[9] Docker – Podstawy sieci

26 lutego 2021 Wyłączono przez Adam [zicherka] Nogły

To są podstawy użycia do konfiguracji sieci Docker.

[1] Gdy uruchomisz kontenery bez wyspecyfikowanej sieci, domyślnie zostanie utworzony interfejs [bridge].

# wyświetl listę sieci
[root@vlsr01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
f97df0eedab6 bridge bridge local
8670c48bb4f4 host host local
efb149833571 none null local

# wyświetl szczegółowe informacje o [bridge]
[root@vlsr01 ~]# docker network inspect bridge
[
{
"Name": "bridge",
"Id": "f97df0eedab66cb9d7f29bd9233cb701bced21f603783a988cb82f7561433f1f",
"Created": "2021-02-25T11:41:46.384095929+01:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"091ed20a5db735c3402124086087c47651d960bd26e7d89446c744ba0b8248b0": {
"Name": "focused_maxwell",
"EndpointID": "4d3d857d28c4f12979904059dc318d9fffaaea38bc1a372fd9962754fb8dcd23",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"f4353080cf766dc43de19e4f2a55d51289120e748059c7d959d10d068db5688d": {
"Name": "intelligent_hawking",
"EndpointID": "40f9b0f1777aef17ff51f2aa9c2a291105f2c7749734d55ad56271499102c654",
"MacAddress": "02:42:ac:11:00:04",
"IPv4Address": "172.17.0.4/16",
"IPv6Address": ""
},
"ffa9303583f5436de39b70750060e6f675675f8ae6e68dee01af597d0e1c17b4": {
"Name": "vibrant_mayer",
"EndpointID": "4a229bd144f0efb6a602de6780fef829998b5dd1d9e66065f76c6cbe7f9869de",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]

# [bridge] jest domyślnie przypisany do kontenerów
[root@vlsr01 ~]# docker run centos /usr/sbin/ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5

[2] Jeśli chcesz podłączyć kolejną sieć postępuj następująco.

# stwórz sieć [network01] z adresacją [192.168.1.0/24]
[root@vlsr01 ~]# docker network create --subnet 192.168.1.0/24 network01
60ff38fa6f60b79072803c9a9f3856269cfa57decbce63d8d77cb926df8b40f7
[root@vlsr01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
f97df0eedab6 bridge bridge local
8670c48bb4f4 host host local
60ff38fa6f60 network01 bridge local
efb149833571 none null local

# uruchom kontener z nowododaną siecią [network01]
[root@vlsr01 ~]# docker run --net network01 centos /usr/sbin/ip route
default via 192.168.1.1 dev eth0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2

# dołącz sieć do istniejącego i uruchomionego kontenera
[root@vlsr01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3f50cb89490d zicher.lab/centos-httpd "/usr/sbin/httpd -D …" 13 hours ago Up 13 hours 80/tcp epic_keldysh
f4353080cf76 registry:2 "/entrypoint.sh /etc…" 19 hours ago Up 19 hours 0.0.0.0:5000->5000/tcp intelligent_hawking
ffa9303583f5 zicher.lab/centos-nginx "/usr/sbin/nginx -g …" 23 hours ago Up 23 hours 0.0.0.0:8081->80/tcp vibrant_mayer
091ed20a5db7 centos "/bin/bash" 23 hours ago Up 23 hours focused_maxwell
[root@vlsr01 certs]# docker exec 3f50cb89490d ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5

# podłącz sieć do konkretnego adresu IP w sieci
[root@vlsr01 ~]# docker network connect --ip 192.168.1.10 network01 3f50cb89490d
[root@vlsr01 ~]# docker exec 3f50cb89490d ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.10

# odłącz sieć
[root@vlsr01 ~]# docker network disconnect network01 3f50cb89490d
[root@vlsr01 ~]# docker exec 3f50cb89490d ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.5

[3] Aby usunąć dodaną wcześniej sieć kontenera wykonaj.

[root@vlsr01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
f97df0eedab6 bridge bridge local
8670c48bb4f4 host host local
60ff38fa6f60 network01 bridge local
efb149833571 none null local
# usuń sieć [network01]
[root@vlsr01 ~]# docker network rm network01
network01

# usuń sieci, których kontenery w ogóle nie używają
[root@vlsr01 ~]# docker network prune
WARNING! This will remove all custom networks not used by at least one container.
Are you sure you want to continue? [y/N] Y

4 Podłączenie kontenera do sieci hosta – NIE mostkowe połączenie

[root@vlsr01 ~]# docker network ls
NETWORK ID NAME DRIVER SCOPE
f97df0eedab6 bridge bridge local
8670c48bb4f4 host host local
efb149833571 none null local
[root@vlsr01 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
zicher.lab/centos-httpd latest fa88e0f72687 14 hours ago 250MB
zicher.lab/centos-nginx latest e78c5cb00dad 23 hours ago 289MB
registry 2 5c4008a25e05 31 hours ago 26.2MB
nginx latest 35c43ace9216 8 days ago 133MB
centos latest 300e315adb2f 2 months ago 209MB

# uruchom kontener z siecią [host’a]
[root@vlsr01 ~]# docker run -d --net host zicher.lab/centos-httpd
098db34be6ba2c73c1c60b6154b2130773ca5464e579a8556a3a2dd958ed1d8c
[root@vlsr01 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
098db34be6ba zicher.lab/centos-httpd "/usr/sbin/httpd -D …" 10 seconds ago Up 9 seconds practical_snyder
3f50cb89490d zicher.lab/centos-httpd "/usr/sbin/httpd -D …" 14 hours ago Up 14 hours 80/tcp epic_keldysh
f4353080cf76 registry:2 "/entrypoint.sh /etc…" 19 hours ago Up 19 hours 0.0.0.0:5000->5000/tcp intelligent_hawking
ffa9303583f5 zicher.lab/centos-nginx "/usr/sbin/nginx -g …" 23 hours ago Up 23 hours 0.0.0.0:8081->80/tcp vibrant_mayer
091ed20a5db7 centos "/bin/bash" 23 hours ago Up 23 hours focused_maxwell

# port usługi [httpd] w kontenerze nasłuchuje w sieci hosta
[root@vlsr01 ~]# ss -napt
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 128 0.0.0.0:8081 0.0.0.0:* users:(("docker-proxy",pid=4513,fd=4))
LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=1095,fd=5))
LISTEN 0 128 0.0.0.0:5000 0.0.0.0:* users:(("docker-proxy",pid=5132,fd=4))
ESTAB 0 0 192.168.100.101:22 192.168.100.199:56205 users:(("sshd",pid=1589,fd=5),("sshd",pid=1574,fd=5))
LISTEN 0 128 *:80 *:* users:(("httpd",pid=7546,fd=4),("httpd",pid=7545,fd=4),("httpd",pid=7544,fd=4),("httpd",pid=7529,fd=4))
LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=1095,fd=7))
LISTEN 0 128 *:9090 *:* users:(("systemd",pid=1,fd=51))

[root@vlsr01 ~]# curl localhost
Dockerfile TEST w APACHE @ ZICHER.LAB