はじめに
ちょこちょこDockerを触っているのですがネットワーク設定まわりについての自分用メモ
以下の書籍を参考にしています。
売り上げランキング: 2,331
アジェンダ
- やりたいこと
- Dockerコンテナのネットワークのプチ基礎
- ネットワークを作成する
- 複数のContainer同士で繋いでみる
- ネットワークを削除する
1. やりたいこと
やりたい事は以下です
- dockerのネットワークを作成する
- 複数のcontainerを作成した同一ネットワークに接続
- container同士でアクセスする
2. Dockerコンテナのネットワークのプチ基礎
Dockerはデフォルトでbridge/host/noneの3つのネットワークを作成します
$ docker network ls NETWORK ID NAME DRIVER SCOPE b917ccb08e42 bridge bridge local 45c4f50ef8dd host host local e1785a610499 none null local
明示的にネットワークを指定せずにDockerコンテナを起動すると、
デフォルトのbridge
ネットワークにDockerコンテナを起動します。
# 適当に立ち上げてみる $ docker container run -itd --name=sample ubuntu:latest # .NetworkSettings.Networks}}を確認するとbridgeになっている $ docker container inspect sample --format="{{json .NetworkSettings.Networks}}" {"bridge":{"IPAMConfig":null,"Links":null,"Aliases":null,"NetworkID":"b917ccb08e42a549dd85213c3e705a3ab03295656d760340ab04781ffe8f98da","EndpointID":"9fd096a5ff16be1542c1154baeebce92bc3b5abf6723f9d05ecbc5c36a6ff7c9","Gateway":"172.17.0.1","IPAddress":"172.17.0.2","IPPrefixLen":16,"IPv6Gateway":"","GlobalIPv6Address":"","GlobalIPv6PrefixLen":0,"MacAddress":"02:42:ac:11:00:02","DriverOpts":null}}
翔泳社
売り上げランキング: 4,789
3. ネットワークを作成する
ネットワークの作成は以下のコマンドで行います
docker network create [オプション] ネットワーク
オプション
は以下が指定可能です。
オプション | 説明 |
---|---|
--driver, d | ネットワークブリッジまたはオーバーレイ(デフォルトはbridge) |
--ip-range | コンテナに割り当てるIPアドレスのレンジを指定 |
--subnet | サブネットをCIDR形式で指定 |
--ipv6 | IPv6ネットワークを有効にするかどうか(true/false) |
-label | ネットワークに設定するラベル |
今回は--driver=bridge
でweb-network
というネットワークを作成してみます。
$ docker network create --driver=bridge web-network fe7f79487aa87cf03e03c857fc0013d3b85656fad9fb4417f9abfb2402f17c60 # 作成したネットワークを確認 $ docker network ls NETWORK ID NAME DRIVER SCOPE b917ccb08e42 bridge bridge local 45c4f50ef8dd host host local e1785a610499 none null local fe7f79487aa8 web-network bridge local $ docker network ls --filter driver=bridge NETWORK ID NAME DRIVER SCOPE b917ccb08e42 bridge bridge local fe7f79487aa8 web-network bridge local
4. 複数のContainer同士で繋いでみる
ネットワークへの接続
ネットワークへの接続は
docker network
で接続する方法と、
docker run
時に接続する方法があります。
docker network
でcontainerをネットワークに接続するには以下のコマンドを使います
docker network connect [オプション] ネットワーク名 コンテナ名
docker run
で接続するには以下のコマンドを使います
docker container run オプション --name=コンテナ名 --net=ネットワーク名 コンテナイメージ
今回はdocker run
のほうで試します。
1つめのcontainer
バックグラウンドでwebapp
という名前のcontainerを
ネットワークweb-network
につないで立ち上げます。
また、ポートはホストOS:8001からcontainerの80につなげます。
$ docker container run -itd -p 8001:80 --name=webapp --net=web-network nginx 8296c047ebf6e8f7d3755dec287903e5d7afee93cf96a47c7ef4b1c3ef04ded7
ブラウザでアクセスしてみる
ブラウザで確認すると当然こんな感じ
2つめのcontainer
webfront
という名前のcontainerを
ネットワークweb-network
につないで立ち上げてbashで起動。
また、container1 -> container2から繋いでみる際は、curlでポート80で繋ぎます。
$ docker container run -it --name=webfront --net=web-network centos /bin/bash # 1つめのcontainerにcurlしてみる # nginxの結果が帰ってくる [root@c1170773ec3c /]# curl webapp:80 <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html>
うまくいきました!
inspectで確認
containerをinspectで確認してみると、
.NetworkSettings.Networks
にてweb-network
に繋がっている事が確認できます。
$ docker container inspect webfront webapp [ { "Id": "e312f6dfd7659b82474dca68f5f991ce3135cd5ab840bb53d998149e79b0dcb2", "Created": "2018-06-23T22:36:49.8513111Z", "Path": "/bin/bash", "Args": [], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 8326, "ExitCode": 0, "Error": "", "StartedAt": "2018-06-23T22:41:17.7127242Z", "FinishedAt": "2018-06-23T22:38:05.4488807Z" }, "Image": "sha256:49f7960eb7e4cb46f1a02c1f8174c6fac07ebf1eb6d8deffbcb5c695f1c9edd5", "ResolvConfPath": "/var/lib/docker/containers/e312f6dfd7659b82474dca68f5f991ce3135cd5ab840bb53d998149e79b0dcb2/resolv.conf", "HostnamePath": "/var/lib/docker/containers/e312f6dfd7659b82474dca68f5f991ce3135cd5ab840bb53d998149e79b0dcb2/hostname", "HostsPath": "/var/lib/docker/containers/e312f6dfd7659b82474dca68f5f991ce3135cd5ab840bb53d998149e79b0dcb2/hosts", "LogPath": "/var/lib/docker/containers/e312f6dfd7659b82474dca68f5f991ce3135cd5ab840bb53d998149e79b0dcb2/e312f6dfd7659b82474dca68f5f991ce3135cd5ab840bb53d998149e79b0dcb2-json.log", "Name": "/webfront", "RestartCount": 0, "Driver": "overlay2", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "web-network", "PortBindings": {}, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/df845a28b18ea7627b098493ad76fadf0be29ba2c0ddd6788cf513f878fc0116-init/diff:/var/lib/docker/overlay2/1809e038beecc1e66692da14e5b8028149a73b1566a6f04597889ae8c6d916f4/diff", "MergedDir": "/var/lib/docker/overlay2/df845a28b18ea7627b098493ad76fadf0be29ba2c0ddd6788cf513f878fc0116/merged", "UpperDir": "/var/lib/docker/overlay2/df845a28b18ea7627b098493ad76fadf0be29ba2c0ddd6788cf513f878fc0116/diff", "WorkDir": "/var/lib/docker/overlay2/df845a28b18ea7627b098493ad76fadf0be29ba2c0ddd6788cf513f878fc0116/work" }, "Name": "overlay2" }, "Mounts": [], "Config": { "Hostname": "e312f6dfd765", "Domainname": "", "User": "", "AttachStdin": true, "AttachStdout": true, "AttachStderr": true, "Tty": true, "OpenStdin": true, "StdinOnce": true, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Cmd": [ "/bin/bash" ], "Image": "centos@sha256:b67d21dfe609ddacf404589e04631d90a342921e81c40aeaf3391f6717fa5322", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "org.label-schema.schema-version": "= 1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20180531" } }, "NetworkSettings": { "Bridge": "", "SandboxID": "372311e1ac5caebcc8f4a45c12a2f19437093f6421254c82bcae38ca1bff94dd", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": {}, "SandboxKey": "/var/run/docker/netns/372311e1ac5c", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "MacAddress": "", "Networks": { "web-network": { "IPAMConfig": null, "Links": null, "Aliases": [ "e312f6dfd765" ], "NetworkID": "fe7f79487aa87cf03e03c857fc0013d3b85656fad9fb4417f9abfb2402f17c60", "EndpointID": "45f3d2f47b8f4aec8dce2cc70f1d0ca003714ff76a9a28dfac5a332c14b65ad0", "Gateway": "172.18.0.1", "IPAddress": "172.18.0.3", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:00:03", "DriverOpts": null } } } }, { "Id": "8296c047ebf6e8f7d3755dec287903e5d7afee93cf96a47c7ef4b1c3ef04ded7", "Created": "2018-06-23T22:33:09.6325018Z", "Path": "nginx", "Args": [ "-g", "daemon off;" ], "State": { "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 8012, "ExitCode": 0, "Error": "", "StartedAt": "2018-06-23T22:33:10.1810925Z", "FinishedAt": "0001-01-01T00:00:00Z" }, "Image": "sha256:cd5239a0906a6ccf0562354852fae04bc5b52d72a2aff9a871ddb6bd57553569", "ResolvConfPath": "/var/lib/docker/containers/8296c047ebf6e8f7d3755dec287903e5d7afee93cf96a47c7ef4b1c3ef04ded7/resolv.conf", "HostnamePath": "/var/lib/docker/containers/8296c047ebf6e8f7d3755dec287903e5d7afee93cf96a47c7ef4b1c3ef04ded7/hostname", "HostsPath": "/var/lib/docker/containers/8296c047ebf6e8f7d3755dec287903e5d7afee93cf96a47c7ef4b1c3ef04ded7/hosts", "LogPath": "/var/lib/docker/containers/8296c047ebf6e8f7d3755dec287903e5d7afee93cf96a47c7ef4b1c3ef04ded7/8296c047ebf6e8f7d3755dec287903e5d7afee93cf96a47c7ef4b1c3ef04ded7-json.log", "Name": "/webapp", "RestartCount": 0, "Driver": "overlay2", "Platform": "linux", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "ExecIDs": null, "HostConfig": { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "web-network", "PortBindings": { "80/tcp": [ { "HostIp": "", "HostPort": "8001" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }, "GraphDriver": { "Data": { "LowerDir": "/var/lib/docker/overlay2/feb0bfb05649a7787b78ce5e6134d30a2a7e7555964026c50bfd3a4af1e2a03e-init/diff:/var/lib/docker/overlay2/2ed039f41684788abb90840539ada301341751824b0112729e02b67b196226d7/diff:/var/lib/docker/overlay2/617a2b41e640cd527fdb39453e022b25eb04b5967ec1f4ed74e4b952fffb4005/diff:/var/lib/docker/overlay2/6bd654f2fa5d21d58a7ffcb989da07153dcaf6755e44952114e067baf7ccdba6/diff", "MergedDir": "/var/lib/docker/overlay2/feb0bfb05649a7787b78ce5e6134d30a2a7e7555964026c50bfd3a4af1e2a03e/merged", "UpperDir": "/var/lib/docker/overlay2/feb0bfb05649a7787b78ce5e6134d30a2a7e7555964026c50bfd3a4af1e2a03e/diff", "WorkDir": "/var/lib/docker/overlay2/feb0bfb05649a7787b78ce5e6134d30a2a7e7555964026c50bfd3a4af1e2a03e/work" }, "Name": "overlay2" }, "Mounts": [], "Config": { "Hostname": "8296c047ebf6", "Domainname": "", "User": "", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "ExposedPorts": { "80/tcp": {} }, "Tty": true, "OpenStdin": true, "StdinOnce": false, "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.15.0-1~stretch", "NJS_VERSION=1.15.0.0.2.1-1~stretch" ], "Cmd": [ "nginx", "-g", "daemon off;" ], "ArgsEscaped": true, "Image": "nginx@sha256:3e2ffcf0edca2a4e9b24ca442d227baea7b7f0e33ad654ef1eb806fbd9bedcf0", "Volumes": null, "WorkingDir": "", "Entrypoint": null, "OnBuild": null, "Labels": { "maintainer": "NGINX Docker Maintainers <docker-maint@nginx.com>" }, "StopSignal": "SIGTERM" }, "NetworkSettings": { "Bridge": "", "SandboxID": "aed26e0cedb3000e6bcdf02f2a45446ae2c81eddbd6f53a30d34992e17f01611", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [ { "HostIp": "0.0.0.0", "HostPort": "8001" } ] }, "SandboxKey": "/var/run/docker/netns/aed26e0cedb3", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "MacAddress": "", "Networks": { "web-network": { "IPAMConfig": null, "Links": null, "Aliases": [ "8296c047ebf6" ], "NetworkID": "fe7f79487aa87cf03e03c857fc0013d3b85656fad9fb4417f9abfb2402f17c60", "EndpointID": "cfe083931723d5689088deb5869d3caabe9360b22bbef908fb538041e0c58c7c", "Gateway": "172.18.0.1", "IPAddress": "172.18.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:12:00:02", "DriverOpts": null } } } } ]
見にくい場合はformatやjqを使ってみると見やすいです
$ docker container inspect webfront webapp --format "{{json .HostConfig}}" | jq . { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "web-network", "PortBindings": {}, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 } { "Binds": null, "ContainerIDFile": "", "LogConfig": { "Type": "json-file", "Config": {} }, "NetworkMode": "web-network", "PortBindings": { "80/tcp": [ { "HostIp": "", "HostPort": "8001" } ] }, "RestartPolicy": { "Name": "no", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": null, "CapDrop": null, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": null, "GroupAdd": null, "IpcMode": "shareable", "Cgroup": "", "Links": null, "OomScoreAdj": 0, "PidMode": "", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": null, "UTSMode": "", "UsernsMode": "", "ShmSize": 67108864, "Runtime": "runc", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": [], "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DeviceCgroupRules": null, "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": null, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": null, "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0 }
5. ネットワークを削除する
ネットワークを削除するには以下のコマンドです
docker network rm [オプション] ネットワーク名
containerが起動している状態だとエラーが出るのでstopしてから行います
# ネットワークに接続しているcontainerが起動しいるとエラー $ docker network rm web-network Error response from daemon: network web-network id fe7f79487aa87cf03e03c857fc0013d3b85656fad9fb4417f9abfb2402f17c60 has active endpoints # stopする $ docker container ls -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e312f6dfd765 centos "/bin/bash" 34 minutes ago Up 30 minutes webfront 8296c047ebf6 nginx "nginx -g 'daemon of…" 38 minutes ago Up 38 minutes 0.0.0.0:8001->80/tcp webapp $ docker container stop e312f6dfd765 8296c047ebf6 e312f6dfd765 8296c047ebf6 # stop後だと消せる $ docker network rm web-network web-network
おわり
docker便利だけどまだ使いこなせてない\(^o^)/
翔泳社
売り上げランキング: 4,789