Docker Network
Docker Network
docker의 컨테이너에 외부 접속을 하기 위해서는 포트포워딩이 필요 (-p 옵션)
포트 번호를 적어줄 수 있는데, 안적어주면 3만번대의 랜덤한 번호를 준다.
할당된 포트번호는 "docker container ps"로 확인 가능
네트워크 드라이브 타입
1. Bridge
컨테이너를 실행하면 docker 서버와 bridge로 연결된다.
docker서버는 172.17.0.1 이고 컨테이너는 순차적으로 172.17.0.2 , 172.17.0.3 ... 으로 할당됨.
컨테이너가 인터넷을 하기위해 사용
더보기
[vagrant@dcentos ~]$ docker run -d --name apache httpd
627c351a569f556fa2c62c595530608c4fab0fe2dfaf88f2810a6f6ab8933c69
[vagrant@dcentos ~]$ docker run -d --name centos8 -it centos:8
3bfd5d3497daf6d948c7da9b32f4d1c794d94eb9d96179d6541449d6e8e5af5a
[vagrant@dcentos ~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
3bfd5d3497da centos:8 "/bin/bash" 4 seconds ago Up 3 seconds centos8
627c351a569f httpd "httpd-foreground" 2 minutes ago Up 2 minutes 80/tcp apache
[vagrant@dcentos ~]$ docker inspect apache |grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
[root@3bfd5d3497da /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
93: eth0@if94: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:ac:11:00:03 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 172.17.0.3/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever
[root@3bfd5d3497da /]# ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3
[vagrant@dcentos ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:4d:77:d3 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global noprefixroute dynamic eth0
valid_lft 61352sec preferred_lft 61352sec
inet6 fe80::5054:ff:fe4d:77d3/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:fe:a6:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.25.10/24 brd 192.168.25.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fefe:a674/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:6e:26:b3:78 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:6eff:fe26:b378/64 scope link
valid_lft forever preferred_lft forever컨테이너 격리
시나리오
나는 httpd와 mysql centos:8을 실행하고
mysql은 bridge와의 연결을 해제하고 httpd랑만 통신 가능하게 하고 싶다.
더보기
# 브릿지 연결 해제
[vagrant@dcentos ~]$ docker network disconnect bridge mydb
[vagrant@dcentos ~]$ docker inspect mydb |grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "",
# 브릿지 생성
[vagrant@dcentos ~]$ docker network create --driver bridge mybridge
77da9e5cd839b4e4db2b37995f67babf6bf4c32fdc910471a72ef9317ab154bc
# httpd와 mysql 브릿지 연결
[vagrant@dcentos ~]$ docker network connect mybridge apache
[vagrant@dcentos ~]$ docker network connect mybridge mydb
# 네트워크 확인
[vagrant@dcentos ~]$ docker inspect mydb |grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAMConfig": {},
"IPAddress": "172.18.0.3",
[vagrant@dcentos ~]$ docker inspect apache |grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.2",
"IPAMConfig": null,
"IPAddress": "172.17.0.2",
"IPAMConfig": {},
"IPAddress": "172.18.0.2",
[vagrant@dcentos ~]$ docker inspect centos8 |grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "172.17.0.3",
"IPAMConfig": null,
"IPAddress": "172.17.0.3",
# ping을 통해 통신 확인
[vagrant@dcentos ~]$ docker exec -it centos8 /bin/bash
# mydb로는 안됨
[root@3bfd5d3497da /]# ping -c 1 172.18.0.3
PING 172.18.0.3 (172.18.0.3) 56(84) bytes of data.
--- 172.18.0.3 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
# apache로는 됨
[root@3bfd5d3497da /]# ping -c 1 172.17.0.2
PING 172.17.0.2 (172.17.0.2) 56(84) bytes of data.
64 bytes from 172.17.0.2: icmp_seq=1 ttl=64 time=0.057 ms
--- 172.17.0.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.057/0.057/0.057/0.000 ms
2. Host
host는 기본으로 깔린것은 삭제도 안되고, 하나밖에 못가짐 (즉, 생성안됨)
서버와 같은 네트워크로 사용가능
더보기
# host 타입의 네트워크로 centos8 생성
[vagrant@dcentos ~]$ docker run -d -it --network host --name centos centos:8
7b6de2e27635e73cf51c65d8ffae656eb88be1a067f1b1ca467d300974a2774e
# ip 구성 확인
[vagrant@dcentos ~]$ docker inspect centos |grep IPA
"SecondaryIPAddresses": null,
"IPAddress": "",
"IPAMConfig": null,
"IPAddress": "",
# 접속
[vagrant@dcentos ~]$ docker exec -it centos /bin/bash
# ip 확인
[root@dcentos /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:4d:77:d3 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute eth0
valid_lft 58885sec preferred_lft 58885sec
inet6 fe80::5054:ff:fe4d:77d3/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 08:00:27:fe:a6:74 brd ff:ff:ff:ff:ff:ff
inet 192.168.25.10/24 brd 192.168.25.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fefe:a674/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:6e:26:b3:78 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:6eff:fe26:b378/64 scope link
valid_lft forever preferred_lft forever
# 컨테이너가 아니라 서버인것 같지만, 컨테이너에 접속 된것임
[root@dcentos /]# id vagrant
id: 'vagrant': no such user
# 네트워크와 관련된 파일들은 서버와 같은 파일로 사용됨
[root@dcentos /]# df -h
Filesystem Size Used Avail Use% Mounted on
overlay 40G 5.7G 35G 15% /
tmpfs 64M 0 64M 0% /dev
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
shm 64M 0 64M 0% /dev/shm
/dev/sda1 40G 5.7G 35G 15% /etc/hosts !!!!!!!!!!!!!!!!!!!!!!!!!!!!
tmpfs 1.9G 0 1.9G 0% /proc/asound
tmpfs 1.9G 0 1.9G 0% /proc/acpi
tmpfs 1.9G 0 1.9G 0% /proc/scsi
tmpfs 1.9G 0 1.9G 0% /sys/firmware
[root@dcentos /]# exit
exit
[vagrant@dcentos ~]$ df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 1.9G 0 1.9G 0% /dev
tmpfs 1.9G 0 1.9G 0% /dev/shm
tmpfs 1.9G 8.7M 1.9G 1% /run
tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup
/dev/sda1 40G 5.7G 35G 15% /
tmpfs 379M 0 379M 0% /run/user/10003. null
host와 마찬가지로 하나만 가질 수 있으며, 생성 삭제 안됨
보안상으로 엄격한, 인터넷이 필요없는 환경의 컨테이너에서 네트워크 드라이버 없이 하는것
더보기
# null 타입으로 cent 생성
[vagrant@dcentos ~]$ docker run -d -it --network none --name cent centos:8
3558c827495e7a7a4640b025c710f6979778f50360a448ac59278ca94b3e5d88
# 접속
[vagrant@dcentos ~]$ docker exec -it cent /bin/bash
# ip 확인
[root@3558c827495e /]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
# 아무것도 없음
## 보안상으로 엄격한, 인터넷이 필요없는 환경의 컨테이너에서 사용'Container > Docker' 카테고리의 다른 글
| Docker Hub에 업로드하기 (0) | 2024.03.06 |
|---|---|
| Dockerfile 명령어, Multi-stage build (0) | 2024.03.05 |
| Container image (0) | 2024.03.05 |
| Docker 설정 및 기본 명령어 (0) | 2024.03.04 |
| Container 개요 및 Docker 설치 (0) | 2024.03.04 |