Docker 17 中文开发手册
简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)
directory search
Compose About versions and upgrading (Compose) ASP.NET Core + SQL Server on Linux (Compose) CLI environment variables (Compose) Command-line completion (Compose) Compose(组成) Compose command-line reference(组合命令行参考) Control startup order (Compose) Django and PostgreSQL (Compose) Docker stacks and distributed application bundles (Compose) docker-compose build(docker-compose构建) docker-compose bundle docker-compose config docker-compose create docker-compose down docker-compose events docker-compose exec docker-compose help docker-compose images docker-compose kill docker-compose logs docker-compose pause docker-compose port docker-compose ps docker-compose pull docker-compose push docker-compose restart docker-compose rm docker-compose run docker-compose scale docker-compose start docker-compose stop docker-compose top docker-compose unpause docker-compose up Environment file (Compose) Environment variables in Compose Extend services in Compose Frequently asked questions (Compose) Getting started (Compose) Install Compose Link environment variables (deprecated) (Compose) Networking in Compose Overview of Docker Compose Overview of docker-compose CLI Quickstart: Compose and WordPress Rails and PostgreSQL (Compose) Sample apps with Compose Using Compose in production Using Compose with Swarm Engine .NET Core application (Engine) About images, containers, and storage drivers (Engine) Add nodes to the swarm (Engine) Apply custom metadata (Engine) Apply rolling updates (Engine) apt-cacher-ng Best practices for writing Dockerfiles (Engine) Binaries (Engine) Bind container ports to the host (Engine) Breaking changes (Engine) Build your own bridge (Engine) Configure container DNS (Engine) Configure container DNS in user-defined networks (Engine) CouchDB (Engine) Create a base image (Engine) Create a swarm (Engine) Customize the docker0 bridge (Engine) Debian (Engine) Default bridge network Delete the service (Engine) Deploy a service (Engine) Deploy services to a swarm (Engine) Deprecated Engine features Docker container networking (Engine) Docker overview (Engine) Docker run reference (Engine) Dockerfile reference (Engine) Dockerize an application Drain a node (Engine) Engine FAQ (Engine) Fedora (Engine) Get started (Engine) Get started with macvlan network driver (Engine) Get started with multi-host networking (Engine) How nodes work (Engine) How services work (Engine) Image management (Engine) Inspect the service (Engine) Install Docker (Engine) IPv6 with Docker (Engine) Join nodes to a swarm (Engine) Legacy container links (Engine) Lock your swarm (Engine) Manage nodes in a swarm (Engine) Manage sensitive data with Docker secrets (Engine) Manage swarm security with PKI (Engine) Manage swarm service networks (Engine) Migrate to Engine 1.10 Optional Linux post-installation steps (Engine) Overview (Engine) PostgreSQL (Engine) Raft consensus in swarm mode (Engine) Riak (Engine) Run Docker Engine in swarm mode Scale the service (Engine) SDKs (Engine) Select a storage driver (Engine) Set up for the tutorial (Engine) SSHd (Engine) Storage driver overview (Engine) Store service configuration data (Engine) Swarm administration guide (Engine) Swarm mode key concepts (Engine) Swarm mode overlay network security model (Engine) Swarm mode overview (Engine) Understand container communication (Engine) Use multi-stage builds (Engine) Use swarm mode routing mesh (Engine) Use the AUFS storage driver (Engine) Use the Btrfs storage driver (Engine) Use the Device mapper storage driver (Engine) Use the OverlayFS storage driver (Engine) Use the VFS storage driver (Engine) Use the ZFS storage driver (Engine) Engine: Admin Guide Amazon CloudWatch logs logging driver (Engine) Bind mounts (Engine) Collect Docker metrics with Prometheus (Engine) Configuring and running Docker (Engine) Configuring logging drivers (Engine) Control and configure Docker with systemd (Engine) ETW logging driver (Engine) Fluentd logging driver (Engine) Format command and log output (Engine) Google Cloud logging driver (Engine) Graylog Extended Format (GELF) logging driver (Engine) Journald logging driver (Engine) JSON File logging driver (Engine) Keep containers alive during daemon downtime (Engine) Limit a container's resources (Engine) Link via an ambassador container (Engine) Log tags for logging driver (Engine) Logentries logging driver (Engine) PowerShell DSC usage (Engine) Prune unused Docker objects (Engine) Run multiple services in a container (Engine) Runtime metrics (Engine) Splunk logging driver (Engine) Start containers automatically (Engine) Storage overview (Engine) Syslog logging driver (Engine) tmpfs mounts Troubleshoot volume problems (Engine) Use a logging driver plugin (Engine) Using Ansible (Engine) Using Chef (Engine) Using Puppet (Engine) View a container's logs (Engine) Volumes (Engine) Engine: CLI Daemon CLI reference (dockerd) (Engine) docker docker attach docker build docker checkpoint docker checkpoint create docker checkpoint ls docker checkpoint rm docker commit docker config docker config create docker config inspect docker config ls docker config rm docker container docker container attach docker container commit docker container cp docker container create docker container diff docker container exec docker container export docker container inspect docker container kill docker container logs docker container ls docker container pause docker container port docker container prune docker container rename docker container restart docker container rm docker container run docker container start docker container stats docker container stop docker container top docker container unpause docker container update docker container wait docker cp docker create docker deploy docker diff docker events docker exec docker export docker history docker image docker image build docker image history docker image import docker image inspect docker image load docker image ls docker image prune docker image pull docker image push docker image rm docker image save docker image tag docker images docker import docker info docker inspect docker kill docker load docker login docker logout docker logs docker network docker network connect docker network create docker network disconnect docker network inspect docker network ls docker network prune docker network rm docker node docker node demote docker node inspect docker node ls docker node promote docker node ps docker node rm docker node update docker pause docker plugin docker plugin create docker plugin disable docker plugin enable docker plugin inspect docker plugin install docker plugin ls docker plugin push docker plugin rm docker plugin set docker plugin upgrade docker port docker ps docker pull docker push docker rename docker restart docker rm docker rmi docker run docker save docker search docker secret docker secret create docker secret inspect docker secret ls docker secret rm docker service docker service create docker service inspect docker service logs docker service ls docker service ps docker service rm docker service scale docker service update docker stack docker stack deploy docker stack ls docker stack ps docker stack rm docker stack services docker start docker stats docker stop docker swarm docker swarm ca docker swarm init docker swarm join docker swarm join-token docker swarm leave docker swarm unlock docker swarm unlock-key docker swarm update docker system docker system df docker system events docker system info docker system prune docker tag docker top docker unpause docker update docker version docker volume docker volume create docker volume inspect docker volume ls docker volume prune docker volume rm docker wait Use the Docker command line (Engine) Engine: Extend Access authorization plugin (Engine) Docker log driver plugins Docker network driver plugins (Engine) Extending Engine with plugins Managed plugin system (Engine) Plugin configuration (Engine) Plugins API (Engine) Volume plugins (Engine) Engine: Security AppArmor security profiles for Docker (Engine) Automation with content trust (Engine) Content trust in Docker (Engine) Delegations for content trust (Engine) Deploying Notary (Engine) Docker security (Engine) Docker security non-events (Engine) Isolate containers with a user namespace (Engine) Manage keys for content trust (Engine) Play in a content trust sandbox (Engine) Protect the Docker daemon socket (Engine) Seccomp security profiles for Docker (Engine) Secure Engine Use trusted images Using certificates for repository client verification (Engine) Engine: Tutorials Engine tutorials Network containers (Engine) Get Started Part 1: Orientation Part 2: Containers Part 3: Services Part 4: Swarms Part 5: Stacks Part 6: Deploy your app Machine Amazon Web Services (Machine) Digital Ocean (Machine) docker-machine active docker-machine config docker-machine create docker-machine env docker-machine help docker-machine inspect docker-machine ip docker-machine kill docker-machine ls docker-machine provision docker-machine regenerate-certs docker-machine restart docker-machine rm docker-machine scp docker-machine ssh docker-machine start docker-machine status docker-machine stop docker-machine upgrade docker-machine url Driver options and operating system defaults (Machine) Drivers overview (Machine) Exoscale (Machine) Generic (Machine) Get started with a local VM (Machine) Google Compute Engine (Machine) IBM Softlayer (Machine) Install Machine Machine Machine CLI overview Machine command-line completion Machine concepts and help Machine overview Microsoft Azure (Machine) Microsoft Hyper-V (Machine) Migrate from Boot2Docker to Machine OpenStack (Machine) Oracle VirtualBox (Machine) Provision AWS EC2 instances (Machine) Provision Digital Ocean Droplets (Machine) Provision hosts in the cloud (Machine) Rackspace (Machine) VMware Fusion (Machine) VMware vCloud Air (Machine) VMware vSphere (Machine) Notary Client configuration (Notary) Common Server and signer configurations (Notary) Getting started with Notary Notary changelog Notary configuration files Running a Notary service Server configuration (Notary) Signer configuration (Notary) Understand the service architecture (Notary) Use the Notary client

©
This document uses PHP Chinese website manual Release

characters

本文使用一个示例来解释创建多主机网络的基础知识。Docker 通过overlay网络驱动程序支持多主机网络。与bridge网络不同,覆盖网络需要一些预先存在的条件才能创建一个:

  • Docker以群集模式运行

  • 使用密钥值存储的主机群集

覆盖网络和群集模式

使用以群模式运行的 Docker,您可以在管理器节点上创建覆盖网络。

群体使覆盖网络只能用于群体中需要服务的节点。当您创建使用覆盖网络的服务时,管理器节点会自动将覆盖网络扩展到运行服务任务的节点。

要了解有关在群集模式下运行 Docker 的更多信息,请参阅群集模式概述。

下面的例子显示了如何创建一个网络并将其用于群中管理器节点的服务:

# Create an overlay network `my-multi-host-network`.$ docker network create \  --driver overlay \  --subnet 10.0.9.0/24 \
  my-multi-host-network

400g6bwzd68jizzdx5pgyoe95

# Create an nginx service and extend the my-multi-host-network to nodes where
# the service's tasks run.$ docker service create --replicas 2 --network my-multi-host-network --name my-web nginx

716thylsndqma81j6kkkb5aus

群集的覆盖网络不适用于非托管容器。有关更多信息,请参阅 Docker 群集模式覆盖网络安全模型。

另请参阅将服务附加到覆盖网络。

使用外部键值存储覆盖网络

要将 Docker 引擎与外部键值存储一起使用,您需要以下内容:

  • 访问键值存储。Docker 支持 Consul,Etcd 和 ZooKeeper(分布式存储)键值存储。

  • 连接到键值存储的主机集群。

  • daemon集群中每台主机上配置正确的引擎。

  • 集群中的主机必须具有唯一主机名,因为键值存储使用主机名来标识集群成员。

虽然 Docker Machine 和 Docker Swarm 不是强制性体验 Docker 多主机网络的关键值存储,但此示例使用它们来说明它们是如何集成的。您将使用 Machine 来创建键值存储服务器和主机群集。这个例子创建了一个swarm 集群。

注意:以群集模式运行的 Docker Engine 与外部键值存储的网络不兼容。

先决条件

在开始之前,请确保您的网络上安装了最新版本的 Docker Engine 和 Docker Machine。这个例子也依赖于VirtualBox。如果您使用 Docker Toolbox 安装在 Mac 或 Windows上,则已经安装了所有这些设备。

如果您尚未这样做,请确保将 Docker Engine 和 Docker Machine 升级到最新版本。

设置一个键值存储

覆盖网络需要键值存储。键值存储保存有关网络状态的信息,其中包括发现,网络,端点,IP 地址等。Docker 支持 Consul,Etcd 和 ZooKeeper键值存储。这个例子使用 Consul。

  1. 登录到使用先决条件 Docker Engine,Docker Machine 和 VirtualBox软件准备的系统。

  1. 配置名为的 VirtualBox 机器mh-keystore

$ docker-machine create -d virtualbox mh-keystore

当您供应新机器时,该流程会将 Docker Engine 添加到主机。这意味着不是手动安装 Consul,而是使用Docker Hub 的 consul镜像创建一个实例。你会在下一步做到这一点。

  1. 将您的本地环境设置为mh-keystore机器。$ eval“$(docker-machine env mh-keystore)”

  1. 启动progrium/consulmh-keystore机器上运行的容器。

$ docker run -d \ -p“8500:8500”\ -h“consul”\ progrium / consul -server -bootstrap

客户端启动progrium/consulmh-keystore机器中运行的映像。服务器被调用consul并正在侦听端口8500

  1. Run the docker ps command to see the consul container. $ docker ps   CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                                            NAMES  4d51392253b3        progrium/consul     "/bin/start -server -"   25 minutes ago      Up 25 minutes       53/tcp, 53/udp, 8300-8302/tcp, 0.0.0.0:8500->8500/tcp, 8400/tcp, 8301-8302/udp   admiring_panini Keep your terminal open and move onto the next step.Create a swarm clusterIn this step, you use docker-machine为您的网络配置主机。此时,您不会真正创建网络。您将在VirtualBox中创建多台机器。其中一台机器将作为swarm master; 你会先创建它。在创建每台主机时,您需要在overlay网络驱动程序所需的机器上传递引擎。

  1. 创建一个swarm主。

$ docker-machine create \ -d virtualbox \ --swarm --swarm-master \ --swarm-discovery =“consul:// $(docker-machine ip mh -keystore):8500”\ --engine-opt = “cluster-store = consul:// $(docker-machine ip mh -keystore):8500”\ --engine-opt =“cluster-advertise = eth1:2376”\ mhs-demo0

在创建时,您可以为引擎daemon提供--cluster-store选项。该选项告诉引擎overlay网络的键值存储位置。bash扩展$(docker-machine ip mh-keystore)解析为您在“步骤1”中创建的Consul服务器的IP地址。该--cluster-advertise选项通告网络上的机器。

  1. 创建另一个主机并将其添加到群集。$ docker-machine create -d virtualbox \ --swarm \ --swarm-discovery =“consul:// $(docker-machine ip mh -keystore):8500”\ --engine-opt =“cluster-store = consul :// $(docker-machine ip mh-keystore):8500“\ --engine-opt =”cluster-advertise = eth1:2376“\ mhs-demo1

  1. 列出您的机器以确认它们全部正常运行。

$ docker-machine ls NAME ACTIVE DRIVER STATE URL SWARM default  -  virtualbox运行tcp://192.168.99.100:2376 mh -keystore * virtualbox运行tcp://192.168.99.103:2376 mhs-demo0  -  virtualbox运行tcp://192.168 .99.104:2376 mhs-demo0(主)mhs-demo1  -  virtualbox运行tcp://192.168.99.105:2376 mhs-demo0

此时,您的网络上正在运行一组主机。您已准备好使用这些主机为容器创建多主机网络。

将您的终端打开并继续下一步。

创建覆盖网络

创建覆盖网络

  1. 将 docker 环境设置为 swarm master。$ eval $(docker-machine env --swarm mhs-demo0)使用该--swarm标志docker-machine限制了docker单独集群信息的命令。

  1. 使用该docker info命令查看群。

$ docker info容器:3图像:2角色:主要策略:传播过滤器:亲和力,健康,约束,端口,依赖关系节点:2 mhs-demo0:192.168.99.104:2376└容器:2└保留的CPU:0/1└保留内存:0 B / 1.021 GiB└标签:executiondriver = native-0.2,kernelversion = 4.1.10-boot2docker,operatingsystem = Boot2Docker 1.9.0(TCL 6.4); master:4187d2c  -  Wed Oct 14 14:00:28 UTC 2015,provider = virtualbox,storagedriver = aufs mhs-demo1:192.168.99.105:2376└Containers:1└Reserved CPUs:0/1└Reserved Memory:0 B / 1.021 GiB└标签:executiondriver = native-0.2,kernelversion = 4.1.10-boot2docker,operatingsystem = Boot2Docker 1.9.0(TCL 6.4); master:4187d2c  -  Wed Oct 14 14:00:28 UTC 2015,provider = virtualbox,storagedriver = aufs CPUs:2总内存:2.043 GiB名称:30438ece0915

根据这些信息,您可以看到您正在 Master 上运行三个容器和两个图像。

  1. 创建您的overlay网络。$ docker network create --driver overlay --subnet = 10.0.9.0 / 24 my-net您只需要在集群中的单个主机上创建网络。在这种情况下,您使用了swarm master,但您可以轻松地在集群中的任何主机上运行它。  注意:强烈建议--subnet在创建网络时使用该选项。如果--subnet未指定,则docker守护进程会自动选择并为网络分配一个子网,并且可能会与您的基础架构中未由 docker 管理的另一个子网重叠。当容器连接到该网络时,这种重叠会导致连接问题或失败。

  1. 检查网络是否正在运行:

$泊坞窗网LS网络ID名称驱动程序412c2496d0eb MHS-demo1的/主机主机dd51763e6dd2 MHS-demo0 /桥桥6b07d0be843f b4234109bd9b MHS-demo0 /无空1aeead6dd890 MHS-demo0 /主机主机我的网覆盖d0bb78cbe7bd MHS-demo1的/桥桥1c0eb8f69ebb MHS -demo1 / null的无

当您处于 swarm master 环境中时,您会看到所有 swarm agent 上的所有网络:每个引擎上的默认网络和单个覆盖网络。注意每个NETWORK ID都是唯一的。

  1. Switch to each swarm agent in turn and list the networks. $ eval $(docker-machine env mhs-demo0)  $ docker network ls  NETWORK ID          NAME                DRIVER 6b07d0be843f        my-net              overlay dd51763e6dd2        bridge              bridge b4234109bd9b        none                null 1aeead6dd890        host                host  $ eval $(docker-machine env mhs-demo1)  $ docker network ls  NETWORK ID          NAME                DRIVER d0bb78cbe7bd        bridge              bridge 1c0eb8f69ebb        none                null 412c2496d0eb        host                host 6b07d0be843f        my-net              overlay Both agents report they have the my-net network with the 6b07d0be843fID。您现在正在运行多主机容器网络!在网络上运行应用程序一旦创建了网络,您就可以在任何主机上启动容器,并且它自动成为网络的一部分。

  1. 将你的环境指向 swarm master。

$ eval $(docker-machine env --swarm mhs-demo0)

  1. mhs-demo0实例上启动一个Nginx Web服务器。$ docker run -itd --name = web --network = my-net --env =“constraint:node == mhs-demo0”nginx

  1. 在实例上运行 BusyBox 实例mhs-demo1并获取Nginx服务器主页的内容。

$ docker run -it --rm --network=my-net --env="constraint:node==mhs-demo1" busybox wget -O- http://web  Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox ab2b8a86ca6c: Pull complete 2c5ac3f849df: Pull complete Digest: sha256:5551dbdfc48d66734d0f01cafee0952cb6e8eeecd1e2492240bf2fd9640c2279 Status: Downloaded newer image for busybox:latest Connecting to web (10.0.0.2:80) <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body {         width: 35em;         margin: 0 auto;         font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p>  <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p>  <p><em>Thank you for using nginx.</em></p> </body> </html> -                    100% |*******************************|   612   0:00:00 ETA

检查外部连接

如您所见,Docker 的内置覆盖网络驱动程序可在同一网络中多个主机上的容器之间提供开箱即用的连接。另外,连接到多主机网络的容器会自动连接到docker_gwbridge网络。该网络允许容器在群集外部具有外部连接。

  1. 将您的环境更改为swarm agent。$ eval $(docker-machine env mhs-demo1)

  1. docker_gwbridge通过列出网络来查看网络。

$ LS泊坞窗网络ID网络名称驱动程序6b07d0be843f我网覆盖dd51763e6dd2桥桥b4234109bd9b返回null 1aeead6dd890主机主桥e1dbd5dff8be docker_gwbridge

  1. 重复swarm master上的步骤1和2。$ eval $(docker-machine env mhs-demo0)$ docker network ls NETWORK ID NAME DRIVER 6b07d0be843f my-net overlay d0bb78cbe7bd bridge bridge 1c0eb8f69ebb none null 412c2496d0eb host host 97102a22e8d2 docker_gwbridge bridge

  1. 检查Nginx容器的网络接口。

00:00:00:00:00 brd 00:00:00:00:00:$ docker exec web ip addr 1:lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group默认链接/ 00 inet 127.0.0.1/8作用域主机lo valid_lft永远preferred_lft永远inet6 :: 1/128作用域主机valid_lft永远preferred_lft永远22:eth0:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue状态UP组默认链接/ ether 02:42:0a:00:09:03 brd ff:ff:ff:ff:ff:inet 10.0.9.3/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80 :: 42:aff:fe00:903/64 scope永久链接valid_lft preferred_lft forever 24:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link / ether 02:42:ac:12:00:02 brd ff:ff:ff:ff:ff :ff inet 172.18.0。2/16范围全局eth1 valid_lft永远preferred_lft永远inet6 fe80 :: 42:acff:fe12:2/64范围链接valid_lft forever永远preferred_lft永远

eth0接口表示连接到my-net覆盖网络的容器接口。虽然eth1接口代表连接到所述容器的接口docker_gwbridge网络。

使用Docker撰写额外功劳

请参阅 Compose V2 格式中介绍的网络功能,并在上述群集中执行多主机网络场景。

相关信息

  • 了解 Docker 容器网络

  • 使用网络命令

  • Docker群集概述

  • Docker机器概述

Previous article: Next article: