@[TOC] # Docker network and container interconnection
Resource Recommendation
Configure network on Docker official website: https://docs.docker.com/network/
Docker network details: https://blog.csdn.net/meltsnow/article/details/94490994
Docker has four network modes: https://www.jianshu.com/p/22a7032bb7bd
Use network
| Network driven | name | Official documents | Official course |
|---|---|---|---|
| Bridge (default) | Bridged Networking | https://docs.docker.com/network/bridge/ | https://docs.docker.com/network/network-tutorial-standalone/ |
| host | Host network | https://docs.docker.com/network/host/ | https://docs.docker.com/network/network-tutorial-host/ |
| overlay | overlay network | https://docs.docker.com/network/overlay/ | https://docs.docker.com/network/network-tutorial-overlay/ |
| ipvlan | IPvlan network | https://docs.docker.com/network/ipvlan/ | nothing |
| macvlan | Macvlan network | https://docs.docker.com/network/macvlan/ | https://docs.docker.com/network/network-tutorial-macvlan/ |
| none | Disable container network | https://docs.docker.com/network/none/ | nothing |
| Network plug-in | Third party network plug-in | https://docs.docker.com/engine/extend/plugins_services/ | nothing |
Schematic diagram of bridge network
When a docker container is created, a pair of veth pair interfaces will be created at the same time (when a packet is sent to one interface, the other interface can also receive the same packet). One end of the pair of interfaces is in the container, that is, eth0; The other end is local and mounted to the docker0 bridge. The name starts with veth (for example, vethAQI2QT). In this way, the host can communicate with the container, and the containers can also communicate with each other. Docker creates a virtual shared network between the host and all containers.
Container interconnection
docker network
Connection container
# Create network docker network create -d bridge my-net # List all networks $ docker network ls NETWORK ID NAME DRIVER SCOPE 2b2da88f6307 bridge bridge local c426cb16f1ba host host local b63cf9acb121 my-net bridge local 642abd8a74a7 none null local # Download centos image docker pull centos # New terminal docker run -it --rm --name centos01 --network my-net centos bash # New terminal docker run -it --rm --name centos02 --network my-net centos bash # Container list docker container ls CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 296a215ab471 centos "bash" 18 seconds ago Up 16 seconds centos02 4f546527fae1 centos "bash" 42 seconds ago Up 38 seconds centos01 # ping centos02 in centos01 container [root@4f546527fae1 /]# ping centos02 PING centos02 (172.18.0.3) 56(84) bytes of data. 64 bytes from centos02.my-net (172.18.0.3): icmp_seq=1 ttl=64 time=0.066 ms 64 bytes from centos02.my-net (172.18.0.3): icmp_seq=2 ttl=64 time=0.044 ms # ping centos01 in centos02 container [root@296a215ab471 /]# ping centos01 PING centos01 (172.18.0.2) 56(84) bytes of data. 64 bytes from centos01.my-net (172.18.0.2): icmp_seq=1 ttl=64 time=0.180 ms 64 bytes from centos01.my-net (172.18.0.2): icmp_seq=2 ttl=64 time=0.053 ms # View hosts [root@296a215ab471 /]# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.18.0.3 296a215ab471
Configure DNS
- Mount sees the mount information
$ mount C:/Program Files/Git on / type ntfs (binary,noacl,auto) C:/Program Files/Git/usr/bin on /bin type ntfs (binary,noacl,auto) C:/Users/Water moon love~1/AppData/Local/Temp on /tmp type ntfs (binary,noacl,posix=0,usertemp) C: on /c type ntfs (binary,noacl,posix=0,user,noumount,auto) D: on /d type ntfs (binary,noacl,posix=0,user,noumount,auto) E: on /e type ntfs (binary,noacl,posix=0,user,noumount,auto)
- Configure dns for all containers
/etc/docker/daemon.json
{
"dns" : [
"114.114.114.114",
"8.8.8.8"
]
}
# dns can be seen in / etc/resolv.conf inside the container
$ docker run -it --rm centos cat etc/resolv.conf
# DNS requests are forwarded to the host. DHCP DNS options are ignored.
nameserver 192.168.65.5
- Manually specify container configuration
- -h HOSTNAME or -- hostname=HOSTNAME sets the host name of the container, which will be written to / etc/hostname and / etc/hosts in the container. However, it cannot be seen outside the container, neither in docker container ls nor in / etc/hosts of other containers.
- –dns=IP_ADDRESS adds the DNS server to / etc/resolv.conf of the container, and lets the container use this server to resolve all host names that are not in / etc/hosts.
- – DNS search = domain sets the search domain of the container. When the search domain is set to. Example.com, when searching for a host named host, DNS searches not only host but also host.example.com.
Docker run -- List (obsolete, network recommended)
It is likely that the default bridging network is still used, which is very unsafe. All containers are not properly isolated. It is more convenient to use a custom network for interconnection and isolation.
# Download Image docker pull centos # centos uses ip add to view local address information # Create the first container (terminal 1) docker run -it --rm --name centos01 centos bash # Create a second container (Terminal 2) docker run -d -it --rm --name centos02 --link centos01 centos bash # Enter container 1 docker exec -it centos01 bash [root@941828a74821 /]# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.3 941828a74821 [root@941828a74821 /]# ping 172.17.0.4 PING 172.17.0.4 (172.17.0.4) 56(84) bytes of data. 64 bytes from 172.17.0.4: icmp_seq=1 ttl=64 time=0.059 ms 64 bytes from 172.17.0.4: icmp_seq=2 ttl=64 time=0.039 ms # Enter container 2 docker exec -it centos02 bash [root@af7440908cb3 /]# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.3 centos01 941828a74821 172.17.0.4 af7440908cb3 [root@af7440908cb3 /]# ping 172.17.0.3 PING 172.17.0.3 (172.17.0.3) 56(84) bytes of data. 64 bytes from 172.17.0.3: icmp_seq=1 ttl=64 time=0.044 ms 64 bytes from 172.17.0.3: icmp_seq=2 ttl=64 time=0.066 ms