一、自定义一个docker网络
1、创建一个自定义网络
[root@master ~]# docker network create --driver bridge --subnet 10.192.0.0/24 --gateway 10.192.0.1 mynet
806b16d9d8b2c2535e28071d9dc413b1852bb3e99acbcb13477c8918fc201310
[root@master ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
e52ef1cd9c37 bridge bridge local
20f229ec5603 host host local
806b16d9d8b2 mynet bridge local
5e0bd1d2525c none null local
[root@master ~]#
2、使用自定义网络运行两个容器
# 先下载一个centos镜像
[root@master ~]# docker pull centos
[root@master home]# docker run -it -d --name cn1 --net mynet centos
a694e63f485a6de5a909d9b48bf3385af1980ef78a04ddc457a6dc396715cacc
[root@master home]# docker run -it -d --name cn2 --net mynet centos
43861b425af6db813bb548823de07bb4e66b4cc289ebbecfb15ed545c5a7f142
3、查看网络情况
[root@master home]# docker inspect mynet
[
...
...
"ConfigOnly": false,
"Containers": {
"43861b425af6db813bb548823de07bb4e66b4cc289ebbecfb15ed545c5a7f142": {
"Name": "cn2",
"EndpointID": "154af184fc7d67b714fe213d18f6a72aeac3f52b168d02d2787a489d994e6e34",
"MacAddress": "02:42:0a:c0:00:03",
"IPv4Address": "10.192.0.3/24",
"IPv6Address": ""
},
"a694e63f485a6de5a909d9b48bf3385af1980ef78a04ddc457a6dc396715cacc": {
"Name": "cn1",
"EndpointID": "8a73a643c52d41ed1c5910c63c2fa89633c0e17fd89d9932dec39f790f6ae4bf",
"MacAddress": "02:42:0a:c0:00:02",
"IPv4Address": "10.192.0.2/24",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@master home]#
4、测试1,宿主机ping容器,成功
[root@master home]# ping 10.192.0.2
PING 10.192.0.2 (10.192.0.2) 56(84) bytes of data.
64 bytes from 10.192.0.2: icmp_seq=1 ttl=64 time=0.059 ms
64 bytes from 10.192.0.2: icmp_seq=2 ttl=64 time=0.075 ms
^C
--- 10.192.0.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.059/0.067/0.075/0.008 ms
[root@master home]# ping 10.192.0.3
PING 10.192.0.3 (10.192.0.3) 56(84) bytes of data.
64 bytes from 10.192.0.3: icmp_seq=1 ttl=64 time=0.047 ms
64 bytes from 10.192.0.3: icmp_seq=2 ttl=64 time=0.055 ms
64 bytes from 10.192.0.3: icmp_seq=3 ttl=64 time=0.051 ms
^C
--- 10.192.0.3 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.047/0.051/0.055/0.003 ms
[root@master home]#
5、测试2,容器之间通过名称互ping,成功
# cn1 Ping cn2
[root@master home]# docker exec -it cn1 ping cn2
PING cn2 (10.192.0.3) 56(84) bytes of data.
64 bytes from cn2.mynet (10.192.0.3): icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from cn2.mynet (10.192.0.3): icmp_seq=2 ttl=64 time=0.056 ms
^C
--- cn2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 4ms
rtt min/avg/max/mdev = 0.035/0.045/0.056/0.012 ms
# cn2 Ping cn1
[root@master home]# docker exec -it cn2 ping cn1
PING cn1 (10.192.0.2) 56(84) bytes of data.
64 bytes from cn1.mynet (10.192.0.2): icmp_seq=1 ttl=64 time=0.065 ms
64 bytes from cn1.mynet (10.192.0.2): icmp_seq=2 ttl=64 time=0.055 ms
^C
--- cn1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 0.055/0.060/0.065/0.005 ms
[root@master home]#
6、结论
使用自定义的网络,docker会自动帮我们建立好对应关系。
好处:当一台服务器中,部署不同的集群时,不同的集群使用不同的网络,可以保证集群的安全与健康。
二、两个相互隔离的网络的连通
1、实验要求
实验:如下图所示,如何使mn1与cn1连通:
2、环境介绍
| 网络名 | 容器名 | ip |
|---|---|---|
| mynet | cn1 | 10.192.0.2 |
| mynet | cn2 | 10.192.0.3 |
| mynet2 | mn1 | 10.193.0.2 |
| mynet2 | mn1 | 10.193.0.3 |
创建mynet2的脚本:
[root@master home]# docker network create --driver bridge --subnet 10.193.0.0/24 --gateway 10.193.0.1 mynet2
[root@master home]# docker run -it -d --name mn1 --net mynet2 centos
6f99c08f45116a8260a12037ebb98c3647751bb6bf328174aca0156e7f2f1594
[root@master home]# docker run -it -d --name mn2 --net mynet2 centos
50bc87335d51bc20ca0b4842b4b419a2fed0fca2bcbd59651ec4587e1224afc2
3、连通
3.1、直接ping,不通
[root@master home]# docker exec -it cn1 ping mn1
ping: mn1: Name or service not known
[root@master home]#
3.2、通过帮助文档可知,可以通过网络与容器进行连接,格式为docker network connect [OPTIONS] NETWORK CONTAINER
[root@master home]# docker network connect --help
Usage: docker network connect [OPTIONS] NETWORK CONTAINER
Connect a container to a network
Options:
--alias strings Add network-scoped alias for the container
--ip string IPv4 address (e.g., 172.30.100.104)
--ip6 string IPv6 address (e.g., 2001:db8::33)
--link list Add link to another container
--link-local-ip strings Add a link-local address for the container
[root@master home]#
3.3、连通,使用mynet与mn1连通
[root@master home]# docker network connect mynet mn1
[root@master home]#
3.4、 测试
# cn1 ping mn1
[root@master home]# docker exec -it cn1 ping mn1
PING mn1 (10.192.0.4) 56(84) bytes of data.
64 bytes from mn1.mynet (10.192.0.4): icmp_seq=1 ttl=64 time=0.067 ms
64 bytes from mn1.mynet (10.192.0.4): icmp_seq=2 ttl=64 time=0.057 ms
64 bytes from mn1.mynet (10.192.0.4): icmp_seq=3 ttl=64 time=0.058 ms
^C
--- mn1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 0.057/0.060/0.067/0.010 ms
[root@master home]#
# cn2 ping mn1
[root@master home]# docker exec -it cn2 ping mn1
PING mn1 (10.192.0.4) 56(84) bytes of data.
64 bytes from mn1.mynet (10.192.0.4): icmp_seq=1 ttl=64 time=0.091 ms
64 bytes from mn1.mynet (10.192.0.4): icmp_seq=2 ttl=64 time=0.054 ms
^C
--- mn1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.054/0.072/0.091/0.020 ms
[root@master home]#
#cn1 ping mn2
[root@master home]# docker exec -it cn1 ping mn2
ping: mn2: Name or service not known
[root@master home]#
4、结论
连通方式如下图所示:
这种情况下:
mn1与cn1和cn2相互连通,
mn2与cn1和cn2不能连通。
