查看容器: docker inspect [容器名称]
docker insepect mysql
{
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "9e88c56857896eb58b8a57275afbbf2e78d3cd57e40c36ae02ff691b0e54febb",
"EndpointID": "ad293430c85370bd50b9895bd3e6845871a8acc21c7e12fdace84d8a7debcb38",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
}
}
}
docker inspect nginx
{
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "9e88c56857896eb58b8a57275afbbf2e78d3cd57e40c36ae02ff691b0e54febb",
"EndpointID": "42c720bb6fde02e2eda2b7fc4e6ddee79b33283debe1dece5c7f745b49f6be91",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.4",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:04",
"DriverOpts": null
}
}
会发现有一个IPAddress字段,值为172.17.0.2。在宿主机ping该地址,可以ping通。在外部ping该地址,无法ping通。所以外部无法通过容器的ip地址直接访问容器。
外部如果想要访问容器,需要将容器端口映射到宿主机。当外部访问宿主机的端口时,docker会将外部请求转发到容器的ip和端口,这样就访问到了容器。
mysql和nginx容器的IPAddress是在同一网段的,所以相互可以访问
docker安装时,会在机器中创建一张虚拟的网卡。名字叫做docker0,地址是172.17.0.1/16
默认情况下,所有容器都是以bridge方式连接到Docker的虚拟网桥docker0上。IP地址都是自动分配的
只有加入自定义网络的容器才可以通过容器名互相访问。Docker的网络操作命令如下:
docker network create #创建一个网络
docker network ls #查看所有网络
docker network rm #删除指定网络
docker network prune #清除未使用的网络
docker network connect #使指定容器连接加入某网络
docker network disconnect #使指定容器连接断开某网络
docker network inspect #查看网络详细信息
例子:
docker network ls
NETWORK ID NAME DRIVER SCOPE
9e88c5685789 bridge bridge local
5cefdc85629c host host local
abe0bff9cdf5 none null local
创建自定义网络
docker network create custom
bdb0e4074cab0638576323e650b04c2a79131a3172c4df192f8af0ae743e6a94
docker network ls
NETWORK ID NAME DRIVER SCOPE
9e88c5685789 bridge bridge local
bdb0e4074cab custom bridge local
5cefdc85629c host host local
abe0bff9cdf5 none null local
查看网络
ip addr
发现多了一个172.18网段的地址
16: br-bdb0e4074cab: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:e8:5f:11:7c brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-bdb0e4074cab
valid_lft forever preferred_lft forever
将mysql容器加入网络
docker network connect custom mysql
docker inspect mysql
除了原来的172.17.0.2,还多了一个172.18.0.2
"Networks": {
"bridge": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "9e88c56857896eb58b8a57275afbbf2e78d3cd57e40c36ae02ff691b0e54febb",
"EndpointID": "ad293430c85370bd50b9895bd3e6845871a8acc21c7e12fdace84d8a7debcb38",
"Gateway": "172.17.0.1",
"IPAddress": "172.17.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:11:00:02",
"DriverOpts": null
},
"custom": {
"IPAMConfig": {},
"Links": null,
"Aliases": [
"490c5351f09a"
],
"NetworkID": "bdb0e4074cab0638576323e650b04c2a79131a3172c4df192f8af0ae743e6a94",
"EndpointID": "58ef672e0341b7a6c6ff1a821c8f10682b1c2fe555b4e17a1d7d8c3183560cff",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:02",
"DriverOpts": {}
}
}
创建容器时直接加入网络的方法
先删除原来的mysql容器
docker stop mysql
docker rm -f mysql
创建mysql容器并加入自定义网络
docker run -d \
--name mysql \
--network custom \
-p 3306:3306 \
-e MYSQL_ROOT_PASSWORD=root \
-e TZ=Asia/Shanghai mysql
此时网络中只有custom,没有默认网桥了
docker inspect mysql
"Networks": {
"custom": {
"IPAMConfig": null,
"Links": null,
"Aliases": [
"bbb82708fb12"
],
"NetworkID": "bdb0e4074cab0638576323e650b04c2a79131a3172c4df192f8af0ae743e6a94",
"EndpointID": "ad405392631a3c8551df065621ae838049cdc0d0b7a7985d50485905f8a9302b",
"Gateway": "172.18.0.1",
"IPAddress": "172.18.0.2",
"IPPrefixLen": 16,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "02:42:ac:12:00:02",
"DriverOpts": null
}
}
