使用--link来连接容器
https://docs.docker.com/netwo...
Warning: The --link flag is a legacy feature of Docker. It may eventually be removed. Unless you absolutely need to continue using it, we recommend that you use user-defined networks to facilitate communication between two containers instead of using --link. One feature that user-defined networks do not support that you can do with --link is sharing environmental variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way.
删除原有的test2容器,然后重新创建一个,使用--link选项连接test1容器
docker run -d --name test2 --link test1 busybox /bin/sh -c "while true;do sleep 3600;done"目前test1与test2的ip分别为172.17.0.2/16,172.17.0.3/16。
由于创建test2容器的时候,使用了--link,如下两种方式都是等价的。
但第二种方式的好处是:
- 它可以让我们在处理业务逻辑的时候不用关心连接的外部容器的ip到底是什么。
- 假设我们设置的db外部的容器重启之后IP变了,这个
docker exec -it test2 ping 172.17.0.2
docker exec -it test2 ping test1--link并不是双向的,想在test1上使用name来ping通test2就是不行的
#ok
docker exec -it test1 ping 172.17.0.3
#failure
docker exec -it test1 ping test2手动建立bridge网络
做完上述的link实验之后,删掉test2容器,回过头查看一下docker网络
[vagrant@docker-node1 ~]$ docker network ls
NETWORK ID NAME DRIVER SCOPE
a61c325bd7ba bridge bridge local
efb6975c8935 host host local
3fa0f2e1a00b none null local然后我们自己新建一个bridge网络
docker network create -d bridge my-bridge建完之后,网络列表是这样的:
[vagrant@docker-node1 ~]$ docker network ls
NETWORK ID NAME DRIVER SCOPE
a61c325bd7ba bridge bridge local
efb6975c8935 host host local
4213425c5293 my-bridge bridge local
3fa0f2e1a00b none null local使用brctl show命令查看,结果如下
| bridge name | bridge id | STP enabled | interfaces |
|---|---|---|---|
| br-4213425c5293 | 8000.02421f24b958 | no | |
| docker0 | 8000.02425387e6fb | no | veth1d4a1de |
然后新建一个test3容器,使它连接到我们手动建立的my-bridge网络
docker run -d --name test3 --network my-bridge busybox /bin/sh -c "while true;do sleep 3600;done"此时再使用brctl show命令,就可以查看到my-bridge网络的veth接口了
| bridge name | bridge id | STP enabled | interfaces |
|---|---|---|---|
| br-4213425c5293 | 8000.02421f24b958 | no | veth7bb5433 |
| docker0 | 8000.02425387e6fb | no | veth1d4a1de |
使用docker network inspect 4213425c5293命令,也能看到该网络下的test3容器了
{
"Containers": {
"b9716e4b50ddb4800a03bd04530eea086331493a50fa1dffbcdcadad1801ba58": {
"Name": "test3",
"EndpointID": "ee2124e316486c522ba5414fb5bfd4fc463f45c22e944d65a0028fbcacf39794",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
}
}然后我们再让test1在连接name为bridge的网络的基础上,使它还可以连接到my-bridge
docker network connect my-bridge test1此时test1就同时连接到bridge和my-bridge两个网络上了。
name为bridge的网络
docker network inspect a61c325bd7ba
{
"Containers": {
"5b567458c87cc1c7eff73d47a753e1171c6478f2705868f01ebd858b196a2283": {
"Name": "test1",
"EndpointID": "e6710f0db01bdbf3669aabeab866a4f27bf1605226dd3d3c98a8b7ea1c6896f0",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
}
}
}name为my-bridge的网络
docker network inspect 4213425c5293
{
"Containers": {
"5b567458c87cc1c7eff73d47a753e1171c6478f2705868f01ebd858b196a2283": {
"Name": "test1",
"EndpointID": "a12ab3ef7cdb07c4cd6cb7bd7f5114e6b05107b19de0240abe1f704d46d8afae",
"MacAddress": "02:42:ac:12:00:03",
"IPv4Address": "172.18.0.3/16",
"IPv6Address": ""
},
"b9716e4b50ddb4800a03bd04530eea086331493a50fa1dffbcdcadad1801ba58": {
"Name": "test3",
"EndpointID": "ee2124e316486c522ba5414fb5bfd4fc463f45c22e944d65a0028fbcacf39794",
"MacAddress": "02:42:ac:12:00:02",
"IPv4Address": "172.18.0.2/16",
"IPv6Address": ""
}
}
}然后做如下测试,发现test1和test3都是可以ping通的,至于为啥没有使用--link选项也能通过name来ping通,而且还是双向ping通呢?
这是因为docker容器只要不是加入默认的bridge网络,而是自定义的bridge网络,容器之间都是可以互相ping通的
docker exec test1 ping test3
docker exec test1 ping 172.18.0.2
docker exec test3 ping test1
docker exec test3 ping 172.18.0.3至于如下ping失败的原因,则是test1虽然有两个ip,并且和test3有互通的网络,但是这两个ip完全不在一个网段上了。
docker exec test3 ping 172.17.0.2