{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當項目大規模使用 Docker 時,容器通信的問題也就產生了。要解決容器通信問題,必須先了解很多關於網絡的知識。Docker 作爲目前最火的輕量級容器技術,有很多令人稱道的功能,如 Docker 的鏡像管理。然而,Docker 同樣有着很多不完善的地方,網絡方面就是 Docker 比較薄弱的部分。因此,我們有必要深入瞭解 Docker 的網絡知識,以滿足更高的網絡需求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"默認網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 安裝 Docker 以後,會默認創建三種網絡,可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network ls"}]},{"type":"text","text":" 查看。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"[root@localhost ~]# docker network ls\nNETWORK ID NAME DRIVER SCOPE\n688d1970f72e bridge bridge local\n885da101da7d host host local\nf4f1b3cf1b7f none null local"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 在學習 Docker 網絡之前,我們有必要先來了解一下這幾種網絡模式都是什麼意思。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2e/2e91e1e707ce9bba410b28b0c0711862.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"bridge 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 在該模式中,Docker 守護進程創建了一個虛擬以太網橋 "},{"type":"codeinline","content":[{"type":"text","text":"docker0"}]},{"type":"text","text":",新建的容器會自動橋接到這個接口,附加在其上的任何網卡之間都能自動轉發數據包。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 默認情況下,守護進程會創建一對對等虛擬設備接口 "},{"type":"codeinline","content":[{"type":"text","text":"veth pair"}]},{"type":"text","text":",將其中一個接口設置爲容器的 "},{"type":"codeinline","content":[{"type":"text","text":"eth0"}]},{"type":"text","text":" 接口(容器的網卡),另一個接口放置在宿主機的命名空間中,以類似 "},{"type":"codeinline","content":[{"type":"text","text":"vethxxx"}]},{"type":"text","text":" 這樣的名字命名,從而將宿主機上的所有容器都連接到這個內部網絡上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我運行一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"busybox"}]},{"type":"text","text":" 鏡像構建的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox01"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"busybox 被稱爲嵌入式 Linux 的瑞士軍刀,整合了很多小的 unix 下的通用功能到一個小的可執行文件中。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/22/22294d0ff75d0537a339bb4a68156cae.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後宿主機通過 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 查看信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/96/96f90c91c36ab4856b622b9ec89c22ca.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過以上的比較可以發現,證實了之前所說的:守護進程會創建一對對等虛擬設備接口 "},{"type":"codeinline","content":[{"type":"text","text":"veth pair"}]},{"type":"text","text":",將其中一個接口設置爲容器的 "},{"type":"codeinline","content":[{"type":"text","text":"eth0"}]},{"type":"text","text":" 接口(容器的網卡),另一個接口放置在宿主機的命名空間中,以類似 "},{"type":"codeinline","content":[{"type":"text","text":"vethxxx"}]},{"type":"text","text":" 這樣的名字命名。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 同時,守護進程還會從網橋 "},{"type":"codeinline","content":[{"type":"text","text":"docker0"}]},{"type":"text","text":" 的私有地址空間中分配一個 IP 地址和子網給該容器,並設置 docker0 的 IP 地址爲容器的默認網關。也可以安裝 "},{"type":"codeinline","content":[{"type":"text","text":"yum install -y bridge-utils"}]},{"type":"text","text":" 以後,通過 "},{"type":"codeinline","content":[{"type":"text","text":"brctl show"}]},{"type":"text","text":" 命令查看網橋信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/ef543e4801d2452b89ce10717da6f75f.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 對於每個容器的 IP 地址和 Gateway 信息,我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 進行查看,在 "},{"type":"codeinline","content":[{"type":"text","text":"NetworkSettings"}]},{"type":"text","text":" 節點中可以看到詳細信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/02/029eb7068eef9dd25a6c1a1f6240f83d.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect bridge"}]},{"type":"text","text":" 查看所有 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式下的容器,在 "},{"type":"codeinline","content":[{"type":"text","text":"Containers"}]},{"type":"text","text":" 節點中可以看到容器名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/da/dac4584faa00f34d334812f6f321f507.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 關於 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式的使用,只需要在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net bridge"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network bridge"}]},{"type":"text","text":" 指定即可,當然這也是創建容器默認使用的網絡模式,也就是說這個參數是可以省略的。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.infoq.cn/static/write/img/img-copy-disabled.4f2g7h.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Bridge 橋接模式的實現步驟主要如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker Daemon 利用 veth pair 技術,在宿主機上創建一對對等虛擬網絡接口設備,假設爲 veth0 和 veth1。而"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"\tveth pair 技術的特性可以保證無論哪一個 veth 接收到網絡報文,都會將報文傳輸給另一方。"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker Daemon 將 veth0 附加到 Docker Daemon 創建的 docker0 網橋上。保證宿主機的網絡報文可以發往 veth0;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker Daemon 將 veth1 添加到 Docker Container 所屬的 namespace 下,並被改名爲 eth0。如此一來,宿主機的網絡報文若發往 veth0,則立即會被 Container 的 eth0 接收,實現宿主機到 Docker Container 網絡的聯通性;同時,也保證 Docker Container 單獨使用 eth0,實現容器網絡環境的隔離性。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"host 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"host 網絡模式需要在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net host"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network host"}]},{"type":"text","text":" 指定;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採用 host 網絡模式的 Docker Container,可以直接使用宿主機的 IP 地址與外界進行通信,若宿主機的 eth0 是一個公有 IP,那麼容器也擁有這個公有 IP。同時容器內服務的端口也可以使用宿主機的端口,無需額外進行 NAT 轉換;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"host 網絡模式可以讓容器共享宿主機網絡棧,這樣的好處是外部主機與容器直接通信,但是容器的網絡缺少隔離性。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.infoq.cn/static/write/img/img-copy-disabled.4f2g7h.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我基於 "},{"type":"codeinline","content":[{"type":"text","text":"host"}]},{"type":"text","text":" 網絡模式創建了一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"busybox"}]},{"type":"text","text":" 鏡像構建的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox02"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a1/a135beb32e9a9ee30573fedfdc3166df.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後宿主機通過 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 查看信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ca/ca8d882de4b1c0cc6863ce35a379ce9b.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 對,你沒有看錯,返回信息一模一樣,我也可以肯定我沒有截錯圖,不信接着往下看。我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect host"}]},{"type":"text","text":" 查看所有 "},{"type":"codeinline","content":[{"type":"text","text":"host"}]},{"type":"text","text":" 網絡模式下的容器,在 "},{"type":"codeinline","content":[{"type":"text","text":"Containers"}]},{"type":"text","text":" 節點中可以看到容器名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/5c/5c2a42edd2c5ee42ed90613d3cf9b7c9.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"none 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"none 網絡模式是指禁用網絡功能,只有 lo 接口 local 的簡寫,代表 127.0.0.1,即 localhost 本地環回接口。在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net none"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network none"}]},{"type":"text","text":" 指定;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"none 網絡模式即不爲 Docker Container 創建任何的網絡環境,容器內部就只能使用 loopback 網絡設備,不會再有其他的網絡資源。可以說 none 模式爲 Docke Container 做了極少的網絡設定,但是俗話說得好“少即是多”,在沒有網絡配置的情況下,作爲 Docker 開發者,才能在這基礎做其他無限多可能的網絡定製開發。這也恰巧體現了 Docker 設計理念的開放。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我基於 "},{"type":"codeinline","content":[{"type":"text","text":"none"}]},{"type":"text","text":" 網絡模式創建了一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"busybox"}]},{"type":"text","text":" 鏡像構建的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox03"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/da/da89a711e2cd1533f387af7279bf1254.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect none"}]},{"type":"text","text":" 查看所有 "},{"type":"codeinline","content":[{"type":"text","text":"none"}]},{"type":"text","text":" 網絡模式下的容器,在 "},{"type":"codeinline","content":[{"type":"text","text":"Containers"}]},{"type":"text","text":" 節點中可以看到容器名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/7c/7cbb2b6c4794f16d58d60d5b2f2896c4.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"container 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Container 網絡模式是 Docker 中一種較爲特別的網絡的模式。在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net container:已運行的容器名稱|ID"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network container:已運行的容器名稱|ID"}]},{"type":"text","text":" 指定;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"處於這個模式下的 Docker 容器會共享一個網絡棧,這樣兩個容器之間可以使用 localhost 高效快速通信。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.infoq.cn/static/write/img/img-copy-disabled.4f2g7h.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "},{"type":"text","marks":[{"type":"strong"}],"text":"Container 網絡模式即新創建的容器不會創建自己的網卡,配置自己的 IP,而是和一個指定的容器共享 IP、端口範圍等"},{"type":"text","text":"。同樣兩個容器除了網絡方面相同之外,其他的如文件系統、進程列表等還是隔離的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我基於容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox01"}]},{"type":"text","text":" 創建了 "},{"type":"codeinline","content":[{"type":"text","text":"container"}]},{"type":"text","text":" 網絡模式的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox04"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/81/818952cc487b2c0cd82820390e81380c.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox01"}]},{"type":"text","text":" 的 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/85/85fb9c1c02d952d13e5354b6f44f4314.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 宿主機的 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/efedaafb1629d26f4da4f0148e2d14af.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過以上測試可以發現,Docker 守護進程只創建了一對對等虛擬設備接口用於連接 bbox01 容器和宿主機,而 bbox04 容器則直接使用了 bbox01 容器的網卡信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這個時候如果將 bbox01 容器停止,會發現 bbox04 容器就只剩下 lo 接口了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/49/49e89f8df52174bdfb44a8af282e94c3.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後 bbox01 容器重啓以後,bbox04 容器也重啓一下,就又可以獲取到網卡信息了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/ef73e34a579593fc63f5fe124ab9bdd4.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","marks":[{"type":"del"}],"text":"link"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "},{"type":"codeinline","content":[{"type":"text","text":"docker run --link"}]},{"type":"text","text":" 可以用來鏈接兩個容器,使得源容器(被鏈接的容器)和接收容器(主動去鏈接的容器)之間可以互相通信,並且接收容器可以獲取源容器的一些數據,如源容器的環境變量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這種方式"},{"type":"text","marks":[{"type":"strong"}],"text":"官方已不推薦使用"},{"type":"text","text":",並且在未來版本可能會被移除,所以這裏不作爲重點講解,感興趣可自行了解。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 官網警告信息:https://docs.docker.com/network/links/"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fc/fc24a8595e8e3260c3c64ba683709335.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"自定義網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 雖然 Docker 提供的默認網絡使用比較簡單,但是爲了保證各容器中應用的安全性,在實際開發中更推薦使用自定義的網絡進行容器管理,以及啓用容器名稱到 IP 地址的自動 DNS 解析。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 從 Docker 1.10 版本開始,docker daemon 實現了一個內嵌的 DNS server,使容器可以直接通過容器名稱通信。方法很簡單,只要在創建容器時使用 "},{"type":"codeinline","content":[{"type":"text","text":"--name"}]},{"type":"text","text":" 爲容器命名即可。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":">"}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 但是使用 Docker DNS 有個限制:"},{"type":"text","marks":[{"type":"strong"}],"text":"只能在 user-defined 網絡中使用"},{"type":"text","text":"。也就是說,默認的 bridge 網絡是無法使用 DNS 的,所以我們就需要自定義網絡。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"創建網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network create"}]},{"type":"text","text":" 命令可以創建自定義網絡模式,命令提示如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d2/d289cb7dfcde873e916d3832a2f6762a.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 進一步查看 "},{"type":"codeinline","content":[{"type":"text","text":"docker network create"}]},{"type":"text","text":" 命令使用詳情,發現可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"--driver"}]},{"type":"text","text":" 指定網絡模式且默認是 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式,提示如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/e8/e8bc6e1a1929583fc64d7835abfd3e53.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 創建一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式的自定義網絡模式 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":",完整命令如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network create custom_network"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network ls"}]},{"type":"text","text":" 查看網絡模式:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"[root@localhost ~]# docker network ls\nNETWORK ID NAME DRIVER SCOPE\nb3634bbd8943 bridge bridge local\n062082493d3a custom_network bridge local\n885da101da7d host host local\nf4f1b3cf1b7f none null local"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過自定義網絡模式 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":" 創建容器:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker run -di --name bbox05 --net custom_network busybox"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 查看容器的網絡信息,在 "},{"type":"codeinline","content":[{"type":"text","text":"NetworkSettings"}]},{"type":"text","text":" 節點中可以看到詳細信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1c/1ca75646e69ffe857cdf8fbfb2ae1c9f.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"連接網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network connect 網絡名稱 容器名稱"}]},{"type":"text","text":" 爲容器連接新的網絡模式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a6/a6ab9446f592a2c6cec437c07e9d3a2f.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network connect bridge bbox05"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 再次查看容器的網絡信息,多增加了默認的 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4b/4b6fd24ddf0ee62fb5dac8603e79ea23.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"斷開網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network disconnect 網絡名稱 容器名稱"}]},{"type":"text","text":" 命令斷開網絡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network disconnect custom_network bbox05"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 再次查看容器的網絡信息,發現只剩下默認的 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/6f/6f88e32486fa182758aeb8e721b97ccd.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"移除網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network rm 網絡名稱"}]},{"type":"text","text":" 命令移除自定義網絡模式,網絡模式移除成功會返回網絡模式名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network rm custom_network"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"注意:如果通過某個自定義網絡模式創建了容器,則該網絡模式無法刪除。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"容器間網絡通信"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 接下來我們通過所學的知識實現容器間的網絡通信。首先明確一點,容器之間要互相通信,必須要有屬於同一個網絡的網卡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們先創建兩個基於默認的 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式的容器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker run -di --name default_bbox01 busybox\ndocker run -di --name default_bbox02 busybox"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect bridge"}]},{"type":"text","text":" 查看兩容器的具體 IP 信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/04/041224a1b885f07c1833770ccaf7fafe.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後測試兩容器間是否可以進行網絡通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4e/4ef36764bec599454c39ddd81c3b4808.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 經過測試,從結果得知兩個屬於同一個網絡的容器是可以進行網絡通信的,但是 IP 地址可能是不固定的,有被更改的情況發生,那容器內所有通信的 IP 地址也需要進行更改,能否使用容器名稱進行網絡通信?繼續測試。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0f/0fbef35528679ed487051c941d1ee9ff.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 經過測試,從結果得知使用容器進行網絡通信是不行的,那怎麼實現這個功能呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 從 Docker 1.10 版本開始,docker daemon 實現了一個內嵌的 DNS server,使容器可以直接通過容器名稱通信。方法很簡單,只要在創建容器時使用 "},{"type":"codeinline","content":[{"type":"text","text":"--name"}]},{"type":"text","text":" 爲容器命名即可。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 但是使用 Docker DNS 有個限制:"},{"type":"text","marks":[{"type":"strong"}],"text":"只能在 user-defined 網絡中使用"},{"type":"text","text":"。也就是說,默認的 bridge 網絡是無法使用 DNS 的,所以我們就需要自定義網絡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們先基於 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式創建自定義網絡 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":",然後創建兩個基於自定義網絡模式的容器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker run -di --name custom_bbox01 --net custom_network busybox\ndocker run -di --name custom_bbox02 --net custom_network busybox"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect custom_network"}]},{"type":"text","text":" 查看兩容器的具體 IP 信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/ef9911ed2985da4bbec968db819b3b0b.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後測試兩容器間是否可以進行網絡通信,分別使用具體 IP 和容器名稱進行網絡通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0d/0d9d914c3d96f1fc257272b2a6ec0041.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 經過測試,從結果得知兩個屬於同一個自定義網絡的容器是可以進行網絡通信的,並且可以使用容器名稱進行網絡通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 那如果此時我希望 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡下的容器可以和 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":" 網絡下的容器進行網絡又該如何操作?其實答案也非常簡單:讓 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡下的容器連接至新的 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":" 網絡即可。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network connect custom_network default_bbox01"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2c/2cda24b26c612da7969e2c90ba9be5a6.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"學完容器網絡通信,大家就可以練習使用多個容器完成常見應用集羣的部署了。後面就該學習 Docker 進階部分的內容 Docker Compose 和 Docker Swarm。"}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3f/3f2b7927a66dc6426ff7a6f46f8d35a3.gif","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文采用 "},{"type":"link","attrs":{"href":"http://creativecommons.org/licenses/by-nc-nd/4.0/","title":null},"content":[{"type":"text","text":"知識共享「署名-非商業性使用-禁止演繹 4.0 國際」許可協議"}]},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"大家可以通過 "},{"type":"link","attrs":{"href":"https://mrhelloworld.com/categories/docker","title":null},"content":[{"type":"text","text":"分類"}]},{"type":"text","text":" 查看更多關於 "},{"type":"link","attrs":{"href":"https://mrhelloworld.com/categories/docker","title":null},"content":[{"type":"text","text":"Docker"}]},{"type":"text","text":" 的文章。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"🤗 您的"},{"type":"codeinline","content":[{"type":"text","text":"點贊"}]},{"type":"text","text":"和"},{"type":"codeinline","content":[{"type":"text","text":"轉發"}]},{"type":"text","text":"是對我最大的支持。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📢 掃碼關注 "},{"type":"codeinline","content":[{"type":"text","text":"哈嘍沃德先生"}]},{"type":"text","text":"「文檔 + 視頻」每篇文章都配有專門視頻講解,學習更輕鬆噢 ~"}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/67/6739b2ed350171f1bca3a0238715c45f.gif","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/04/04667f72c9f84c5e79d86b4de0fd2cdd.jpeg","alt":null,"title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
Docker 網絡模式詳解及容器間網絡通信
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"當項目大規模使用 Docker 時,容器通信的問題也就產生了。要解決容器通信問題,必須先了解很多關於網絡的知識。Docker 作爲目前最火的輕量級容器技術,有很多令人稱道的功能,如 Docker 的鏡像管理。然而,Docker 同樣有着很多不完善的地方,網絡方面就是 Docker 比較薄弱的部分。因此,我們有必要深入瞭解 Docker 的網絡知識,以滿足更高的網絡需求。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"默認網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 安裝 Docker 以後,會默認創建三種網絡,可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network ls"}]},{"type":"text","text":" 查看。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"[root@localhost ~]# docker network ls\nNETWORK ID NAME DRIVER SCOPE\n688d1970f72e bridge bridge local\n885da101da7d host host local\nf4f1b3cf1b7f none null local"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 在學習 Docker 網絡之前,我們有必要先來了解一下這幾種網絡模式都是什麼意思。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2e/2e91e1e707ce9bba410b28b0c0711862.png","alt":null,"title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"bridge 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 在該模式中,Docker 守護進程創建了一個虛擬以太網橋 "},{"type":"codeinline","content":[{"type":"text","text":"docker0"}]},{"type":"text","text":",新建的容器會自動橋接到這個接口,附加在其上的任何網卡之間都能自動轉發數據包。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 默認情況下,守護進程會創建一對對等虛擬設備接口 "},{"type":"codeinline","content":[{"type":"text","text":"veth pair"}]},{"type":"text","text":",將其中一個接口設置爲容器的 "},{"type":"codeinline","content":[{"type":"text","text":"eth0"}]},{"type":"text","text":" 接口(容器的網卡),另一個接口放置在宿主機的命名空間中,以類似 "},{"type":"codeinline","content":[{"type":"text","text":"vethxxx"}]},{"type":"text","text":" 這樣的名字命名,從而將宿主機上的所有容器都連接到這個內部網絡上。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我運行一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"busybox"}]},{"type":"text","text":" 鏡像構建的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox01"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"busybox 被稱爲嵌入式 Linux 的瑞士軍刀,整合了很多小的 unix 下的通用功能到一個小的可執行文件中。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/22/22294d0ff75d0537a339bb4a68156cae.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後宿主機通過 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 查看信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/96/96f90c91c36ab4856b622b9ec89c22ca.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過以上的比較可以發現,證實了之前所說的:守護進程會創建一對對等虛擬設備接口 "},{"type":"codeinline","content":[{"type":"text","text":"veth pair"}]},{"type":"text","text":",將其中一個接口設置爲容器的 "},{"type":"codeinline","content":[{"type":"text","text":"eth0"}]},{"type":"text","text":" 接口(容器的網卡),另一個接口放置在宿主機的命名空間中,以類似 "},{"type":"codeinline","content":[{"type":"text","text":"vethxxx"}]},{"type":"text","text":" 這樣的名字命名。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 同時,守護進程還會從網橋 "},{"type":"codeinline","content":[{"type":"text","text":"docker0"}]},{"type":"text","text":" 的私有地址空間中分配一個 IP 地址和子網給該容器,並設置 docker0 的 IP 地址爲容器的默認網關。也可以安裝 "},{"type":"codeinline","content":[{"type":"text","text":"yum install -y bridge-utils"}]},{"type":"text","text":" 以後,通過 "},{"type":"codeinline","content":[{"type":"text","text":"brctl show"}]},{"type":"text","text":" 命令查看網橋信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/ef543e4801d2452b89ce10717da6f75f.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 對於每個容器的 IP 地址和 Gateway 信息,我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 進行查看,在 "},{"type":"codeinline","content":[{"type":"text","text":"NetworkSettings"}]},{"type":"text","text":" 節點中可以看到詳細信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/02/029eb7068eef9dd25a6c1a1f6240f83d.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect bridge"}]},{"type":"text","text":" 查看所有 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式下的容器,在 "},{"type":"codeinline","content":[{"type":"text","text":"Containers"}]},{"type":"text","text":" 節點中可以看到容器名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/da/dac4584faa00f34d334812f6f321f507.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 關於 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式的使用,只需要在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net bridge"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network bridge"}]},{"type":"text","text":" 指定即可,當然這也是創建容器默認使用的網絡模式,也就是說這個參數是可以省略的。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.infoq.cn/static/write/img/img-copy-disabled.4f2g7h.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Bridge 橋接模式的實現步驟主要如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker Daemon 利用 veth pair 技術,在宿主機上創建一對對等虛擬網絡接口設備,假設爲 veth0 和 veth1。而"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"\tveth pair 技術的特性可以保證無論哪一個 veth 接收到網絡報文,都會將報文傳輸給另一方。"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker Daemon 將 veth0 附加到 Docker Daemon 創建的 docker0 網橋上。保證宿主機的網絡報文可以發往 veth0;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Docker Daemon 將 veth1 添加到 Docker Container 所屬的 namespace 下,並被改名爲 eth0。如此一來,宿主機的網絡報文若發往 veth0,則立即會被 Container 的 eth0 接收,實現宿主機到 Docker Container 網絡的聯通性;同時,也保證 Docker Container 單獨使用 eth0,實現容器網絡環境的隔離性。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"host 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"host 網絡模式需要在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net host"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network host"}]},{"type":"text","text":" 指定;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採用 host 網絡模式的 Docker Container,可以直接使用宿主機的 IP 地址與外界進行通信,若宿主機的 eth0 是一個公有 IP,那麼容器也擁有這個公有 IP。同時容器內服務的端口也可以使用宿主機的端口,無需額外進行 NAT 轉換;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"host 網絡模式可以讓容器共享宿主機網絡棧,這樣的好處是外部主機與容器直接通信,但是容器的網絡缺少隔離性。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.infoq.cn/static/write/img/img-copy-disabled.4f2g7h.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我基於 "},{"type":"codeinline","content":[{"type":"text","text":"host"}]},{"type":"text","text":" 網絡模式創建了一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"busybox"}]},{"type":"text","text":" 鏡像構建的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox02"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a1/a135beb32e9a9ee30573fedfdc3166df.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後宿主機通過 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 查看信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ca/ca8d882de4b1c0cc6863ce35a379ce9b.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 對,你沒有看錯,返回信息一模一樣,我也可以肯定我沒有截錯圖,不信接着往下看。我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect host"}]},{"type":"text","text":" 查看所有 "},{"type":"codeinline","content":[{"type":"text","text":"host"}]},{"type":"text","text":" 網絡模式下的容器,在 "},{"type":"codeinline","content":[{"type":"text","text":"Containers"}]},{"type":"text","text":" 節點中可以看到容器名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/5c/5c2a42edd2c5ee42ed90613d3cf9b7c9.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"none 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"none 網絡模式是指禁用網絡功能,只有 lo 接口 local 的簡寫,代表 127.0.0.1,即 localhost 本地環回接口。在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net none"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network none"}]},{"type":"text","text":" 指定;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"none 網絡模式即不爲 Docker Container 創建任何的網絡環境,容器內部就只能使用 loopback 網絡設備,不會再有其他的網絡資源。可以說 none 模式爲 Docke Container 做了極少的網絡設定,但是俗話說得好“少即是多”,在沒有網絡配置的情況下,作爲 Docker 開發者,才能在這基礎做其他無限多可能的網絡定製開發。這也恰巧體現了 Docker 設計理念的開放。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我基於 "},{"type":"codeinline","content":[{"type":"text","text":"none"}]},{"type":"text","text":" 網絡模式創建了一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"busybox"}]},{"type":"text","text":" 鏡像構建的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox03"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/da/da89a711e2cd1533f387af7279bf1254.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect none"}]},{"type":"text","text":" 查看所有 "},{"type":"codeinline","content":[{"type":"text","text":"none"}]},{"type":"text","text":" 網絡模式下的容器,在 "},{"type":"codeinline","content":[{"type":"text","text":"Containers"}]},{"type":"text","text":" 節點中可以看到容器名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/7c/7cbb2b6c4794f16d58d60d5b2f2896c4.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"container 網絡模式"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"Container 網絡模式是 Docker 中一種較爲特別的網絡的模式。在創建容器時通過參數 "},{"type":"codeinline","content":[{"type":"text","text":"--net container:已運行的容器名稱|ID"}]},{"type":"text","text":" 或者 "},{"type":"codeinline","content":[{"type":"text","text":"--network container:已運行的容器名稱|ID"}]},{"type":"text","text":" 指定;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"處於這個模式下的 Docker 容器會共享一個網絡棧,這樣兩個容器之間可以使用 localhost 高效快速通信。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.infoq.cn/static/write/img/img-copy-disabled.4f2g7h.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "},{"type":"text","marks":[{"type":"strong"}],"text":"Container 網絡模式即新創建的容器不會創建自己的網卡,配置自己的 IP,而是和一個指定的容器共享 IP、端口範圍等"},{"type":"text","text":"。同樣兩個容器除了網絡方面相同之外,其他的如文件系統、進程列表等還是隔離的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 比如我基於容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox01"}]},{"type":"text","text":" 創建了 "},{"type":"codeinline","content":[{"type":"text","text":"container"}]},{"type":"text","text":" 網絡模式的容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox04"}]},{"type":"text","text":",查看 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":":"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/81/818952cc487b2c0cd82820390e81380c.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 容器 "},{"type":"codeinline","content":[{"type":"text","text":"bbox01"}]},{"type":"text","text":" 的 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/85/85fb9c1c02d952d13e5354b6f44f4314.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 宿主機的 "},{"type":"codeinline","content":[{"type":"text","text":"ip addr"}]},{"type":"text","text":" 信息如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/efedaafb1629d26f4da4f0148e2d14af.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過以上測試可以發現,Docker 守護進程只創建了一對對等虛擬設備接口用於連接 bbox01 容器和宿主機,而 bbox04 容器則直接使用了 bbox01 容器的網卡信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這個時候如果將 bbox01 容器停止,會發現 bbox04 容器就只剩下 lo 接口了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/49/49e89f8df52174bdfb44a8af282e94c3.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後 bbox01 容器重啓以後,bbox04 容器也重啓一下,就又可以獲取到網卡信息了。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/ef73e34a579593fc63f5fe124ab9bdd4.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","marks":[{"type":"del"}],"text":"link"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "},{"type":"codeinline","content":[{"type":"text","text":"docker run --link"}]},{"type":"text","text":" 可以用來鏈接兩個容器,使得源容器(被鏈接的容器)和接收容器(主動去鏈接的容器)之間可以互相通信,並且接收容器可以獲取源容器的一些數據,如源容器的環境變量。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 這種方式"},{"type":"text","marks":[{"type":"strong"}],"text":"官方已不推薦使用"},{"type":"text","text":",並且在未來版本可能會被移除,所以這裏不作爲重點講解,感興趣可自行了解。 "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 官網警告信息:https://docs.docker.com/network/links/"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/fc/fc24a8595e8e3260c3c64ba683709335.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"自定義網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 雖然 Docker 提供的默認網絡使用比較簡單,但是爲了保證各容器中應用的安全性,在實際開發中更推薦使用自定義的網絡進行容器管理,以及啓用容器名稱到 IP 地址的自動 DNS 解析。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 從 Docker 1.10 版本開始,docker daemon 實現了一個內嵌的 DNS server,使容器可以直接通過容器名稱通信。方法很簡單,只要在創建容器時使用 "},{"type":"codeinline","content":[{"type":"text","text":"--name"}]},{"type":"text","text":" 爲容器命名即可。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":">"}]},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 但是使用 Docker DNS 有個限制:"},{"type":"text","marks":[{"type":"strong"}],"text":"只能在 user-defined 網絡中使用"},{"type":"text","text":"。也就是說,默認的 bridge 網絡是無法使用 DNS 的,所以我們就需要自定義網絡。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"創建網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network create"}]},{"type":"text","text":" 命令可以創建自定義網絡模式,命令提示如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d2/d289cb7dfcde873e916d3832a2f6762a.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 進一步查看 "},{"type":"codeinline","content":[{"type":"text","text":"docker network create"}]},{"type":"text","text":" 命令使用詳情,發現可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"--driver"}]},{"type":"text","text":" 指定網絡模式且默認是 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式,提示如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/e8/e8bc6e1a1929583fc64d7835abfd3e53.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 創建一個基於 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式的自定義網絡模式 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":",完整命令如下:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network create custom_network"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network ls"}]},{"type":"text","text":" 查看網絡模式:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"[root@localhost ~]# docker network ls\nNETWORK ID NAME DRIVER SCOPE\nb3634bbd8943 bridge bridge local\n062082493d3a custom_network bridge local\n885da101da7d host host local\nf4f1b3cf1b7f none null local"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過自定義網絡模式 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":" 創建容器:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker run -di --name bbox05 --net custom_network busybox"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 查看容器的網絡信息,在 "},{"type":"codeinline","content":[{"type":"text","text":"NetworkSettings"}]},{"type":"text","text":" 節點中可以看到詳細信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/1c/1ca75646e69ffe857cdf8fbfb2ae1c9f.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"連接網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network connect 網絡名稱 容器名稱"}]},{"type":"text","text":" 爲容器連接新的網絡模式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/a6/a6ab9446f592a2c6cec437c07e9d3a2f.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network connect bridge bbox05"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 再次查看容器的網絡信息,多增加了默認的 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4b/4b6fd24ddf0ee62fb5dac8603e79ea23.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"斷開網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network disconnect 網絡名稱 容器名稱"}]},{"type":"text","text":" 命令斷開網絡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network disconnect custom_network bbox05"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker inspect 容器名稱|ID"}]},{"type":"text","text":" 再次查看容器的網絡信息,發現只剩下默認的 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/6f/6f88e32486fa182758aeb8e721b97ccd.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"移除網絡"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 可以通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network rm 網絡名稱"}]},{"type":"text","text":" 命令移除自定義網絡模式,網絡模式移除成功會返回網絡模式名稱。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network rm custom_network"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"注意:如果通過某個自定義網絡模式創建了容器,則該網絡模式無法刪除。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"容器間網絡通信"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 接下來我們通過所學的知識實現容器間的網絡通信。首先明確一點,容器之間要互相通信,必須要有屬於同一個網絡的網卡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們先創建兩個基於默認的 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式的容器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker run -di --name default_bbox01 busybox\ndocker run -di --name default_bbox02 busybox"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect bridge"}]},{"type":"text","text":" 查看兩容器的具體 IP 信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/04/041224a1b885f07c1833770ccaf7fafe.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後測試兩容器間是否可以進行網絡通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/4e/4ef36764bec599454c39ddd81c3b4808.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 經過測試,從結果得知兩個屬於同一個網絡的容器是可以進行網絡通信的,但是 IP 地址可能是不固定的,有被更改的情況發生,那容器內所有通信的 IP 地址也需要進行更改,能否使用容器名稱進行網絡通信?繼續測試。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0f/0fbef35528679ed487051c941d1ee9ff.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 經過測試,從結果得知使用容器進行網絡通信是不行的,那怎麼實現這個功能呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 從 Docker 1.10 版本開始,docker daemon 實現了一個內嵌的 DNS server,使容器可以直接通過容器名稱通信。方法很簡單,只要在創建容器時使用 "},{"type":"codeinline","content":[{"type":"text","text":"--name"}]},{"type":"text","text":" 爲容器命名即可。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 但是使用 Docker DNS 有個限制:"},{"type":"text","marks":[{"type":"strong"}],"text":"只能在 user-defined 網絡中使用"},{"type":"text","text":"。也就是說,默認的 bridge 網絡是無法使用 DNS 的,所以我們就需要自定義網絡。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 我們先基於 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡模式創建自定義網絡 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":",然後創建兩個基於自定義網絡模式的容器。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker run -di --name custom_bbox01 --net custom_network busybox\ndocker run -di --name custom_bbox02 --net custom_network busybox"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 通過 "},{"type":"codeinline","content":[{"type":"text","text":"docker network inspect custom_network"}]},{"type":"text","text":" 查看兩容器的具體 IP 信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/ef/ef9911ed2985da4bbec968db819b3b0b.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 然後測試兩容器間是否可以進行網絡通信,分別使用具體 IP 和容器名稱進行網絡通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/0d/0d9d914c3d96f1fc257272b2a6ec0041.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 經過測試,從結果得知兩個屬於同一個自定義網絡的容器是可以進行網絡通信的,並且可以使用容器名稱進行網絡通信。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":" 那如果此時我希望 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡下的容器可以和 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":" 網絡下的容器進行網絡又該如何操作?其實答案也非常簡單:讓 "},{"type":"codeinline","content":[{"type":"text","text":"bridge"}]},{"type":"text","text":" 網絡下的容器連接至新的 "},{"type":"codeinline","content":[{"type":"text","text":"custom_network"}]},{"type":"text","text":" 網絡即可。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"codeblock","attrs":{"lang":"shell"},"content":[{"type":"text","text":"docker network connect custom_network default_bbox01"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/2c/2cda24b26c612da7969e2c90ba9be5a6.png","alt":null,"title":" ","style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"學完容器網絡通信,大家就可以練習使用多個容器完成常見應用集羣的部署了。後面就該學習 Docker 進階部分的內容 Docker Compose 和 Docker Swarm。"}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/3f/3f2b7927a66dc6426ff7a6f46f8d35a3.gif","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本文采用 "},{"type":"link","attrs":{"href":"http://creativecommons.org/licenses/by-nc-nd/4.0/","title":null},"content":[{"type":"text","text":"知識共享「署名-非商業性使用-禁止演繹 4.0 國際」許可協議"}]},{"type":"text","text":"。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"大家可以通過 "},{"type":"link","attrs":{"href":"https://mrhelloworld.com/categories/docker","title":null},"content":[{"type":"text","text":"分類"}]},{"type":"text","text":" 查看更多關於 "},{"type":"link","attrs":{"href":"https://mrhelloworld.com/categories/docker","title":null},"content":[{"type":"text","text":"Docker"}]},{"type":"text","text":" 的文章。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"🤗 您的"},{"type":"codeinline","content":[{"type":"text","text":"點贊"}]},{"type":"text","text":"和"},{"type":"codeinline","content":[{"type":"text","text":"轉發"}]},{"type":"text","text":"是對我最大的支持。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"📢 掃碼關注 "},{"type":"codeinline","content":[{"type":"text","text":"哈嘍沃德先生"}]},{"type":"text","text":"「文檔 + 視頻」每篇文章都配有專門視頻講解,學習更輕鬆噢 ~"}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/67/6739b2ed350171f1bca3a0238715c45f.gif","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/04/04667f72c9f84c5e79d86b4de0fd2cdd.jpeg","alt":null,"title":null,"style":null,"href":null,"fromPaste":true,"pastePass":true}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章