1.如何创建自定义网络
step.1 查看当前环境中的网卡信息
# 查看当前环境中的网卡信息
docker network ls
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network ls
NETWORK ID NAME DRIVER SCOPE
c5440000e49f bridge bridge local
c115f00b8471 host host local
4fdfe488370c none null local其中bridge代表的网卡就是docker0
step.2 创建自定义网络
# 建议先清空一下当前Docker环境中的容器,确保在一个干净的网络环境下测试自定义网络
docker rm -f $(docker ps -aq)
# 可以先查看一下docker网络相关命令
docker network --help
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network --help
Usage: docker network COMMAND
Manage networks
Commands:
connect Connect a container to a network
create Create a network
disconnect Disconnect a container from a network
inspect Display detailed information on one or more networks
ls List networks
prune Remove all unused networks
rm Remove one or more networks
Run 'docker network COMMAND --help' for more information on a command.
# 再看一下create的操作详情
docker network create --help
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network create --help
Usage: docker network create [OPTIONS] NETWORK
Create a network
Options:
--attachable Enable manual container attachment
--aux-address map Auxiliary IPv4 or IPv6 addresses used by Network driver (default map[])
--config-from string The network from which copying the configuration
--config-only Create a configuration only network
-d, --driver string Driver to manage the Network (default "bridge")
--gateway strings IPv4 or IPv6 Gateway for the master subnet
--ingress Create swarm routing-mesh network
--internal Restrict external access to the network
--ip-range strings Allocate container ip from a sub-range
--ipam-driver string IP Address Management Driver (default "default")
--ipam-opt map Set IPAM driver specific options (default map[])
--ipv6 Enable IPv6 networking
--label list Set metadata on a network
-o, --opt map Set driver specific options (default map[])
--scope string Control the network’s scope
--subnet strings Subnet in CIDR format that represents a network segment
# 创建自定义网络
docker network create --driver bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 my_net
# 参数解释:
# --driver bridge 网络模式设置为桥接模式
# --subnet 192.168.0.0/24 子网划分
# --gateway 192.168.0.1 设置网关
# my_net 设置自定义网络的名字
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network create --driver bridge --subnet 192.168.0.0/24 --gateway 192.168.0.1 my_net
d3f68c147eccd5cfd1b82de45258cd16b6fea5b7ec964903c770ce5abb3b7448
# 查看当前环境的网卡信息
docker network ls
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network ls
NETWORK ID NAME DRIVER SCOPE
c5440000e49f bridge bridge local
c115f00b8471 host host local
d3f68c147ecc my_net bridge local
4fdfe488370c none null local可以看到,多了一个my_net网卡信息。
step.3 使用自定义网络
# 先查看自定义网络详细信息
docker network inspect my_net
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker network inspect my_net
[
{
"Name": "my_net",
"Id": "d3f68c147eccd5cfd1b82de45258cd16b6fea5b7ec964903c770ce5abb3b7448",
"Created": "2020-08-31T18:13:33.323655501+08:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "192.168.0.0/24",
"Gateway": "192.168.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]
# 启动两个tomcat容器,并使用--net指定使用my_net网络
docker run -d -P --name tomcat-1 --net my_net tomcat
docker run -d -P --name tomcat-2 --net my_net tomcat
# 测试两个容器的网络联通性
# tomcat-1 ping一下tomcat-2
docker exec -it tomcat-1 ping tomcat-2
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-1 ping tomcat-2
PING tomcat-2 (192.168.0.3) 56(84) bytes of data.
64 bytes from tomcat-2.my_net (192.168.0.3): icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from tomcat-2.my_net (192.168.0.3): icmp_seq=2 ttl=64 time=0.059 ms
# tomcat-2 ping一下tomcat-1
docker exec -it tomcat-2 ping tomcat-1
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-2 ping tomcat-1
PING tomcat-1 (192.168.0.2) 56(84) bytes of data.
64 bytes from tomcat-1.my_net (192.168.0.2): icmp_seq=1 ttl=64 time=0.044 ms
64 bytes from tomcat-1.my_net (192.168.0.2): icmp_seq=2 ttl=64 time=0.064 ms可以看到tomcat-1容器与tomcat-2容器之间是可以网络互通的
step.4 验证自定义网络是否支持ip变更后,仍能通过容器名通信
# 查看tomcat-2的网络信息
docker exec -it tomcat-2 ip addr
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-2 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
# 可以看到tomcat-2容器的ip自动分配的是192.168.0.2
# 查看容器信息
docker ps
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
dbeccb2f7468 tomcat "catalina.sh run" 20 minutes ago Up 20 minutes 0.0.0.0:32772->8080/tcp tomcat-2
38a4932d7692 tomcat "catalina.sh run" 20 minutes ago Up 20 minutes 0.0.0.0:32771->8080/tcp tomcat-1
# 清除tomcat-2容器
docker rm -f dbeccb2f7468
# 查看容器信息
docker ps
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
38a4932d7692 tomcat "catalina.sh run" 21 minutes ago Up 21 minutes 0.0.0.0:32771->8080/tcp tomcat-1
# 启动一个tomcat-3容器
docker run -d -P --name tomcat-3 --net my_net tomcat
# 查看容器信息
docker ps
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
28aabfacad76 tomcat "catalina.sh run" 11 seconds ago Up 10 seconds 0.0.0.0:32773->8080/tcp tomcat-3
38a4932d7692 tomcat "catalina.sh run" 22 minutes ago Up 22 minutes 0.0.0.0:32771->8080/tcp tomcat-1
# 查看tomcat-3容器的网络信息
docker exec -it tomcat-3 ip addr
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-3 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
15: eth0@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.3/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
# 再重新启动tomcat-2容器
docker run -d -P --name tomcat-2 --net my_net tomcat
# 查看容器信息
docker ps
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e6538d8bb4a0 tomcat "catalina.sh run" 3 seconds ago Up 2 seconds 0.0.0.0:32774->8080/tcp tomcat-2
28aabfacad76 tomcat "catalina.sh run" 3 minutes ago Up 3 minutes 0.0.0.0:32773->8080/tcp tomcat-3
38a4932d7692 tomcat "catalina.sh run" 25 minutes ago Up 25 minutes 0.0.0.0:32771->8080/tcp tomcat-1
# 查看tomcat-2容器的网络信息
docker exec -it tomcat-2 ip addr
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-2 ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
17: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:c0:a8:00:04 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.0.4/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
# 可以看到tomcat-2容器的ip已经变成192.168.0.4了
# 此时再用tomcat-1 ping一下tomcat-2
docker exec -it tomcat-1 ping tomcat-2
# 内容如下:
[root@iZ2zefjrz9szlt99tuu23fZ wy]# docker exec -it tomcat-1 ping tomcat-2
PING tomcat-2 (192.168.0.4) 56(84) bytes of data.
64 bytes from tomcat-2.my_net (192.168.0.4): icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from tomcat-2.my_net (192.168.0.4): icmp_seq=2 ttl=64 time=0.060 ms至此,可以验证,自定义网络是支持ip变化后,仍然可以通过容器名进行网络互通的。
2.自定义网络与–link的区别
区别点 | 自定义网络 | –link |
容器间通信方式 | 容器名、ip | 容器名、ip |
通信方向 | 双向 | 单向 |
是否支持ip动态变化 | 支持 | 不支持 |
是否具备网络隔离性 | 具备 | 不具备 |
3.自定义网络适用场景
- 自定义网络可以理解为构建了一个局域网,适用于一个集群
- 不同的集群使用不同的(自定义)网络,保证集群的网络隔离性,更安全
eg: redis集群和mysql集群可以使用各自的自定义网络,互不干扰。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
