通过解决docker network connect实现同一个宿主机不同网络的容器间通信
文章目录
- 一、上述案例中test1和test2容器默认是无法通信的
- 二、让默认网络中容器test1可以连通自定义网络test-net的容器test2
- 三、让自定义网络中的容器test2可以连通默认网络的容器test1
- 四、断开不同网络中的容器通信
可以使用docker network connect命令实现同一个宿主机不同网络的容器间相互通信
# 将CONTAINER连入指定的NETWORK中,使此CONTAINER可以与NETWORK中的其它容器进行通信
root@ubuntu1804:~# docker network connect --helpUsage: docker network connect [OPTIONS] NETWORK CONTAINERConnect a container to a networkOptions:--alias strings Add network-scoped alias for the container--driver-opt strings driver options for the network--ip string IPv4 address (e.g., 172.30.100.104)--ip6 string IPv6 address (e.g., 2001:db8::33)--link list Add link to another container--link-local-ip strings Add a link-local address for the container# 将CONTAINER连入指定的NETWORK断开连接,使此CONTAINER可以与NETWORK中的其它容器无法进行通信
root@ubuntu1804:~# docker network disconnect --helpUsage: docker network disconnect [OPTIONS] NETWORK CONTAINERDisconnect a container from a networkOptions:-f, --force Force the container to disconnect from a network
# 终端1
root@ubuntu1804:~# docker network create -d bridge --subnet 172.27.0.0/16 --gateway 172.27.0.1 test-net
root@ubuntu1804:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
59ac02916bb0 alpine:3.11 "sh" 8 seconds ago Up 6 seconds test2
21be25c655c1 alpine:3.11 "sh" 34 seconds ago Up 33 seconds test1# 终端2
root@ubuntu1804:~# docker run -it --rm --name test1 alpine:3.11 sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
6: eth0@if7: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # ping 172.27.0.2 # 无法ping通自定义网络容器
PING 172.27.0.2 (172.27.0.2): 56 data bytes# 终端3
root@ubuntu1804:~# docker run -it --rm --network test-net --name test2 alpine:3.11 sh
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:1b:00:02 brd ff:ff:ff:ff:ff:ffinet 172.27.0.2/16 brd 172.27.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # ping 172.17.0.2 # 无法ping通默认网络容器
PING 172.17.0.2 (172.17.0.2): 56 data bytes
一、上述案例中test1和test2容器默认是无法通信的
# 每个网络中有属于此网络的容器信息
root@ubuntu1804:~# docker network inspect bridge
[{"Name": "bridge","Id": "d74a05d9893f2311e20bc81c1ade1a8bdb0b3c6e076f95c8a02ecb9d7576afdf","Created": "2022-05-18T15:21:04.202122118+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"4bb3e202a673c2d1a47f801d6b8444ed5e209ab3ec3e38066e83db7062f13522": {"Name": "test1","EndpointID": "d3a0c53fb4642d9c86471fd0fc171d63654d02899fef26261fb8bf13c17e6899","MacAddress": "02:42:ac:11:00:02","IPv4Address": "172.17.0.2/16","IPv6Address": ""}},"Options": {"com.docker.network.bridge.default_bridge": "true","com.docker.network.bridge.enable_icc": "true","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.host_binding_ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}}
]root@ubuntu1804:~# docker network inspect test-net
[{"Name": "test-net","Id": "70b417605df71c1f1d862d06fa6919b270c95f4e4704cccbd08f167f8d9ee116","Created": "2022-05-30T15:33:29.234772367+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "172.27.0.0/16","Gateway": "172.27.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"0c4d72ae0f0899917cbac4b8a155f705e0867309af4ed558a844f14cf454bb48": {"Name": "test2","EndpointID": "ef226f757aa9bbb221c4346f1710b45a8c6eb0fb815ef78bdb9af64730e7f68a","MacAddress": "02:42:ac:1b:00:02","IPv4Address": "172.27.0.2/16","IPv6Address": ""}},"Options": {},"Labels": {}}
]
二、让默认网络中容器test1可以连通自定义网络test-net的容器test2
root@ubuntu1804:~# docker network connect test-net test1
root@ubuntu1804:~# docker network inspect test-net
[{"Name": "test-net","Id": "70b417605df71c1f1d862d06fa6919b270c95f4e4704cccbd08f167f8d9ee116","Created": "2022-05-30T15:33:29.234772367+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": {},"Config": [{"Subnet": "172.27.0.0/16","Gateway": "172.27.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"0c4d72ae0f0899917cbac4b8a155f705e0867309af4ed558a844f14cf454bb48": {"Name": "test2","EndpointID": "ef226f757aa9bbb221c4346f1710b45a8c6eb0fb815ef78bdb9af64730e7f68a","MacAddress": "02:42:ac:1b:00:02","IPv4Address": "172.27.0.2/16","IPv6Address": ""},"4bb3e202a673c2d1a47f801d6b8444ed5e209ab3ec3e38066e83db7062f13522": {"Name": "test1","EndpointID": "15b1efe8e5607664943e97a7b5075cf2d3ea929c01c2f5ef69053943556a2e2a","MacAddress": "02:42:ac:1b:00:03","IPv4Address": "172.27.0.3/16","IPv6Address": ""}},"Options": {},"Labels": {}}
]# 在test1容器中你可以看到新添加了一个网卡,并分配了test-net网络的IP信息
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
11: eth1@if12: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:1b:00:03 brd ff:ff:ff:ff:ff:ffinet 172.27.0.3/16 brd 172.27.255.255 scope global eth1valid_lft forever preferred_lft forever# test1可以连接test2
/ # ping -c1 172.27.0.2
PING 172.27.0.2 (172.27.0.2): 56 data bytes
64 bytes from 172.27.0.2: seq=0 ttl=64 time=0.080 ms--- 172.27.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.080/0.080/0.080 ms# test2中没有变化,仍然无法连接test1
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:1b:00:02 brd ff:ff:ff:ff:ff:ffinet 172.27.0.2/16 brd 172.27.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # ping -c1 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
三、让自定义网络中的容器test2可以连通默认网络的容器test1
# 将自定义网络中的容器test2也加入到默认网络中,使之和默认网络中的容器test1通信
root@ubuntu1804:~# docker network connect bridge test2
root@ubuntu1804:~# docker network inspect bridge
[{"Name": "bridge","Id": "d74a05d9893f2311e20bc81c1ade1a8bdb0b3c6e076f95c8a02ecb9d7576afdf","Created": "2022-05-18T15:21:04.202122118+08:00","Scope": "local","Driver": "bridge","EnableIPv6": false,"IPAM": {"Driver": "default","Options": null,"Config": [{"Subnet": "172.17.0.0/16","Gateway": "172.17.0.1"}]},"Internal": false,"Attachable": false,"Ingress": false,"ConfigFrom": {"Network": ""},"ConfigOnly": false,"Containers": {"0c4d72ae0f0899917cbac4b8a155f705e0867309af4ed558a844f14cf454bb48": {"Name": "test2","EndpointID": "3e48dd21a828b7cae0bb72151409f80071079b70c07372b60ca87fefb62fd62c","MacAddress": "02:42:ac:11:00:03","IPv4Address": "172.17.0.3/16","IPv6Address": ""},"4bb3e202a673c2d1a47f801d6b8444ed5e209ab3ec3e38066e83db7062f13522": {"Name": "test1","EndpointID": "d3a0c53fb4642d9c86471fd0fc171d63654d02899fef26261fb8bf13c17e6899","MacAddress": "02:42:ac:11:00:02","IPv4Address": "172.17.0.2/16","IPv6Address": ""}},"Options": {"com.docker.network.bridge.default_bridge": "true","com.docker.network.bridge.enable_icc": "true","com.docker.network.bridge.enable_ip_masquerade": "true","com.docker.network.bridge.host_binding_ipv4": "0.0.0.0","com.docker.network.bridge.name": "docker0","com.docker.network.driver.mtu": "1500"},"Labels": {}}
]# 确认自定义网络的容器test2中添加了新网卡,并设置默认网络的IP信息
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:1b:00:02 brd ff:ff:ff:ff:ff:ffinet 172.27.0.2/16 brd 172.27.255.255 scope global eth0valid_lft forever preferred_lft forever
13: eth1@if14: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ffinet 172.17.0.3/16 brd 172.17.255.255 scope global eth1valid_lft forever preferred_lft forever# test2容器可以连接test1容器
/ # ping -c1 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.049 ms--- 172.17.0.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.049/0.049/0.049 ms# 在test1中可以利用test2容器名通信
/ # ping -c1 test2
PING test2 (172.27.0.2): 56 data bytes
64 bytes from 172.27.0.2: seq=0 ttl=64 time=0.137 ms--- test2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.137/0.137/0.137 ms# 在test2中可以利用test1容器名通信
/ # ping -c1 test1
PING test1 (172.27.0.3): 56 data bytes
64 bytes from 172.27.0.3: seq=0 ttl=64 time=0.038 ms--- test1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.038/0.038/0.038 ms
四、断开不同网络中的容器通信
# 将test1断开和网络test-net中其他容器的通信
root@ubuntu1804:~# docker network disconnect test-net test1# 在容器test1中无法和test2通信
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ffinet 172.17.0.2/16 brd 172.17.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # ping -c1 172.27.0.2
PING 172.27.0.2 (172.27.0.2): 56 data bytes# 将test2断开和默认网络中其他容器的通信
root@ubuntu1804:~# docker network disconnect bridge test2# 在容器test2中无法和test1通信
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft forever
9: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UPlink/ether 02:42:ac:1b:00:02 brd ff:ff:ff:ff:ff:ffinet 172.27.0.2/16 brd 172.27.255.255 scope global eth0valid_lft forever preferred_lft forever
/ # ping -c1 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
请不要以此视为定论,这只是我的个人经验