2022/10/02 Updated by

Docker

network

[Up] Japanese English

3つのネットワーク

ubuntu@ip-172-30-2-68:~$ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
d1a42256454b   bridge    bridge    local
7334f900df0e   host      host      local
fa6aae724b3d   none      null      local

bridge ネットワーク

ubuntu@ip-172-30-2-68:~$ docker run -dit --name web01 -p 8080:80 httpd:2.4
2c63cb3b1420d6f88b1082ea0c1d2878a2bd5f1db312d8ae53bdc3814912a737
ubuntu@ip-172-30-2-68:~$ docker run -dit --name web02 -p 8081:80 httpd:2.4
d4ae1647c798a71fc3faf49afd9f9bde3fa45eb1afe1c3824ae06b0e745e2c8b
ubuntu@ip-172-30-2-68:~$ docker ps -a
CONTAINER ID   IMAGE       COMMAND              CREATED          STATUS          PORTS                                   NAMES
d4ae1647c798   httpd:2.4   "httpd-foreground"   10 seconds ago   Up 9 seconds    0.0.0.0:8081->80/tcp, :::8081->80/tcp   web02
2c63cb3b1420   httpd:2.4   "httpd-foreground"   23 seconds ago   Up 22 seconds   0.0.0.0:8080->80/tcp, :::8080->80/tcp   web01

割り当てられたIPアドレスを調べる

ubuntu@ip-172-30-2-68:~$ docker container inspect web01
[
    {
        "Id": "2c63cb3b1420d6f88b1082ea0c1d2878a2bd5f1db312d8ae53bdc3814912a737",
        "Created": "2022-10-05T02:01:02.077757583Z",
        "Path": "httpd-foreground",
        "Args": [],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 2682,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2022-10-05T02:01:02.553434031Z",
            "FinishedAt": "0001-01-01T00:00:00Z"
        },
        "Image": "sha256:f2789344c57324805883b174676365eb807fdb4eccfb9878fbb19054fd0c7b7e",
        "ResolvConfPath": "/var/lib/docker/containers/2c63cb3b1420d6f88b1082ea0c1d2878a2bd5f1db312d8ae53bdc3814912a737/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/2c63cb3b1420d6f88b1082ea0c1d2878a2bd5f1db312d8ae53bdc3814912a737/hostname",
        "HostsPath": "/var/lib/docker/containers/2c63cb3b1420d6f88b1082ea0c1d2878a2bd5f1db312d8ae53bdc3814912a737/hosts",
        "LogPath": "/var/lib/docker/containers/2c63cb3b1420d6f88b1082ea0c1d2878a2bd5f1db312d8ae53bdc3814912a737/2c63cb3b1420d6f88b1082ea0c1d2878a2bd5f1db312d8ae53bdc3814912a737-json.log",
        "Name": "/web01",
        "RestartCount": 0,
        "Driver": "overlay2",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "docker-default",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "default",
            "PortBindings": {
                "80/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "8080"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "no",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": [],
            "DnsOptions": [],
            "DnsSearch": [],
            "ExtraHosts": null,
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "ConsoleSize": [
                0,
                0
            ],
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": [],
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": [],
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "KernelMemory": 0,
            "KernelMemoryTCP": 0,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": {
                "LowerDir": "/var/lib/docker/overlay2/c2d781f626a54fba00477cee988b270ea675e8eb92370cf13f89c40cf32e106f-init/diff:/var/lib/docker/overlay2/692254962b2af5305fa6172252768ed617fcf43a4c744d464d4b9e203fbb305d/diff:/var/lib/docker/overlay2/c2258da1ee4ed827a5e52d3080f0cd2ab9d9e9f3e64d917426e7801e0cd8013d/diff:/var/lib/docker/overlay2/6ffdfbdaa4155ed730a82d7779fcb70454ae5151afea22eab89fe3b6322bc30a/diff:/var/lib/docker/overlay2/b8480a1df8fa1422dd0e3923ce54b751440901f2ff82eb141545653036315f39/diff:/var/lib/docker/overlay2/3b823316ca461a05dd9ddfdb03fbeb7c1a9cbc0917fe2cfe2d9366ea35ae3a9d/diff",
                "MergedDir": "/var/lib/docker/overlay2/c2d781f626a54fba00477cee988b270ea675e8eb92370cf13f89c40cf32e106f/merged",
                "UpperDir": "/var/lib/docker/overlay2/c2d781f626a54fba00477cee988b270ea675e8eb92370cf13f89c40cf32e106f/diff",
                "WorkDir": "/var/lib/docker/overlay2/c2d781f626a54fba00477cee988b270ea675e8eb92370cf13f89c40cf32e106f/work"
            },
            "Name": "overlay2"
        },
        "Mounts": [],
        "Config": {
            "Hostname": "2c63cb3b1420",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "80/tcp": {}
            },
            "Tty": true,
            "OpenStdin": true,
            "StdinOnce": false,
            "Env": [
                "PATH=/usr/local/apache2/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "HTTPD_PREFIX=/usr/local/apache2",
                "HTTPD_VERSION=2.4.54",
                "HTTPD_SHA256=eb397feeefccaf254f8d45de3768d9d68e8e73851c49afd5b7176d1ecf80c340",
                "HTTPD_PATCHES="
            ],
            "Cmd": [
                "httpd-foreground"
            ],
            "Image": "httpd:2.4",
            "Volumes": null,
            "WorkingDir": "/usr/local/apache2",
            "Entrypoint": null,
            "OnBuild": null,
            "Labels": {},
            "StopSignal": "SIGWINCH"
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "f32039b366b8cfb9aa6aaee73c4c4531e423862760961cfde1c8d9d51e1c4ba0",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "80/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "8080"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "8080"
                    }
                ]
            },
            "SandboxKey": "/var/run/docker/netns/f32039b366b8",
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "9882e2e6680dc5398a9c290876400c0e2272d3c114dac0b2598a753d0d597321",
            "Gateway": "172.17.0.1",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "172.17.0.2",
            "IPPrefixLen": 16,
            "IPv6Gateway": "",
            "MacAddress": "02:42:ac:11:00:02",
            "Networks": {
                "bridge": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": null,
                    "NetworkID": "d1a42256454b908f44238692f48c65510b1c9839e594c924b137ea7bdaddaedb",
                    "EndpointID": "9882e2e6680dc5398a9c290876400c0e2272d3c114dac0b2598a753d0d597321",
                    "Gateway": "172.17.0.1",
                    "IPAddress": "172.17.0.2",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "MacAddress": "02:42:ac:11:00:02",
                    "DriverOpts": null
                }
            }
        }
    }
]

特定の項目を表示する

ubuntu@ip-172-30-2-68:~$ docker container inspect --format='{{.NetworkSettings.IPAddress}}' web01
172.17.0.2
ubuntu@ip-172-30-2-68:~$ docker container inspect --format='{{.NetworkSettings.IPAddress}}' web02
172.17.0.3

docker ホストのIPアドレス

docker0 というネットワークインターフェイスが作成されていて、このインターフェイスを通じて bridge ネットワークに接続している。。 

ubuntu@ip-172-30-2-68:~$ ifconfig
docker0: flags=4163  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        inet6 fe80::42:23ff:fe66:ef1  prefixlen 64  scopeid 0x20
        ether 02:42:23:66:0e:f1  txqueuelen 0  (Ethernet)
        RX packets 91  bytes 3818 (3.8 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 68  bytes 3863 (3.8 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

...(略)

bridge ネットワークの招待

bridge ネットワークは IP Masquarade を使って実装されている。 iptables で nat テーブルを表示すると、設定がわかる。 

ubuntu@ip-172-30-2-68:~$ sudo iptables --list -t nat -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0
MASQUERADE  tcp  --  172.17.0.2           172.17.0.2           tcp dpt:80
MASQUERADE  tcp  --  172.17.0.3           172.17.0.3           tcp dpt:80

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 to:172.17.0.2:80
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8081 to:172.17.0.3:80

Docker ネットワーク

既存の bridge ネットワークを利用する以外に、Docker で任意のネットワークを作ることができる。

Docker ネットワークを作成する

Docker ネットワークにコンテナを作る

docker ネットワークの削除