Docker网络 入坑中。。。

参考资料： https://docs.docker.com/engine/userguide/networking/#the-default-bridge-network

bridge网络：

"The default bridge network is present on all Docker hosts. If you do not specify a different network, new containers are automatically connected to the default bridge network."

$ docker network inspect bridge

[
   {
       "Name": "bridge",
       "Id": "f7ab26d71dbd6f557852c7156ae0574bbf62c42f539b50c8ebde0f728a253b6f",
       "Scope": "local",
       "Driver": "bridge",
       "IPAM": {
           "Driver": "default",
           "Config": [
               {
                   "Subnet": "172.17.0.1/16",
                   "Gateway": "172.17.0.1"
               }
           ]
       },
       "Containers": {},
       "Options": {
           "com.docker.network.bridge.default_bridge": "true",
           "com.docker.network.bridge.enable_icc": "true",
           "com.docker.network.bridge.enable_ip_masquerade": "true",
           "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
           "com.docker.network.bridge.name": "docker0",
           "com.docker.network.driver.mtu": "9001"
       },
       "Labels": {}
   }
]

"com.docker.network.bridge.enable_icc": "true" 关闭入口流量默认为 true

docker run -p参数和docker server create --publish(-p)对比

docker run -tic --name web -p 80:80 10.128.222.245:nginx

docker@manager:~$ docker port web 
80/tcp -> 0.0.0.0:80

端口被成功映射

docker service create --name web -p 80:80 --replicas 3 10.128.222.245:5000/nginx

docker@manager:~$ docker service ps web 
ID                  NAME                IMAGE                              NODE                DESIRED STATE       CURRENT STATE            ERROR               PORTS
uljp8rxtmsp0        web.1               10.128.222.245:5000/nginx:latest   manager             Running             Running 21 seconds ago                       
3eth9laqibn2        web.2               10.128.222.245:5000/nginx:latest   worker2             Running             Running 21 seconds ago                       
t0nfqjegefcx        web.3               10.128.222.245:5000/nginx:latest   worker1             Running             Running 21 seconds ago

docker@manager:~$ docker port web.1.uljp8rxtmsp0284tazkglcpbz 
docker@manager:~$ 

docker service create -p 参数和docker run -p 不一样。不会简单的将容器端口映射到主机

docker@manager:~$ docker service ps web 
ID                  NAME                IMAGE                              NODE                DESIRED STATE       CURRENT STATE           ERROR               PORTS
l2tse8a3xf3a        web.1               10.128.222.245:5000/nginx:latest   worker1             Running             Running 6 seconds ago                       
orywlpaw5oo8        web.2               10.128.222.245:5000/nginx:latest   worker2             Running             Running 6 seconds ago                       
xfrtfthr0ueo        web.3               10.128.222.245:5000/nginx:latest   manager             Running             Running 6 seconds ago                       
docker@manager:~$ docker port web.3.xfrtfthr0ueosa2bsli9hpvw3 
docker@manager:~$ 

docker service create --publish 也不会将容器端口映射到主机端口

网上资料提到dockerswarm 采取端口路由的方式提供服务，具体资料待详查