[9] Docker – Podstawy sieci
26 lutego 2021To są podstawy użycia do konfiguracji sieci Docker.
[1] Gdy uruchomisz kontenery bez wyspecyfikowanej sieci, domyślnie zostanie utworzony interfejs [bridge].
# wyświetl listę sieci [root@vlsr01 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE f97df0eedab6 bridge bridge local 8670c48bb4f4 host host local efb149833571 none null local # wyświetl szczegółowe informacje o [bridge] [root@vlsr01 ~]# docker network inspect bridge [ { "Name": "bridge", "Id": "f97df0eedab66cb9d7f29bd9233cb701bced21f603783a988cb82f7561433f1f", "Created": "2021-02-25T11:41:46.384095929+01:00", "Scope": "local", "Driver": "bridge", "EnableIPv6": false, "IPAM": { "Driver": "default", "Options": null, "Config": [ { "Subnet": "172.17.0.0/16" } ] }, "Internal": false, "Attachable": false, "Ingress": false, "ConfigFrom": { "Network": "" }, "ConfigOnly": false, "Containers": { "091ed20a5db735c3402124086087c47651d960bd26e7d89446c744ba0b8248b0": { "Name": "focused_maxwell", "EndpointID": "4d3d857d28c4f12979904059dc318d9fffaaea38bc1a372fd9962754fb8dcd23", "MacAddress": "02:42:ac:11:00:02", "IPv4Address": "172.17.0.2/16", "IPv6Address": "" }, "f4353080cf766dc43de19e4f2a55d51289120e748059c7d959d10d068db5688d": { "Name": "intelligent_hawking", "EndpointID": "40f9b0f1777aef17ff51f2aa9c2a291105f2c7749734d55ad56271499102c654", "MacAddress": "02:42:ac:11:00:04", "IPv4Address": "172.17.0.4/16", "IPv6Address": "" }, "ffa9303583f5436de39b70750060e6f675675f8ae6e68dee01af597d0e1c17b4": { "Name": "vibrant_mayer", "EndpointID": "4a229bd144f0efb6a602de6780fef829998b5dd1d9e66065f76c6cbe7f9869de", "MacAddress": "02:42:ac:11:00:03", "IPv4Address": "172.17.0.3/16", "IPv6Address": "" } }, "Options": { "com.docker.network.bridge.default_bridge": "true", "com.docker.network.bridge.enable_icc": "true", "com.docker.network.bridge.enable_ip_masquerade": "true", "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", "com.docker.network.bridge.name": "docker0", "com.docker.network.driver.mtu": "1500" }, "Labels": {} } ] # [bridge] jest domyślnie przypisany do kontenerów [root@vlsr01 ~]# docker run centos /usr/sbin/ip route default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5
[2] Jeśli chcesz podłączyć kolejną sieć postępuj następująco.
# stwórz sieć [network01] z adresacją [192.168.1.0/24] [root@vlsr01 ~]# docker network create --subnet 192.168.1.0/24 network01 60ff38fa6f60b79072803c9a9f3856269cfa57decbce63d8d77cb926df8b40f7 [root@vlsr01 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE f97df0eedab6 bridge bridge local 8670c48bb4f4 host host local 60ff38fa6f60 network01 bridge local efb149833571 none null local # uruchom kontener z nowododaną siecią [network01] [root@vlsr01 ~]# docker run --net network01 centos /usr/sbin/ip route default via 192.168.1.1 dev eth0 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2 # dołącz sieć do istniejącego i uruchomionego kontenera [root@vlsr01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 3f50cb89490d zicher.lab/centos-httpd "/usr/sbin/httpd -D …" 13 hours ago Up 13 hours 80/tcp epic_keldysh f4353080cf76 registry:2 "/entrypoint.sh /etc…" 19 hours ago Up 19 hours 0.0.0.0:5000->5000/tcp intelligent_hawking ffa9303583f5 zicher.lab/centos-nginx "/usr/sbin/nginx -g …" 23 hours ago Up 23 hours 0.0.0.0:8081->80/tcp vibrant_mayer 091ed20a5db7 centos "/bin/bash" 23 hours ago Up 23 hours focused_maxwell [root@vlsr01 certs]# docker exec 3f50cb89490d ip route default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5 # podłącz sieć do konkretnego adresu IP w sieci [root@vlsr01 ~]# docker network connect --ip 192.168.1.10 network01 3f50cb89490d [root@vlsr01 ~]# docker exec 3f50cb89490d ip route default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5 192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10 # odłącz sieć [root@vlsr01 ~]# docker network disconnect network01 3f50cb89490d [root@vlsr01 ~]# docker exec 3f50cb89490d ip route default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5
[3] Aby usunąć dodaną wcześniej sieć kontenera wykonaj.
[root@vlsr01 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE f97df0eedab6 bridge bridge local 8670c48bb4f4 host host local 60ff38fa6f60 network01 bridge local efb149833571 none null local # usuń sieć [network01] [root@vlsr01 ~]# docker network rm network01 network01 # usuń sieci, których kontenery w ogóle nie używają [root@vlsr01 ~]# docker network prune WARNING! This will remove all custom networks not used by at least one container. Are you sure you want to continue? [y/N] Y
4 Podłączenie kontenera do sieci hosta – NIE mostkowe połączenie
[root@vlsr01 ~]# docker network ls NETWORK ID NAME DRIVER SCOPE f97df0eedab6 bridge bridge local 8670c48bb4f4 host host local efb149833571 none null local [root@vlsr01 ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZE zicher.lab/centos-httpd latest fa88e0f72687 14 hours ago 250MB zicher.lab/centos-nginx latest e78c5cb00dad 23 hours ago 289MB registry 2 5c4008a25e05 31 hours ago 26.2MB nginx latest 35c43ace9216 8 days ago 133MB centos latest 300e315adb2f 2 months ago 209MB # uruchom kontener z siecią [host’a] [root@vlsr01 ~]# docker run -d --net host zicher.lab/centos-httpd 098db34be6ba2c73c1c60b6154b2130773ca5464e579a8556a3a2dd958ed1d8c [root@vlsr01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 098db34be6ba zicher.lab/centos-httpd "/usr/sbin/httpd -D …" 10 seconds ago Up 9 seconds practical_snyder 3f50cb89490d zicher.lab/centos-httpd "/usr/sbin/httpd -D …" 14 hours ago Up 14 hours 80/tcp epic_keldysh f4353080cf76 registry:2 "/entrypoint.sh /etc…" 19 hours ago Up 19 hours 0.0.0.0:5000->5000/tcp intelligent_hawking ffa9303583f5 zicher.lab/centos-nginx "/usr/sbin/nginx -g …" 23 hours ago Up 23 hours 0.0.0.0:8081->80/tcp vibrant_mayer 091ed20a5db7 centos "/bin/bash" 23 hours ago Up 23 hours focused_maxwell # port usługi [httpd] w kontenerze nasłuchuje w sieci hosta [root@vlsr01 ~]# ss -napt State Recv-Q Send-Q Local Address:Port Peer Address:Port Process LISTEN 0 128 0.0.0.0:8081 0.0.0.0:* users:(("docker-proxy",pid=4513,fd=4)) LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1095,fd=5)) LISTEN 0 128 0.0.0.0:5000 0.0.0.0:* users:(("docker-proxy",pid=5132,fd=4)) ESTAB 0 0 192.168.100.101:22 192.168.100.199:56205 users:(("sshd",pid=1589,fd=5),("sshd",pid=1574,fd=5)) LISTEN 0 128 *:80 *:* users:(("httpd",pid=7546,fd=4),("httpd",pid=7545,fd=4),("httpd",pid=7544,fd=4),("httpd",pid=7529,fd=4)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1095,fd=7)) LISTEN 0 128 *:9090 *:* users:(("systemd",pid=1,fd=51)) [root@vlsr01 ~]# curl localhost Dockerfile TEST w APACHE @ ZICHER.LAB