docker网络基础--Network知识

发表于 更新于 分类于 阅读次数: Waline:

docker 内部通信原理

前面介绍了nginx与php两个容器间是如何进行通信的:

1
2
3
4
5
6
7
[root@docker ~]# docker run -d --name=php -v /www:/usr/local/nginx/html php
[root@docker ~]# docker run -d --name=nginx --link=php:php -v /www:/usr/local/nginx/html -p 81:80 nginx

[root@docker ~]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
58280fe851f9        nginx               "/usr/local/nginx/..."   15 seconds ago      Up 14 seconds       0.0.0.0:81->80/tcp   nginx
9ea150c35587        php                 "/usr/local/php/sb..."   36 seconds ago      Up 35 seconds       9000/tcp             php

通过容器间的选项–link指定容器名称进行不同容器间的通信(–link container_name或者将container_name取一个别名)

现在使用另外一种方式替代–link来达到容器间的通信:docker network

查看local的网络信息:

1
2
3
4
5
[root@docker ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
5133ec415c3c        bridge              bridge              local
f359ca4e2d39        host                host                local
8d68673c045c        none                null                local

现在创建一个网络名为my_net且driver为bridge的网络:(默认创建的就是bridge)

1
2
3
4
5
6
7
8
9
[root@docker ~]# docker network create my_net
67e29f0e4a77c79144efc337a081a889188b5b8e289968f22be6e4ddd9b80610

[root@docker ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
5133ec415c3c        bridge              bridge              local
f359ca4e2d39        host                host                local
67e29f0e4a77        my_net              bridge              local
8d68673c045c        none                null                local

利用–network启动容器提供服务:

1
2
[root@docker ~]# docker run -d --name=php --network my_net --network-alias php -v /www:/usr/local/nginx/html php
6b493cbe8207dee4cb4d5945cfce305dba96914083bd7f46841b0b42376bcb99
1
2
[root@docker ~]# docker run -d --name=nginx --network my_net --network-alias nginx -v /www:/usr/local/nginx/html -p 80:80 nginx
5ab220196b52bb768bef508433f0b920eecee70c3ee47880ebc5e2a74b5ee254

通过选项–network-alias将取名的my_net起了一个别名

1
2
3
4
[root@docker ~]# docker exec -it nginx ping php
PING php (172.18.0.2) 56(84) bytes of data.
64 bytes from php.my_net (172.18.0.2): icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from php.my_net (172.18.0.2): icmp_seq=2 ttl=64 time=0.090 ms

这里为啥能够ping通过php这个容器呢,因为这两个容器在同一个网络m’y_net内,而nginx里面ping的php是容器名(这里管理的是容器级别)

由于能够ping通php,所以在nginx中配置的:

1
2
3
4
5
6
7
8
9
10
11
12
server {
    listen   80;
    root /usr/local/nginx/html;
    index index.htm index.html index.php;
    location ~ \.php$ {
        root /usr/local/nginx/html;
        fastcgi_pass php:9000;
        fastcgi_index index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;
    } 
}

所以配置文件中的php不会导致nginx启动失败,通过network的driver bridge实现了容器间的访问

img

上面在容器启动的时候使用的是选项–network,而在compose的配置文件中则是networks,现在通过配置文件来进行阐述该参数的作用:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
[root@docker lnmp]# cat lnmp.yml 
version: '3'
services:
  nginx:
    image: nginx
    container_name: lnmp-nginx
    depends_on:
      - php
    ports:
      - "80:80"
    networks:
      - "net1"
    volumes:
      - "/www:/usr/local/nginx/html"
  php:
    image: php
    container_name: lnmp-php
    expose: 
      - "9000"
    networks:
      - "net1"
    volumes:
      - "/www:/usr/local/nginx/html"

networks:
  net1:
    driver: bridge

由上述文件中可以知道networks定义了一个名称为net1的网络,由于networks是top-level(顶层级别,所以需要在顶层设置),而在创建的网络时候需要指定driver(单一网络使用bridge,swarm集群使用overlay),而且driver内容不能省略,在nginx和php两个service中使用了同一网络net1,现在将服务启动:

1
2
3
4
5
6
7
[root@docker lnmp]# docker-compose -f lnmp.yml up
Creating network "lnmp_net1" with driver "bridge"
Creating lnmp-php ... 
Creating lnmp-php ... done
Creating lnmp-nginx ... 
Creating lnmp-nginx ... done
Attaching to lnmp-php, lnmp-nginx

可以看出在启动服务的时候创建了服务级别的网络lnmp_net1

1
2
3
4
5
6
7
[root@docker lnmp]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
5133ec415c3c        bridge              bridge              local
f359ca4e2d39        host                host                local
29d798852b52        lnmp_net1           bridge              local
67e29f0e4a77        my_net              bridge              local
8d68673c045c        none                null                local

服务nginx和php在网络lnmp_net1实现了互联通信

1
2
3
[root@docker lnmp]# docker-compose -f lnmp.yml exec nginx ping php
PING php (172.19.0.2) 56(84) bytes of data.
64 bytes from lnmp-php.lnmp_net1 (172.19.0.2): icmp_seq=1 ttl=64 time=0.060 ms

在nginx服务中能够访问php的服务,在compose编排中级别的访问是对service级别的访问,所以在nginx服务配置文件中对应的php能够实现,不会导致nginx启动失败

及在compose的配置文件设置并对应的是service级别,当使用参数links也是配置的php服务,使得nginx服务能够ping通php服务并实现访问通信

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
[root@docker lnmp]# cat lnmp.yml
version: '3'
services:
  nginx:
    image: nginx
    container_name: lnmp-nginx
    depends_on:
      - php
    ports:
      - "80:80"
    links:
      - php:php
    volumes:
      - "/www:/usr/local/nginx/html"
  php:
    image: php
    container_name: lnmp-php
    expose: 
      - "9000"
    volumes:
      - "/www:/usr/local/nginx/html"

将networks参数改为了links参数,使得两个服务能够继续互联访问

1
2
3
4
5
6
7
[root@docker lnmp]# docker-compose -f lnmp.yml up
Creating network "lnmp_default" with the default driver
Creating lnmp-php ... 
Creating lnmp-php ... done
Creating lnmp-nginx ... 
Creating lnmp-nginx ... done
Attaching to lnmp-php, lnmp-nginx

而且启动的时候创建的默认的网络

1
2
3
4
[root@docker lnmp]# docker-compose -f lnmp.yml exec nginx ping php
PING php (172.19.0.2) 56(84) bytes of data.
64 bytes from lnmp-php.lnmp_default (172.19.0.2): icmp_seq=1 ttl=64 time=0.091 ms
64 bytes from lnmp-php.lnmp_default (172.19.0.2): icmp_seq=2 ttl=64 time=0.107 ms

–links也是能够使得服务间进行访问的

现在通过案例讲解参数external_links的作用:external_links类似于links针对的也是service级别,但是external_links对应的是外部的service而不是同一compose配置文件中的service

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@docker lnmp]# cat lnmp.yml
version: '3'
services:
  nginx:
    image: nginx
    container_name: lnmp-nginx
    depends_on:
      - php
    ports:
      - "80:80"
    networks:
      - "net1"
    volumes:
      - "/www:/usr/local/nginx/html"
    external_links:
      - php1:php
  php:
    image: php
    container_name: lnmp-php
    expose: 
      - "9000"
    networks:
      - "net1"
    volumes:
      - "/www:/usr/local/nginx/html"

networks:
  net1:
    driver: bridge

上面可以看见external_links配置了php1的服务,并且将php1的服务也取别名为了php,然后编写另一个compose配置文件,并配置服务名为php1的服务:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
[root@docker lnmp]# cat php1.yml 
version: '3'
services:
  php1:
    image: php
    container_name: lnmp-php1
    expose: 
      - "9000"
    networks:
      - "net1"
    volumes:
      - "/www:/usr/local/nginx/html"

networks:
  net1:
    driver: bridge

结合两个compose配置文件,可以知道有nginx、php、php1的服务,并且php1的服务也有php的别名,现在依次开启php1,和nginx与php:

1
2
3
4
5
[root@docker lnmp]# docker-compose -f php1.yml up
Creating network "lnmp_net1" with driver "bridge"
Creating lnmp-php1 ... 
Creating lnmp-php1 ... done
Attaching to lnmp-php1
1
2
3
4
5
6
7
[root@docker lnmp]# docker-compose -f lnmp.yml up --build
WARNING: Found orphan containers (lnmp-php1) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating lnmp-php ... 
Creating lnmp-php ... done
Creating lnmp-nginx ... 
Creating lnmp-nginx ... done
Attaching to lnmp-php, lnmp-nginx

查看启动的容器状态:

1
2
3
4
5
[root@docker www]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                NAMES
a089cd261279        nginx               "/usr/local/nginx/..."   25 seconds ago      Up 25 seconds       0.0.0.0:80->80/tcp   lnmp-nginx
4ff4bf7c1bf9        php                 "/usr/local/php/sb..."   25 seconds ago      Up 25 seconds       9000/tcp             lnmp-php
4e39cdf62bf1        php                 "/usr/local/php/sb..."   51 seconds ago      Up 51 seconds       9000/tcp             lnmp-php1

现在将nginx一起的php的这个服务停止掉,看下nginx服务是否将会被停止:

1
2
[root@docker lnmp]# docker-compose -f lnmp.yml stop php
Stopping lnmp-php ... done

而在nginx这里的输出如下:

1
2
3
4
5
lnmp-php exited with code 0
[root@docker www]# docker ps -a
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                      PORTS                NAMES
a089cd261279        nginx               "/usr/local/nginx/..."   2 minutes ago       Up 2 minutes                0.0.0.0:80->80/tcp   lnmp-nginx
4ff4bf7c1bf9        php                 "/usr/local/php/sb..."   2 minutes ago       Exited (0) 52 seconds ago                        lnmp-php

而php服务对应的容器lnmp-php也停止了,但是nginx的服务却没有停止,为什么呢?那是因为php1的服务并没有停止,而php1的服务也是别名php服务的,而external_links就是实现这种情况的

使一个compose中的服务能与另一个compose中的服务能够互联通信,compose就是service级别的实现,配置文件中对应的都是service级别,而不是容器名

img

而在另一个compose中也必须定义与之相同的网络名称,也就是说配置external_links时,两者服务间的网络名称必须一致,不然依旧不能进行互相访问

当使用了external_links时,必须启动另一个compose的service,如果仅仅启动的是包含此函数的compose那么service将会启动报错

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
[root@docker lnmp]# cat lnmp.yml_external_links 
version: '3'
services:
  nginx:
    image: nginx
    container_name: lnmp-nginx
    depends_on:
      - php
    ports:
      - "80:80"
    networks:
      - "net1"
    volumes:
      - "/www:/usr/local/nginx/html"
    external_links:
      - php1:php
  php:
    image: php
    container_name: lnmp-php
    expose: 
      - "9000"
    networks:
      - "net1"
    volumes:
      - "/www:/usr/local/nginx/html"

networks:
  net1:
    driver: bridge

image-20221022184300012

1
2
3
4
5
6
7
8
9
[root@docker lnmp]# docker-compose -f lnmp.yml up --build
Creating network "lnmp_net1" with driver "bridge"
Creating lnmp-php ... 
Creating lnmp-php ... done
Creating lnmp-nginx ... 
Creating lnmp-nginx ... done
Attaching to lnmp-php, lnmp-nginx
lnmp-nginx | nginx: [emerg] host not found in upstream "php" in /usr/local/nginx/conf/vhost/www.conf:7
lnmp-nginx exited with code 1

参数external_links连接的外部php服务并没有启动,所以nginx还是启动报错

docker-compose 固定容器IP地址

方法一 先创建一个网络,然后在指定

使用以下命令创建一个网络,ip可自定义

1
sudo docker network create --subnet=172.20.0.0/24 网络名字

然后在docker-compose里面填写好以下的配置(里面一些东西需要修改)
这种方法需要配合portainer进行固定ip。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
services:
  # redis    
  redis:
    image: redis:latest
    container_name: redis
    restart: always
    ports: 
     - "6379:6379"
    networks:
     - persist    
    ...省略其他的配置
networks:
  persist:
    external:
      name: 网络名

如果一次性固定,应该是把上面的networks改一下成这样子,我也还没试过。。
等一个勇士。

1
2
3
networks:
  persist:
    ipv4_address: 172.20.0.17 # 具体ip

方法二直接在Docker-compose里配置

这个方法就不用先创建网络啦,也不用去portainer定制

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
services:
  # redis    
  redis:
    image: redis:latest
    container_name: redis
    restart: always
    ports: 
     - "6379:6379"
    networks:
      proxy:
        ipv4_address: 172.16.0.9 # 具体ip    
    ...省略其他的配置
# 网络    
networks:
  proxy:
    ipam:
      config:
      - subnet: 172.16.0.0/24

如果使用这种方式,但是某个服务并不用固定ip,可以将networks替换成下面这个(如果不开启全部定制,那可能会冲突)

1
2
networks:
  proxy