how to network your containers.
Launch a container on the default network
Docker includes support for networking containers through the use of network drivers.
drivers. By default, Docker provides two network drivers for you, the bridge and the overlay drivers.
You can also write a network driver plugin so that you can create your own drivers but that is an advanced task.
Every installation of the Docker Engine automatically includes three default networks. You can list them:
$ docker network lsNETWORK ID ?????????NAME ???????????????DRIVER18a2866682b8 ???????none ???????????????nullc288470c46f6 ???????host ???????????????host7b369448dccb ???????bridge ?????????????bridge
The network named bridge is a special network. Unless you tell it otherwise, Docker always launches your containers in this network.
$ docker run -itd --name=networktest ubuntu74695c9cea6d9810718fddadc01a727a5dd3ce6a69d09752239736c030599741
Inspecting the network is an easy way to find out the container’s IP address.
$ docker network inspect bridge[ ???{ ???????"Name": "bridge", ???????"Id": "f7ab26d71dbd6f557852c7156ae0574bbf62c42f539b50c8ebde0f728a253b6f", ???????"Scope": "local", ???????"Driver": "bridge", ???????"EnableIPv6": false, ???????"IPAM": { ???????????"Driver": "default", ???????????"Options": null, ???????????"Config": [ ???????????????{ ???????????????????"Subnet": "172.17.0.1/16", ???????????????????"Gateway": "172.17.0.1" ???????????????} ???????????] ???????}, ???????"Internal": false, ???????"Containers": { ???????????"3386a527aa08b37ea9232cbcace2d2458d49f44bb05a6b775fba7ddd40d8f92c": { ???????????????"Name": "networktest", ???????????????"EndpointID": "647c12443e91faf0fd508b6edfe59c30b642abb60dfab890b4bdccee38750bc1", ???????????????"MacAddress": "02:42:ac:11:00:02", ???????????????"IPv4Address": "172.17.0.2/16", ???????????????"IPv6Address": "" ???????????} ???????}, ???????"Options": { ???????????"com.docker.network.bridge.default_bridge": "true", ???????????"com.docker.network.bridge.enable_icc": "true", ???????????"com.docker.network.bridge.enable_ip_masquerade": "true", ???????????"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", ???????????"com.docker.network.bridge.name": "docker0", ???????????"com.docker.network.driver.mtu": "9001" ???????}, ???????"Labels": {} ???}]
You can remove a container from a network by disconnecting the container.
To do this, you supply both the network name and the container name.
You can also use the container ID.
In this example, though, the name is faster.
$ docker network disconnect bridge networktest
While you can disconnect a container from a network, you cannot remove the builtin bridge network named bridge.
Networks are natural ways to isolate containers from other containers or other networks.
So, as you get more experienced with Docker, you’ll want to create your own networks.
Create your own bridge network
Docker Engine natively supports both bridge networks and overlay networks.
A bridge network is limited to a single host running Docker Engine.
An overlay network can include multiple hosts and is a more advanced topic.
For this example, you’ll create a bridge network:
$ docker network create -d bridge my_bridge
The -d flag tells Docker to use the bridge driver for the new network.
You could have left this flag off as bridge is the default value for this flag.
Go ahead and list the networks on your machine:
$ docker network lsNETWORK ID ?????????NAME ???????????????DRIVER7b369448dccb ???????bridge ?????????????bridge615d565d498c ???????my_bridge ??????????bridge18a2866682b8 ???????none ???????????????nullc288470c46f6 ???????host ???????????????host
If you inspect the network, you’ll find that it has nothing in it.
$ docker network inspect my_bridge[ ???{ ???????"Name": "my_bridge", ???????"Id": "5a8afc6364bccb199540e133e63adb76a557906dd9ff82b94183fc48c40857ac", ???????"Scope": "local", ???????"Driver": "bridge", ???????"IPAM": { ???????????"Driver": "default", ???????????"Config": [ ???????????????{ ???????????????????"Subnet": "10.0.0.0/24", ???????????????????"Gateway": "10.0.0.1" ???????????????} ???????????] ???????}, ???????"Containers": {}, ???????"Options": {}, ???????"Labels": {} ???}]
Add containers to a network
To build web applications that act in concert but do so securely, create a network.
Networks, by definition, provide complete isolation for containers.
You can add containers to a network when you first run a container.
Launch a container running a PostgreSQL database and pass it the --net=my_bridge flag to connect it to your new network:
$ docker run -d --net=my_bridge --name db training/postgres
If you inspect your my_bridge you’ll see it has a container attached. You can also inspect your container to see where it is connected:
$ docker inspect --format=‘{{json .NetworkSettings.Networks}}‘ ?db{"my_bridge":{"NetworkID":"7d86d31b1478e7cca9ebed7e73aa0fdeec46c5ca29497431d3007d2d9e15ed99","EndpointID":"508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043","Gateway":"10.0.0.1","IPAddress":"10.0.0.254","IPPrefixLen":24,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}
Now, go ahead and start your by now familiar web application. This time don’t specify a network.
$ docker run -d --name web training/webapp python app.py
Which network is your web application running under?
Inspect the application and you’ll find it is running in the default bridgenetwork.
$ docker inspect --format=‘{{json .NetworkSettings.Networks}}‘ ?web{"bridge":{"NetworkID":"7ea29fc1412292a2d7bba362f9253545fecdfa8ce9a6e37dd10ba8bee7129812","EndpointID":"508b170d56b2ac9e4ef86694b0a76a22dd3df1983404f7321da5649645bf7043","Gateway":"172.17.0.1","IPAddress":"10.0.0.2","IPPrefixLen":24,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02"}}Then, get the IP address of your web
$ docker inspect --format=‘{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}‘ web172.17.0.2Now, open a shell to your running db container:
$ docker exec -it db bashroot@a205f0dd33b2:/# ping 172.17.0.2ping 172.17.0.2PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.^C--- 172.17.0.2 ping statistics ---44 packets transmitted, 0 received, 100% packet loss, time 43185ms
After a bit, use CTRL-C to end the ping and you’ll find the ping failed.
That is because the two containers are running on different networks.You can fix that.
Then, use the exit command to close the container.
Docker networking allows you to attach a container to as many networks as you like. You can also attach an already running container.
Go ahead and attach your running web app to the my_bridge.
$ docker network connect my_bridge web
Open a shell into the db application again and try the ping command. This time just use the container name web rather than the IP address.
$ docker exec -it db bashroot@a205f0dd33b2:/# ping webPING web (10.0.0.2) 56(84) bytes of data.64 bytes from web (10.0.0.2): icmp_seq=1 ttl=64 time=0.095 ms64 bytes from web (10.0.0.2): icmp_seq=2 ttl=64 time=0.060 ms64 bytes from web (10.0.0.2): icmp_seq=3 ttl=64 time=0.066 ms^C--- web ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2000msrtt min/avg/max/mdev = 0.060/0.073/0.095/0.018 ms
The ping shows it is contacting a different IP address, the address on the my_bridge which is different from its address on the bridge network.
Docker6之Network containers
原文地址:http://www.cnblogs.com/panpanwelcome/p/8093565.html