Docker容器的网络链接

在docker的容器中默认是没有 ifconfig,ping 命令,需要手动添加

apt-get update
apt install net-tools       # ifconfig 
apt install iputils-ping     # ping

安装 brctl 命令

sudo apt install bridge-utils

通过 brctl 查看 容器 web的网络

hejing@learning:~$ sudo brctl show
bridge name     bridge id               STP enabled     interfaces
docker0         8000.0242ddc1a384       no              veth46297f1
hejing@learning:~$

ifconfig 可以查看到 docker0 网桥

hejing@learning:~$ docker attach web
root@e6bb5696e362:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:ac:11:00:02
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2939 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1775 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4194086 (4.1 MB)  TX bytes:102463 (102.4 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@e6bb5696e362:/#

新加并设置网桥

hejing@learning:~$ sudo brctl addbr br0
hejing@learning:~$ sudo ifconfig br0 192.168.100.1 network 255.255.255.0
network: No address associated with name
ifconfig: `--help' gives usage information.
hejing@learning:~$ ifconfig
br0       Link encap:Ethernet  HWaddr 1a:83:d5:ba:65:d0
          inet addr:192.168.100.1  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::1883:d5ff:feba:65d0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:5152 (5.1 KB)

docker0   Link encap:Ethernet  HWaddr 02:42:dd:c1:a3:84
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:ddff:fec1:a384/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22190 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25633 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1365895 (1.3 MB)  TX bytes:37833202 (37.8 MB)

在docker 启动配置文件 /etc/default/docker中添加配置 -b=br0

hejing@learning:~$ cat /etc/default/docker
# Here in Debian, this file is sourced by:
#   - /etc/init.d/docker (sysvinit)
#   - /etc/init/docker (upstart)
#   - systemd's docker.service

# Use of this file for configuring your Docker daemon is discouraged.

# The recommended alternative is "/etc/docker/daemon.json", as described in:
#   https://docs.docker.com/v1.11/engine/reference/commandline/daemon/#daemon-configuration-file

# If that does not suit your needs, try a systemd drop-in file, as described in:
#   https://docs.docker.com/v1.11/engine/admin/systemd/#custom-docker-daemon-options

DOCKER_OPTS='--registry-mirror=http://8fadea85.m.daocloud.io --label name=docker_server1 -b=br0'
hejing@learning:~$

新建容器查看网桥

hejing@learning:~$ docker run -it --name nwt3 2010jing/web:20171224 /bin/bash
root@f89fa63c56b7:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:c0:a8:64:04
          inet addr:192.168.100.4  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::42:c0ff:fea8:6404/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1976 (1.9 KB)  TX bytes:516 (516.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

检验设置成功。


利用 Dockerfile创建镜像 ,情回顾上篇 Docker创建镜像和推送到hub.docker.com

Dockerfile

FROM 2010jing/web:20171224
RUN apt install -y iputils-ping
RUN apt install -y net-tools
RUN apt update
RUN apt install -y nginx
RUN apt install -y curl
EXPOSE 80
cmd /bin/bash

构建镜像 docker build

hejing@learning:/dockerfile/cct$ sudo docker build -t 2010jing/cct .

同一宿主机内容器互联

启动第一个容器 ,并且启动 nginx服务,查看 ip地址

hejing@learning:~$ docker run -it --name cct1 2010jing/cct
root@361c52e5f2a1:/# nginx
root@361c52e5f2a1:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:c0:a8:64:02
          inet addr:192.168.100.2  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::42:c0ff:fea8:6402/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:27 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3213 (3.2 KB)  TX bytes:796 (796.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

启动第二个容器,并且查看地址

hejing@learning:~$ docker run -it --name cct2 2010jing/cct
root@8eb87baab309:/# ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:c0:a8:64:03
          inet addr:192.168.100.3  Bcast:0.0.0.0  Mask:255.255.255.0
          inet6 addr: fe80::42:c0ff:fea8:6403/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1774 (1.7 KB)  TX bytes:516 (516.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

root@8eb87baab309:/#

测试从 cct2 访问 cct1

root@8eb87baab309:/# curl http://192.168.100.2



        
        




        

welcome to uic

root@8eb87baab309:/#

当容器cct1停止再启动,cct2尝试去链接cct1

hejing@learning:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
8eb87baab309        2010jing/cct        "/bin/sh -c /bin/bash"   5 minutes ago       Up 5 minutes        80/tcp              cct2
361c52e5f2a1        2010jing/cct        "/bin/sh -c /bin/bash"   8 minutes ago       Up 8 minutes        80/tcp              cct1
hejing@learning:~$ docker stop cct1
cct1
hejing@learning:~$ docker start -i cct1
root@361c52e5f2a1:/# hejing@learning:~$
hejing@learning:~$ docker attach cct2
root@8eb87baab309:/# curl http://192.168.100.2
curl: (7) Failed to connect to 192.168.100.2 port 80: Connection refused

会发现,以链接方式访问,在容器重启时候失效。

docker 为了避免这种情况,提供另一种方式
使用 --link 参数可以让容器之间安全的进行交互。

格式: docker run --link=[CONTAINER_NAME]:[ALIAS]  [IMAGE] [COMMAND]

演示:
新建一个容器,当它链接到cct1时候,给它起个别名 webtest

hejing@learning:~$ docker run -it --name cct3 --link=cct1:webtest 2010jing/cct

ping webtest, 也就是 cct1

root@f1ccf8527981:/# ping webtest
PING webtest (192.168.100.2) 56(84) bytes of data.
64 bytes from webtest (192.168.100.2): icmp_seq=1 ttl=64 time=0.200 ms
64 bytes from webtest (192.168.100.2): icmp_seq=2 ttl=64 time=0.121 ms
64 bytes from webtest (192.168.100.2): icmp_seq=3 ttl=64 time=0.119 ms
64 bytes from webtest (192.168.100.2): icmp_seq=4 ttl=64 time=0.117 ms

查看 env

...
WEBTEST_PORT_80_TCP_ADDR=192.168.100.2
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
WEBTEST_PORT_80_TCP=tcp://192.168.100.2:80
WEBTEST_PORT=tcp://192.168.100.2:80
WEBTEST_PORT_80_TCP_PROTO=tcp
SHLVL=1
HOME=/root
WEBTEST_PORT_80_TCP_PORT=80
_=/usr/bin/env
...

/etc/hosts

root@f1ccf8527981:/# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.100.2   webtest 361c52e5f2a1 cct1
192.168.100.4   f1ccf8527981
root@f1ccf8527981:/#

测试,停止容器,重启启动,再链接

hejing@learning:~$ sudo service docker restart
[sudo] password for hejing:
hejing@learning:~$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
hejing@learning:~$ docker restart cct2 cct1 cct3
cct1
cct2
cct3
hejing@learning:~$ docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
f1ccf8527981        2010jing/cct        "/bin/sh -c /bin/bash"   8 minutes ago       Up 24 seconds       80/tcp              cct3
8eb87baab309        2010jing/cct        "/bin/sh -c /bin/bash"   23 minutes ago      Up 25 seconds       80/tcp              cct2
361c52e5f2a1        2010jing/cct        "/bin/sh -c /bin/bash"   27 minutes ago      Up 26 seconds       80/tcp              cct1
hejing@learning:~$
hejing@learning:~$ docker attach cct3
root@f1ccf8527981:/# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
192.168.100.3   webtest 361c52e5f2a1 cct1 
192.168.100.4   f1ccf8527981
root@f1ccf8527981:/#

可以对比前后,webtest的ip 重启之后 由192.168.100.2 变成 192.168.100.3。


拒绝所有容器间的访问

Docker 守护进程的启动选项 --icc = false
修改配置文件 /etc/default/docker

DOCKER_OPTS=' --icc=false --registry-mirror=http://8fadea85.m.daocloud.io --label name=docker_server1 -b=br0'

重启docker和容器

hejing@learning:~$ sudo service docker restart
hejing@learning:~$ docker restart cct1 cct2 cct3
cct1
cct2
cct3
hejing@learning:~$ docker attach cct3
root@f1ccf8527981:/# ping webtest
PING webtest (192.168.100.2) 56(84) bytes of data.

发现ping不成功。

允许特定容器间的链接

Docker 守护进程的启动选项
--icc = false
--iptables = true
-- link

添加 --iptables=true 到配置文件 /etc/default/docker

root@f1ccf8527981:/# ps -ef | grep docker
root        14     6  0 08:38 ?        00:00:00 grep --color=auto docker
root@f1ccf8527981:/# hejing@learning:~$ ps -ef | grep docker
root     13097     1  0 16:35 ?        00:00:01 /usr/bin/dockerd -H fd:// --icc=false --iptables=true --registry-mirror=http://8fadea85.m.daocloud.io --label name=docker_server1 -b=br0

重启docker和容器

root@f1ccf8527981:/docker attach cct3
hejing@learning:~$ sudo vim /etc/default/docker
hejing@learning:~$ sudo service docker restart
hejing@learning:~$ docker restart cct1 cct2 cct3
cct1
cct2
cct3

回到 cct1容器 并且启动 nginx服务

hejing@learning:~$ docker attach cct1
root@361c52e5f2a1:/# nginx
root@361c52e5f2a1:/# hejing@learning:~$
hejing@learning:~$

切回 cct3 访问 cct1

hejing@learning:~$
hejing@learning:~$ docker attach cct3
root@f1ccf8527981:/# curl webtest



        
        




        

welcome to uic

你可能感兴趣的:(Docker容器的网络链接)