1. /
  2. /
  3. /
  4. UdemyでDockerを学ぶ④ 〜Section4〜 (Docker Network編)

UdemyでDockerを学ぶ④ 〜Section4〜 (Docker Network編)

リンクバル技術部の川畑です。前回の記事UdemyでDockerを学ぶ③ 〜Section3〜(Docker Compose編)では、主にDocker Composeを利用したDockerコンテナのの管理について学びました。今回はDockerのネットワーク管理が中心となります。それでは見ていきましょう。

目次

「Section4: The Complete Docker Course for DevOps and Developers」の内容

Section4の内容は以下の通り。

  • 24 Introduction to Docker Networking
  • 25 None Network
  • 26 Bridge Network
  • 27 Host Network and Overlay Network
  • 28 Define Container Networks with Docker Compose

24. Introduction to Docker Networking

  • Docker Networkのタイプは4種類
    • Closed Network / None Network
    • Bridge Network
    • Host Network
    • Overlay Network
  • デフォルトは「Bridge Network」

Docker Networkの確認

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID NAME DRIVER SCOPE
cd6c5f3cd5d9 bridge bridge local
0193aefaa52c host host local
9f12416e8aeb none null local
ubuntu@ubuntu-xenial:~/dockerapp$
[/bash]

25. None Network

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d –net none busybox sleep 1000
Unable to find image ‘busybox:latest’ locally
latest: Pulling from library/busybox
7520415ce762: Pull complete
Digest: sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f
Status: Downloaded newer image for busybox:latest
5fb23f4e716999064a525b60f209e4547bd6af9f85cc0c46b61d8d911bbf7641
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it 5fb23f4e716999064a525b60f209e4547bd6af9f85cc0c46b61d8d911bbf7641 /bin/ash
/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network is unreachable
/ # ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

/ #
[/bash]

None Network

  • Provides the maximum level of network protection.
  • Not a good choice if network or Internet connection is required.
  • Suites well where the container require the maximum level of network security and network access is not necessary.

26. Bridge Network

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID NAME DRIVER SCOPE
0b31dea75498 bridge bridge local
bc985f2eed5d dockerapp_default bridge local
0193aefaa52c host host local
9f12416e8aeb none null local
ubuntu@ubuntu-xenial:~/dockerapp$ docker network inspect bridge
[
{
"Name": "bridge",
"Id": "0b31dea7549895f21d615eedbddf3f34f77deb39a2b8505c3fa0195b00cfc30f",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
] },
"Internal": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
] ubuntu@ubuntu-xenial:~/dockerapp$
[/bash]

Subnetは”172.17.0.0/16″

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d –name container_1 busybox sleep 1000
f2c50e2ff99a800ec33771c72fcf8444ad6c7f9bbbe24d72c856e23b5393907e
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_1 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d –name container_3 busybox sleep 1000
fd048b53724e954a3e4722aa8e882b40624df87a6ecde00cc868266182c72879
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_3 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:11:00:03
inet addr:172.17.0.3 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_1 ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.143 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.110 ms
64 bytes from 172.17.0.3: seq=2 ttl=64 time=0.100 ms
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_1 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=61 time=15.758 ms
64 bytes from 8.8.8.8: seq=1 ttl=61 time=14.039 ms
64 bytes from 8.8.8.8: seq=2 ttl=61 time=9.946 ms
[/bash]

bridge network作成

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker network create –driver bridge my_bridge_network
bb058af389823805a58c74d802145074586c3ee1ecc3069422caf26dc3ad6660
ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID NAME DRIVER SCOPE
0b31dea75498 bridge bridge local
bc985f2eed5d dockerapp_default bridge local
0193aefaa52c host host local
bb058af38982 my_bridge_network bridge local
9f12416e8aeb none null local
ubuntu@ubuntu-xenial:~/dockerapp$ docker network inspect my_bridge_network
[
{
"Name": "my_bridge_network",
"Id": "bb058af389823805a58c74d802145074586c3ee1ecc3069422caf26dc3ad6660",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1/16"
}
] },
"Internal": false,
"Containers": {},
"Options": {},
"Labels": {}
}
]

※新しく作成したnetworkを指定してcontainerを作成
ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d –name container_4 –net my_bridge_network busybox sleep 1000
546adaecc4c4657182df944e99d9c2759113963d46378e4bae90868e83bca33b
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:13:00:02
inet addr:172.19.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe13:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1296 (1.2 KiB) TX bytes:648 (648.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

※別のnetworkへのpingは失敗
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
^C
— 172.17.0.2 ping statistics —
48 packets transmitted, 0 packets received, 100% packet loss
ubuntu@ubuntu-xenial:~/dockerapp$
[/bash]

docker network connect

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker network connect bridge container_4
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:13:00:02
inet addr:172.19.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe13:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1380 (1.3 KiB) TX bytes:5436 (5.3 KiB)

eth1 Link encap:Ethernet HWaddr 02:42:AC:11:00:02
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:648 (648.0 B) TX bytes:648 (648.0 B)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.050 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.046 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.047 ms
[/bash]

docker network disconnect

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker network disconnect bridge container_4
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ifconfig
eth0 Link encap:Ethernet HWaddr 02:42:AC:13:00:02
inet addr:172.19.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:acff:fe13:2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1380 (1.3 KiB) TX bytes:5436 (5.3 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:672 (672.0 B) TX bytes:672 (672.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$
[/bash]

Bridge Network

  • In a bridge network, containers have access to two network interfaces.
    • A loopback interface
    • A private interface
  • All containers in the same bridge network can communicate with each other.
  • Containers from different bridge networks can’t connect with each other by default.
  • Reduces the level of network isolation in favor of better outside connectivity.
  • Most suitable where you want to setup a relatively small network on a single host.

27. Host Network and Overlay Network

Host Network

  • The least protected network model, it adds a container on the host’s network stack.
  • Containers deployed on the host stack have full access to the host’s interface
  • This kind of containers are usually called open containers.
[bash] ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d –name container_5 –net host busybox sleep 1000
055a8818110db06b3fda5189a1036f6a4cf44360dbb20112cac731807ef1ac58
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_5 ifconfig
br-bb058af38982 Link encap:Ethernet HWaddr 02:42:AA:D1:B4:A8
inet addr:172.19.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:aaff:fed1:b4a8/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:58 errors:0 dropped:0 overruns:0 frame:0
TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4624 (4.5 KiB) TX bytes:732 (732.0 B)

br-bc985f2eed5d Link encap:Ethernet HWaddr 02:42:30:C9:BE:0A
inet addr:172.18.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:30ff:fec9:be0a/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3384 (3.3 KiB) TX bytes:648 (648.0 B)

docker0 Link encap:Ethernet HWaddr 02:42:42:AD:7F:51
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:42ff:fead:7f51/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:31938 errors:0 dropped:0 overruns:0 frame:0
TX packets:47396 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1478517 (1.4 MiB) TX bytes:111420104 (106.2 MiB)

enp0s3 Link encap:Ethernet HWaddr 02:1B:66:AB:E9:71
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::1b:66ff:feab:e971/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:470407 errors:0 dropped:0 overruns:0 frame:0
TX packets:221341 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:603222228 (575.2 MiB) TX bytes:91959788 (87.6 MiB)

enp0s8 Link encap:Ethernet HWaddr 08:00:27:39:AA:43
inet addr:192.168.33.11 Bcast:192.168.33.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe39:aa43/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:345 errors:0 dropped:0 overruns:0 frame:0
TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:43876 (42.8 KiB) TX bytes:178420 (174.2 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
[/bash]

※Hostとすべてのbridge networkのネットワークからアクセスできる

Host Network

  • Minimum network security level.
  • No isolation on this type of open containers, thus leave the container widely unprotected.
  • Containers running in the host networkstack should see a higher level of performance than those traversing the docker0 bridge and iptables port mapings.

Overlay Network

  • Supports multi-host networking out-of-the-box.
  • Require some pre-existing conditions before it can be created.
    • Running Docker engine in Swarm mode.
    • A key-value store such as consul.

※プロダクションはOverlay Network

28 Define Container Networks with Docker Compose

[bash] ubuntu@ubuntu-xenial:~/dockerapp$ git stash && git checkout v0.4
Saved working directory and index state WIP on (no branch): b3823ad introduce docker compose
HEAD is now at b3823ad introduce docker compose
HEAD is now at b3823ad… introduce docker compose

※バックグランドで起動(初回起動時は「Creating network」が標準出力される)
ubuntu@ubuntu-xenial:~/dockerapp$ docker-compose up -d
Starting dockerapp_redis_1
Recreating dockerapp_dockerapp_1
ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID NAME DRIVER SCOPE
0b31dea75498 bridge bridge local
bc985f2eed5d dockerapp_default bridge local
0193aefaa52c host host local
bb058af38982 my_bridge_network bridge local
9f12416e8aeb none null local

※Container停止
ubuntu@ubuntu-xenial:~/dockerapp$ docker-compose down
Stopping dockerapp_dockerapp_1 … done
Stopping dockerapp_redis_1 … done
Removing dockerapp_dockerapp_1 … done
Removing dockerapp_redis_1 … done
Removing network dockerapp_default

※docker-compose.ymlにnetwork追記
ubuntu@ubuntu-xenial:~/dockerapp$ vi docker-compose.yml
———-
version: ‘2’
services:
dockerapp:
build: .
ports:
– "5000:5000"
volumes:
– ./app:/app
networks:
– my_net

redis:
image: redis:3.2.0
networks:
– my_net

networks:
my_net:
driver: bridge
———-

※再度Containerを起動して指定したnetworkが作成されるか確認
ubuntu@ubuntu-xenial:~/dockerapp$ docker-compose up -d
Creating network "dockerapp_my_net" with driver "bridge"
Creating dockerapp_redis_1
Creating dockerapp_dockerapp_1
[/bash]

sample docker-compose.yml

[bash] Version: ‘2’

services:
proxy:
build: ./proxy
networks:
– front
app:
build: ./app
networks:
– front
– back
db:
image: postgres
networks:
– back

networks:
front:
# Use a custom driver
driver: custom-driver-1
back:
# Use a custom driver which takes special options
driver: custom-driver-2
driver_opts:
foo: "1"
bar: "2"
[/bash]

おわりに

今回は主にDockerイメージの管理について学びました。Udemyの本講座はまだまだつづきますが、キリが良いので今回のレポートはここまでとさせて頂きます。

リンクバルでは エンジニアを積極募集中 です。興味のある方のご応募お待ちしております。

© Copyright 2024 LINKBAL Blog. All rights reserved.