普拉多VX

人生一路,不问来时,不知归期

0%

docker 容器间互联

Docker容器互联

常见使用方式为。–link参数 (后面会被废弃)
参考出处:- https://docs.docker.com/network/links/

Warning: The –link flag is a legacy feature of Docker. It may eventually be removed. Unless you absolutely need to continue using it, we recommend that you use user-defined networks to facilitate communication between two containers instead of using –link. One feature that user-defined networks do not support that you can do with –link is sharing environment variables between containers. However, you can use other mechanisms such as volumes to share environment variables between containers in a more controlled way.

样例:

启动容器1

1
2
3
4
5
6
7
8
9
10
11
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker run -dit -p 80:80 --name selfnginx nginx
Unable to find image 'nginx:latest' locally
latest: Pulling from library/nginx
bf5952930446: Pull complete
cb9a6de05e5a: Pull complete
9513ea0afb93: Pull complete
b49ea07d2e93: Pull complete
a5e4a503d449: Pull complete
Digest: sha256:b0ad43f7ee5edbc0effbc14645ae7055e21bc1973aee5150745632a24a752661
Status: Downloaded newer image for nginx:latest
2cfcbd9bb76cfe8445c74e8d9cd8ae39f1fab1850242978cb059b15b527beb98

启动容器2

–link 目标容器:映射的别名

1
2
3
4
5
6
7
8
9
10
11
12
13
14
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker run -dit --link selfnginx:web  alpine
Unable to find image 'alpine:latest' locally
latest: Pulling from library/alpine
df20fa9351a1: Pull complete
Digest: sha256:185518070891758909c9f839cf4ca393ee977ac378609f700f60a771a2dfe321
Status: Downloaded newer image for alpine:latest
f6f87a55368d38781f6d10ef27bd31acf7b05b62c38b283f55a1e7723489d4bf
[root@iZ2zedqqdtca3xspuss20zZ ~]#
[root@iZ2zedqqdtca3xspuss20zZ ~]#
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker ps //检查启动的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f6f87a55368d alpine "/bin/sh" 7 seconds ago Up 6 seconds elastic_yalow
2cfcbd9bb76c nginx "/docker-entrypoint.…" 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp selfnginx
[root@iZ2zedqqdtca3xspuss20zZ ~]#

测试

安装curl

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker exec -it f6f  sh    //进入容器
/ #
/ #
/ # apk add curl // 安装curl工具
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/4) Installing ca-certificates (20191127-r4)
(2/4) Installing nghttp2-libs (1.41.0-r0)
(3/4) Installing libcurl (7.69.1-r0)
(4/4) Installing curl (7.69.1-r0)
Executing busybox-1.31.1-r16.trigger
Executing ca-certificates-20191127-r4.trigger
OK: 7 MiB in 18 packages

ping 测试。ping web // web表示–link 容器使用的别名

1
2
3
4
5
6
7
8
9
10
/ # ping web
PING web (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.067 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.066 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.064 ms
64 bytes from 172.17.0.2: seq=3 ttl=64 time=0.066 ms
^C
--- web ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.064/0.065/0.067 ms

curl 测试

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
/ # curl web
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
/ #

–link 连接会在/etc/hosts文件中添加关系映射

1
2
3
4
5
6
7
8
9
/ # cat /etc/hosts 
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 web 2cfcbd9bb76c selfnginx
172.17.0.3 f6f87a55368d

容器互联 (自定义网络)

  • 用户定义的网桥可在容器之间提供自动DNS解析。
    1
    2
    3
    4
    5
    缺省桥接网络上的容器只能通过IP地址相互访问,除非您使用被认为是传统的--link选项。在用户定义的网桥网络上,容器可以通过名称或别名相互解析。

    想象一个具有Web前端和数据库后端的应用程序。如果调用容器web和db,则db无论应用程序堆栈在哪个Docker主机上运行,Web容器都可以通过连接到db容器。

    如果在默认网桥网络上运行相同的应用程序堆栈,则需要在容器之间手动创建链接(使用旧式--link 标志)。这些链接需要双向创建,因此您可以看到,要进行通信的容器超过两个,这将变得很复杂。或者,您可以操作/etc/hosts容器中的文件,但这会产生难以调试的问题。
  • 用户定义的桥可提供更好的隔离。
    1
    2
    3
    所有未--network指定的容器都将连接到默认网桥网络。这可能是一种风险,因为不相关的堆栈/服务/容器随后能够进行通信。

    使用用户定义的网络可提供作用域网络,其中只有连接到该网络的容器才能通信。
  • 容器可以随时随地从用户定义的网络连接和分离。
    1
    2
    3
    4
    5
    6
    7
    在容器的生存期内,您可以即时将其与用户定义的网络连接或断开连接。要从默认桥接网络中删除容器,您需要停止容器并使用其他网络选项重新创建它。

    每个用户定义的网络都会创建一个可配置的网桥。

    如果您的容器使用默认的桥接网络,则可以对其进行配置,但是所有容器都使用相同的设置,例如MTU和iptables规则。另外,配置默认桥接网络发生在Docker本身之外,并且需要重新启动Docker。

    用户定义的桥接网络是使用创建和配置的 docker network create。如果不同的应用程序组具有不同的网络要求,则可以在创建时分别配置每个用户定义的网桥。
  • 默认网桥网络上的链接容器共享环境变量。
    1
    2
    3
    4
    5
    6
    7
    最初,在两个容器之间共享环境变量的唯一方法是使用--linkflag链接它们。用户定义的网络无法进行这种类型的变量共享。但是,存在共享环境变量的高级方法。一些想法:

    多个容器可以使用Docker卷挂载包含共享信息的文件或目录。

    可以使用一起启动多个容器docker-compose,并且compose文件可以定义共享变量。

    您可以使用群体服务来代替独立容器,并利用共享机密和 配置。

用法

创建自定义网络

1
2
3
4
5
6
7
8
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker network create my-net
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker network ls //列出当前所有网络
NETWORK ID NAME DRIVER SCOPE
cd68d9fe5349 bridge bridge local
995338bf73a4 harbor_harbor bridge local
683eaf141ac7 host host local
244fc6228c1a my-net bridge local
c5dd972001d9 none null local

创建容器并连接到自定义网络中

1
2
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker run -dit -p 8000:80 --name netnginx  --network my-net nginx
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker run -dit --name testping --network my-net alpine

检查启动容器

1
2
3
4
5
6
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f146229807ba alpine "/bin/sh" 4 minutes ago Up 4 minutes testping
6f0dd91d3f40 nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 0.0.0.0:8000->80/tcp netnginx
f6f87a55368d alpine "/bin/sh" 32 minutes ago Up 32 minutes elastic_yalow
[root@iZ2zedqqdtca3xspuss20zZ ~]#

容器只要连接到同一个网络中,那会自动

其他用法

将已经运行的容器连接到自定义网络

1
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker network connect my-net elastic_yalow

参看容器详情发现会有两个网络

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "cd68d9fe5349d9962d48e78d1f8d2e2c4e36a7a038104bd2fa9bca7ea1526c66",
"EndpointID": "865d76e5ea4a11abe73110c6d6c22f65f014c36c4bdd2a478b8ae422464fc912",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.3",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:03",
"DriverOpts": null
},
"my-net": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"f6f87a55368d"
],
"NetworkID": "244fc6228c1adddd45eecac66c7e0652171ddf293750c03ea3ff53946098da4a",
"EndpointID": "6ebff1aa65af5ed4b0172164b4dd101934e6d73cc6381886f23f88ed0d453377",
"Gateway": "172.20.0.1",
"IPAddress": "172.20.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:14:00:04",
"DriverOpts": {}
}
}

断开容器网络

1
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker network disconnect my-net elastic_yalow

如果断开只有一个网络的容器会发生什么?

创建netnginx指定了使用自定义网络,如果断开他唯一的网络后,那该容器会是一个没有网卡状态。同时容器暴露的端口将会被取消,直到重新加入网络后恢复。

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker network disconnect my-net netnginx
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f146229807ba alpine "/bin/sh" 17 minutes ago Up 17 minutes testping
6f0dd91d3f40 nginx "/docker-entrypoint.…" 18 minutes ago Up 18 minutes netnginx
f6f87a55368d alpine "/bin/sh" 44 minutes ago Up 44 minutes elastic_yalow
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker network connect my-net netnginx
[root@iZ2zedqqdtca3xspuss20zZ ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f146229807ba alpine "/bin/sh" 17 minutes ago Up 17 minutes testping
6f0dd91d3f40 nginx "/docker-entrypoint.…" 18 minutes ago Up 18 minutes 0.0.0.0:8000->80/tcp netnginx
f6f87a55368d alpine "/bin/sh" 45 minutes ago Up 45 minutes elastic_yalow
[root@iZ2zedqqdtca3xspuss20zZ ~]#

参考资料