tomcat03
b75787d7ea29   tomcat                                               "catalina.sh run"        6 minutes ago   Up 6 minutes   8080/tcp                 tomcat02
ae5ac92a5e45   tomcat                                               "catalina.sh run"        7 minutes ago   Up 7 minutes   8080/tcp                 tomcat01                               

查看容器的网络信息

shell
[root@hecs-152658 tomcat]# docker network ls
NETWORK ID     NAME             DRIVER    SCOPE
7a85f96a7ea8   bridge           bridge    local
26d86d8b9e10   host             host      local
f4a42edec984   none             null      local
[root@hecs-152658 tomcat]# docker network inspect 7a85f96a7ea8
[
    {
        "Name": "bridge",
        "Id": "7a85f96a7ea822d46d14c30a6110fe15ad9d69f9e3199a7e2fb50133fb6add25",
        "Created": "2021-07-28T18:58:07.014841442+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "ae5ac92a5e4521be8c61dba99276e53332088efdf5129f1f0125d14bc8d026a9": {
                "Name": "tomcat01",
                "EndpointID": "f72486595da8de1c9d4b4e9409b61fb2021089cf6aea5685cdf165989e9c9f65",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            },
            "b75787d7ea29e5f71a63530efd8f5e320db621706919e273ebf2c4dab88daebf": {
                "Name": "tomcat02",
                "EndpointID": "e3b476065b1d1b7785ff5df4c4cae9c8478351e42b2f3a14e77c20277ea23a4d",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            },
            "e5c74ea24959057b3478f2505610108b6c28a5a72011f24eafbb27dcfcdc4a81": {
                "Name": "tomcat03",
                "EndpointID": "9d26977b59b89765a7e4088975d408628ce2354c2b485705656109f1f92312c7",
                "MacAddress": "02:42:ac:11:00:04",
                "IPv4Address": "172.17.0.4/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

shell
# 容器元信息
[root@hecs-152658 tomcat]# docker inspect e5c74ea24959
...
        "HostConfig": {
        	...
            "Links": [
                "/tomcat01:/tomcat03/tomcat01"
            ],
            ...
]

8.2 容器互联 --自定义网络

网络模式

shell
# 查看所有docker网络
[root@hecs-152658 tomcat]# docker network ls
NETWORK ID     NAME             DRIVER    SCOPE
7a85f96a7ea8   bridge           bridge    local
26d86d8b9e10   host             host      local
f4a42edec984   none             null      local

• bridge : 桥接模式，一般使用这个模式
• none: 不配置网络
• host: 和宿主机共享网络
• container: 容器内网络连通，用得少，局限很大

自定义网络

shell
# --driver bridge指定网络模式为桥接模式
# --subnet 192.16.0.0/16 子网配置
# -gateway 192.168.0.1 网关配置
[root@hecs-152658 tomcat]# docker network create --driver bridge --subnet 192.168.0.0/16 --gateway 192.168.0.1 mynet
9b0808fdd1685938afd25e535ab407629df8c3681cebe3c2c043ef0ea47f9cf6
[root@hecs-152658 tomcat]# docker network ls
NETWORK ID     NAME             DRIVER    SCOPE
7a85f96a7ea8   bridge           bridge    local
26d86d8b9e10   host             host      local
9b0808fdd168   mynet            bridge    local
f4a42edec984   none             null      local
[root@hecs-152658 tomcat]# docker network inspect mynet
[
    {
        "Name": "mynet",
        "Id": "9b0808fdd1685938afd25e535ab407629df8c3681cebe3c2c043ef0ea47f9cf6",
        "Created": "2021-07-31T15:16:55.03070698+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "192.168.0.0/16",
                    "Gateway": "192.168.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

使用自定义网络启动容器

shell
# 启动两个 tomcat
[root@hecs-152658 tomcat]# docker run -d -P --name tomcat-net-01 --net mynet tomcat
7c7b87f517da3eb4121fa1ef8d9da644c915f7c934d1196a136026badd790cde
[root@hecs-152658 tomcat]# docker run -d -P --name tomcat-net-02 --net mynet tomcat
7d3627b319a01bad7dd0add67edb660bbe4500947d5fb89cbc935c639f90710c
# 查看配置
[root@hecs-152658 tomcat]# docker network inspect mynet                         [
    {	...
        "Containers": {
            "7c7b87f517da3eb4121fa1ef8d9da644c915f7c934d1196a136026badd790cde": {
                "Name": "tomcat-net-01",
                "EndpointID": "343aa7b9233461e38d198a8b2b0efdcb12066ff91ee1a291538e213e06439c4e",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            },
            "7d3627b319a01bad7dd0add67edb660bbe4500947d5fb89cbc935c639f90710c": {
                "Name": "tomcat-net-02",
                "EndpointID": "29b05a2463a13b7cc1fef0505e705ef5d01f75b460e6eabe12674d85776d06e8",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            }
        },
        ...
    }
]
# 直接网络连通
[root@hecs-152658 tomcat]# docker exec -it tomcat-net-01 ping tomcat-net-02
PING tomcat-net-02 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=1 ttl=64 time=0.076 ms
64 bytes from tomcat-net-02.mynet (192.168.0.3): icmp_seq=2 ttl=64 time=0.059 ms
^C
--- tomcat-net-02 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 65ms
rtt min/avg/max/mdev = 0.059/0.067/0.076/0.011 ms

docker run --net 网络名(默认参数为 bridge)

8.3 思考

docker run --net 存在默认参数 bridge，那为啥使用 bridge 网络的容器间不能相互 ping 容器名， 而自己建的网络却可以呢？

在 官方文档 原文中说：Containers on the default bridge network can only access each other by IP addresses, unless you use the --link , which is considered legacy. On a user-defined bridge network, containers can resolve each other by name or alias.

但是是怎么处理呢？留白

8.4 网络连通 connect

对于不同网络配置的容器，如果连通呢？

shell
# 启动一个默认网络的 tomcat
[root@hecs-152658 tomcat]# docker run -d -P --name tomcat01 tomcat
451d076d3f9c8b24be6ed8d3bff815827eef88a2aabeda23e95fdf8230ea7b33
# ping 不通
[root@hecs-152658 tomcat]# docker exec -it tomcat01 ping tomcat-net-01
ping: tomcat-net-01: Name or service not known
# 使用 connect 命令 连通
[root@hecs-152658 tomcat]# docker network connect mynet tomcat01
# 可以 ping 通了
[root@hecs-152658 tomcat]# docker exec -it tomcat01 ping tomcat-net-01
PING tomcat-net-01 (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat-net-01.mynet (192.168.0.2): icmp_seq=1 ttl=64 time=0.097 ms
^C
--- tomcat-net-01 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.097/0.097/0.097/0.000 ms

查看信息，可以看到 tomcat01 在网络 [bridge] 和 [mynet] 中同时存在

shell
# 其实就是一个容器两个 ip 地址
[root@hecs-152658 tomcat]# docker network inspect mynet
...
        "Containers": {
            "451d076d3f9c8b24be6ed8d3bff815827eef88a2aabeda23e95fdf8230ea7b33": {
                "Name": "tomcat01",
                "EndpointID": "3925ae23648ba3286efa4fbe843b275714779adf981d1f0a5f34e10655a3ad3e",
                "MacAddress": "02:42:c0:a8:00:04",
                "IPv4Address": "192.168.0.4/16",
                "IPv6Address": ""
            },
            "7c7b87f517da3eb4121fa1ef8d9da644c915f7c934d1196a136026badd790cde": {
                "Name": "tomcat-net-01",
                "EndpointID": "343aa7b9233461e38d198a8b2b0efdcb12066ff91ee1a291538e213e06439c4e",
                "MacAddress": "02:42:c0:a8:00:02",
                "IPv4Address": "192.168.0.2/16",
                "IPv6Address": ""
            },
            "7d3627b319a01bad7dd0add67edb660bbe4500947d5fb89cbc935c639f90710c": {
                "Name": "tomcat-net-02",
                "EndpointID": "29b05a2463a13b7cc1fef0505e705ef5d01f75b460e6eabe12674d85776d06e8",
                "MacAddress": "02:42:c0:a8:00:03",
                "IPv4Address": "192.168.0.3/16",
                "IPv6Address": ""
            }
        },
...

[root@hecs-152658 tomcat]# docker network inspect bridge
		...
        "Containers": {
            "451d076d3f9c8b24be6ed8d3bff815827eef88a2aabeda23e95fdf8230ea7b33": {
                "Name": "tomcat01",
                "EndpointID": "45c27921172f2ec14aaa5859aa467b7198bcf7909c181e6674a571f73de44844",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        ...

查看 tomcat01 网络配置，其实就是有两个网卡信息

shell
[root@hecs-152658 tomcat]# docker exec -it tomcat01 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
174: eth0@if175: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
       valid_lft forever preferred_lft forever
176: eth1@if177: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:c0:a8:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.0.4/16 brd 192.168.255.255 scope global eth1
       valid_lft forever preferred_lft forever