UdemyでDockerを学ぶ④ 〜Section4〜 (Docker Network編)


リンクバル技術部の川畑です。前回の記事UdemyでDockerを学ぶ③ 〜Section3〜(Docker Compose編)では、主にDocker Composeを利用したDockerコンテナのの管理について学びました。今回はDockerのネットワーク管理が中心となります。それでは見ていきましょう。

「Section4: The Complete Docker Course for DevOps and Developers」の内容

Section4の内容は以下の通り。

  • 24 Introduction to Docker Networking
  • 25 None Network
  • 26 Bridge Network
  • 27 Host Network and Overlay Network
  • 28 Define Container Networks with Docker Compose

24. Introduction to Docker Networking

  • Docker Networkのタイプは4種類
    • Closed Network / None Network
    • Bridge Network
    • Host Network
    • Overlay Network
  • デフォルトは「Bridge Network」

Docker Networkの確認

ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
cd6c5f3cd5d9        bridge              bridge              local
0193aefaa52c        host                host                local
9f12416e8aeb        none                null                local
ubuntu@ubuntu-xenial:~/dockerapp$

25. None Network

ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d --net none busybox sleep 1000
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
7520415ce762: Pull complete
Digest: sha256:32f093055929dbc23dec4d03e09dfe971f5973a9ca5cf059cbfb644c206aa83f
Status: Downloaded newer image for busybox:latest
5fb23f4e716999064a525b60f209e4547bd6af9f85cc0c46b61d8d911bbf7641
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it 5fb23f4e716999064a525b60f209e4547bd6af9f85cc0c46b61d8d911bbf7641 /bin/ash
/ # ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network is unreachable
/ # ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

/ #

None Network

  • Provides the maximum level of network protection.
  • Not a good choice if network or Internet connection is required.
  • Suites well where the container require the maximum level of network security and network access is not necessary.

26. Bridge Network

ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
0b31dea75498        bridge              bridge              local
bc985f2eed5d        dockerapp_default   bridge              local
0193aefaa52c        host                host                local
9f12416e8aeb        none                null                local
ubuntu@ubuntu-xenial:~/dockerapp$ docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "0b31dea7549895f21d615eedbddf3f34f77deb39a2b8505c3fa0195b00cfc30f",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Containers": {},
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]
ubuntu@ubuntu-xenial:~/dockerapp$

Subnetは”172.17.0.0/16″

ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d --name container_1 busybox sleep 1000
f2c50e2ff99a800ec33771c72fcf8444ad6c7f9bbbe24d72c856e23b5393907e
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_1 ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:648 (648.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d --name container_3 busybox sleep 1000
fd048b53724e954a3e4722aa8e882b40624df87a6ecde00cc868266182c72879
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_3 ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:11:00:03
          inet addr:172.17.0.3  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:648 (648.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_1 ping 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
64 bytes from 172.17.0.3: seq=0 ttl=64 time=0.143 ms
64 bytes from 172.17.0.3: seq=1 ttl=64 time=0.110 ms
64 bytes from 172.17.0.3: seq=2 ttl=64 time=0.100 ms
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_1 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=61 time=15.758 ms
64 bytes from 8.8.8.8: seq=1 ttl=61 time=14.039 ms
64 bytes from 8.8.8.8: seq=2 ttl=61 time=9.946 ms

bridge network作成

ubuntu@ubuntu-xenial:~/dockerapp$ docker network create --driver bridge my_bridge_network
bb058af389823805a58c74d802145074586c3ee1ecc3069422caf26dc3ad6660
ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
0b31dea75498        bridge              bridge              local
bc985f2eed5d        dockerapp_default   bridge              local
0193aefaa52c        host                host                local
bb058af38982        my_bridge_network   bridge              local
9f12416e8aeb        none                null                local
ubuntu@ubuntu-xenial:~/dockerapp$ docker network inspect my_bridge_network
[
    {
        "Name": "my_bridge_network",
        "Id": "bb058af389823805a58c74d802145074586c3ee1ecc3069422caf26dc3ad6660",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1/16"
                }
            ]
        },
        "Internal": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

※新しく作成したnetworkを指定してcontainerを作成
ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d --name container_4 --net my_bridge_network busybox sleep 1000
546adaecc4c4657182df944e99d9c2759113963d46378e4bae90868e83bca33b
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:13:00:02
          inet addr:172.19.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe13:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:16 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1296 (1.2 KiB)  TX bytes:648 (648.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

※別のnetworkへのpingは失敗
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
^C
--- 172.17.0.2 ping statistics ---
48 packets transmitted, 0 packets received, 100% packet loss
ubuntu@ubuntu-xenial:~/dockerapp$

docker network connect

ubuntu@ubuntu-xenial:~/dockerapp$ docker network connect bridge container_4
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:13:00:02
          inet addr:172.19.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe13:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1380 (1.3 KiB)  TX bytes:5436 (5.3 KiB)

eth1      Link encap:Ethernet  HWaddr 02:42:AC:11:00:02
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe11:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:648 (648.0 B)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ping 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
64 bytes from 172.17.0.2: seq=0 ttl=64 time=0.050 ms
64 bytes from 172.17.0.2: seq=1 ttl=64 time=0.046 ms
64 bytes from 172.17.0.2: seq=2 ttl=64 time=0.047 ms

docker network disconnect

ubuntu@ubuntu-xenial:~/dockerapp$ docker network disconnect bridge container_4
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_4 ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:AC:13:00:02
          inet addr:172.19.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:acff:fe13:2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18 errors:0 dropped:0 overruns:0 frame:0
          TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1380 (1.3 KiB)  TX bytes:5436 (5.3 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:672 (672.0 B)  TX bytes:672 (672.0 B)

ubuntu@ubuntu-xenial:~/dockerapp$

Bridge Network

  • In a bridge network, containers have access to two network interfaces.
    • A loopback interface
    • A private interface
  • All containers in the same bridge network can communicate with each other.
  • Containers from different bridge networks can’t connect with each other by default.
  • Reduces the level of network isolation in favor of better outside connectivity.
  • Most suitable where you want to setup a relatively small network on a single host.

27. Host Network and Overlay Network

Host Network

  • The least protected network model, it adds a container on the host’s network stack.
  • Containers deployed on the host stack have full access to the host’s interface
  • This kind of containers are usually called open containers.
ubuntu@ubuntu-xenial:~/dockerapp$ docker run -d --name container_5 --net host busybox sleep 1000
055a8818110db06b3fda5189a1036f6a4cf44360dbb20112cac731807ef1ac58
ubuntu@ubuntu-xenial:~/dockerapp$ docker exec -it container_5 ifconfig
br-bb058af38982 Link encap:Ethernet  HWaddr 02:42:AA:D1:B4:A8
          inet addr:172.19.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:aaff:fed1:b4a8/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:58 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4624 (4.5 KiB)  TX bytes:732 (732.0 B)

br-bc985f2eed5d Link encap:Ethernet  HWaddr 02:42:30:C9:BE:0A
          inet addr:172.18.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:30ff:fec9:be0a/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:54 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3384 (3.3 KiB)  TX bytes:648 (648.0 B)

docker0   Link encap:Ethernet  HWaddr 02:42:42:AD:7F:51
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:42ff:fead:7f51/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:31938 errors:0 dropped:0 overruns:0 frame:0
          TX packets:47396 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1478517 (1.4 MiB)  TX bytes:111420104 (106.2 MiB)

enp0s3    Link encap:Ethernet  HWaddr 02:1B:66:AB:E9:71
          inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
          inet6 addr: fe80::1b:66ff:feab:e971/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:470407 errors:0 dropped:0 overruns:0 frame:0
          TX packets:221341 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:603222228 (575.2 MiB)  TX bytes:91959788 (87.6 MiB)

enp0s8    Link encap:Ethernet  HWaddr 08:00:27:39:AA:43
          inet addr:192.168.33.11  Bcast:192.168.33.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe39:aa43/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:345 errors:0 dropped:0 overruns:0 frame:0
          TX packets:208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:43876 (42.8 KiB)  TX bytes:178420 (174.2 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

※Hostとすべてのbridge networkのネットワークからアクセスできる

Host Network

  • Minimum network security level.
  • No isolation on this type of open containers, thus leave the container widely unprotected.
  • Containers running in the host networkstack should see a higher level of performance than those traversing the docker0 bridge and iptables port mapings.

Overlay Network

  • Supports multi-host networking out-of-the-box.
  • Require some pre-existing conditions before it can be created.
    • Running Docker engine in Swarm mode.
    • A key-value store such as consul.

※プロダクションはOverlay Network

28 Define Container Networks with Docker Compose

ubuntu@ubuntu-xenial:~/dockerapp$ git stash && git checkout v0.4
Saved working directory and index state WIP on (no branch): b3823ad introduce docker compose
HEAD is now at b3823ad introduce docker compose
HEAD is now at b3823ad... introduce docker compose

※バックグランドで起動(初回起動時は「Creating network」が標準出力される)
ubuntu@ubuntu-xenial:~/dockerapp$ docker-compose up -d
Starting dockerapp_redis_1
Recreating dockerapp_dockerapp_1
ubuntu@ubuntu-xenial:~/dockerapp$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
0b31dea75498        bridge              bridge              local
bc985f2eed5d        dockerapp_default   bridge              local
0193aefaa52c        host                host                local
bb058af38982        my_bridge_network   bridge              local
9f12416e8aeb        none                null                local

※Container停止
ubuntu@ubuntu-xenial:~/dockerapp$ docker-compose down
Stopping dockerapp_dockerapp_1 ... done
Stopping dockerapp_redis_1 ... done
Removing dockerapp_dockerapp_1 ... done
Removing dockerapp_redis_1 ... done
Removing network dockerapp_default

※docker-compose.ymlにnetwork追記
ubuntu@ubuntu-xenial:~/dockerapp$ vi docker-compose.yml
----------
version: '2'
services:
  dockerapp:
    build: .
    ports:
      - "5000:5000"
    volumes:
      - ./app:/app
    networks:
      - my_net

  redis:
    image: redis:3.2.0
    networks:
      - my_net

networks:
  my_net:
    driver: bridge
----------

※再度Containerを起動して指定したnetworkが作成されるか確認
ubuntu@ubuntu-xenial:~/dockerapp$ docker-compose up -d
Creating network "dockerapp_my_net" with driver "bridge"
Creating dockerapp_redis_1
Creating dockerapp_dockerapp_1

sample docker-compose.yml

Version: '2'

services:
  proxy:
    build: ./proxy
    networks:
      - front   
  app:
    build: ./app
    networks:
      - front
      - back
  db:
    image: postgres
    networks:
      - back

networks:
  front:
    # Use a custom driver
    driver: custom-driver-1
  back:
    # Use a custom driver which takes special options
    driver: custom-driver-2
    driver_opts:
      foo: "1"
      bar: "2"

おわりに

今回は主にDockerイメージの管理について学びました。Udemyの本講座はまだまだつづきますが、キリが良いので今回のレポートはここまでとさせて頂きます。

リンクバルでは エンジニアを積極募集中 です。興味のある方のご応募お待ちしております。