m-lamonaca/dev-notes
1
0
Fork 0
mirror of https://github.com/m-lamonaca/dev-notes.git synced 2025-04-06 10:56:41 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

docker: refine networking notes

Browse source
This commit is contained in:
Marcello 2024-05-19 10:58:06 +02:00
parent cea6c7050a
commit 70d03a93ab
Signed by: m-lamonaca
SSH key fingerprint: SHA256:8db8uii6Gweq7TbKixFBioW2T8CbgtyFETyYL3cr3zk
1 changed files with 27 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
docs/containers/docker.md
View file

@ -63,7 +63,7 @@ VMs incur a lot of overhead beyond what is being consumed by your application lo
### [`docker run`](https://docs.docker.com/engine/reference/commandline/run/) ### [`docker run`](https://docs.docker.com/engine/reference/commandline/run/)
```sh linenums="1" ```sh
docker run <image> # run selected app inside a container (downloaded from Docker Hub if missing from image) docker run <image> # run selected app inside a container (downloaded from Docker Hub if missing from image)
docker run -d|--detach <image> # run docker container in the background (does not occupy stdout & stderr) docker run -d|--detach <image> # run docker container in the background (does not occupy stdout & stderr)
docker run -i|--interactive <image> # run docker container in interactive mode (read stdin) docker run -i|--interactive <image> # run docker container in interactive mode (read stdin)
@ -80,7 +80,7 @@ docker run --name=<container_name> <image> # set container name
### [`docker container`](https://docs.docker.com/engine/reference/commandline/container/) ### [`docker container`](https://docs.docker.com/engine/reference/commandline/container/)
```sh linenums="1" ```sh
docker container ls # list of currently running containers docker container ls # list of currently running containers
docker container ls -a|--all # list of all containers, running and exited docker container ls -a|--all # list of all containers, running and exited
docker container rm <container> # remove one or more containers docker container rm <container> # remove one or more containers
@ -97,7 +97,7 @@ docker container exec <container> <command> # exec a command inside a container
### [`docker image`](https://docs.docker.com/engine/reference/commandline/image/) ### [`docker image`](https://docs.docker.com/engine/reference/commandline/image/)
```sh linenums="1" ```sh
docker image ls # list of existing images docker image ls # list of existing images
docker image rm <image> # remove one or more images docker image rm <image> # remove one or more images
docker image prune <image> # remove unused images docker image prune <image> # remove unused images
@ -106,20 +106,20 @@ docker image pull <image> # download an image w/o starting the container
### [`docker build`](https://docs.docker.com/engine/reference/commandline/build/) ### [`docker build`](https://docs.docker.com/engine/reference/commandline/build/)
```sh linenums="1" ```sh
docker build -t <tag> -f <dockerfile> <context> # build image with specific tag (usually user/app:version) docker build -t <tag> -f <dockerfile> <context> # build image with specific tag (usually user/app:version)
docker build -t <tag> -f <dockerfile> --build-arg ARG=value <context> # pass args to ARG steps docker build -t <tag> -f <dockerfile> --build-arg ARG=value <context> # pass args to ARG steps
``` ```
### [`docker push`](https://docs.docker.com/engine/reference/commandline/push/) ### [`docker push`](https://docs.docker.com/engine/reference/commandline/push/)
```sh linenums="1" ```sh
docker push <image> # publish image to registry (defaults to Docker Hub) docker push <image> # publish image to registry (defaults to Docker Hub)
``` ```
## [Dockerfile](https://docs.docker.com/engine/reference/builder/) ## [Dockerfile](https://docs.docker.com/engine/reference/builder/)
```docker linenums="1" ```dockerfile
# starting image or scratch # starting image or scratch
FROM <base_image>:<tag> FROM <base_image>:<tag>
@ -160,7 +160,7 @@ With multi-stage builds, it's possible to use multiple `FROM` statements in the
It's possible to selectively copy artifacts from one stage to another, leaving behind everything not wanted in the final image. It's possible to selectively copy artifacts from one stage to another, leaving behind everything not wanted in the final image.
```docker linenums="1" ```dockerfile
FROM <base_image>:<tag> AS <runtime_alias> FROM <base_image>:<tag> AS <runtime_alias>
RUN <command> # install external dependencies (apt get ...) RUN <command> # install external dependencies (apt get ...)
@ -186,7 +186,7 @@ COPY --from=<build_alias|stage_number> <src> <dir_in_container>
CMD ["executable"] # run app CMD ["executable"] # run app
``` ```
```docker linenums="1" ```dockerfile
FROM mcr.microsoft.com/dotnet/<runtime|aspnet>:<alpine_tag> AS runtime FROM mcr.microsoft.com/dotnet/<runtime|aspnet>:<alpine_tag> AS runtime
RUN <command> # install external dependencies (apt get ...) RUN <command> # install external dependencies (apt get ...)
@ -219,28 +219,28 @@ ENTRYPOINT ["dotnet", "<project>.dll"]
Starting container networks: `bridge` (default), `none`, `host`. Starting container networks: `bridge` (default), `none`, `host`.
```sh linenums="1" ```sh
docker run <image> --network=none/host # specify a non-default network to be used docker run <image> --network=none/host # specify a non-default network to be used
docker run <image> --add-host=<hostname>:<ip> # add hostname mapping
docker network ls # list all available networks docker network ls # list all available networks
``` ```
Bridge: Private internal network created by Docker. All containers ara attached to this network by default and get an IP in the `[172.17.xxx.xxx](http://172.12.xxx.xxx)` series. - **Bridge**: Private internal network created by Docker.
Containers can access each other by using the IP `172.17.0.1`. It is possible to create multiple sub-networks in the bridge network to isolate groups of containers from each other. All containers ara attached to this network by default and get an IP in the `172.17.xxx.xxx-172.12.xxx.xxx` series.
Containers can access each other by using the IP `172.17.0.1`.
It is possible to create multiple sub-networks in the bridge network to isolate groups of containers from each other.
- **Host**: Removes any network isolation between the host and the containers. Cannot run multiple containers on the same port.
- **None**: Containers are not attached to a network and cannot access other containers or the external network.
Host: Removes any network isolation between the host and the containers. Cannot run multiple containers on the same port. > **Note**: Mapping `host-gateway` to an hostname allows the container to reach the host network even with networks types different from `host`
None: Containers are not attached to a network and cannot access other containers or the external network. ### User-defined Networks
## User-defined Networks ```sh
docker network create --driver NETWORK_TYPE --subnet GATEWAY_TP/SUBNET_MASK_SIZE NETWORK_NAME
```sh linenums="1"
docker network create \
--driver NETWORK_TYPE \
--subnet GATEWAY_TP/SUBNET_MASK_SIZE
NETWORK_NAME
``` ```
## Embedded DNS ### Embedded DNS
Docker has an internal DNS that allows finding other container by their name instead of their IP. The DNS always runs at the address `127.0.0.11`. Docker has an internal DNS that allows finding other container by their name instead of their IP. The DNS always runs at the address `127.0.0.11`.
@ -250,7 +250,7 @@ Docker has an internal DNS that allows finding other container by their name ins
## File System ## File System
```sh linenums="1" ```sh
/var/lib/docker /var/lib/docker
|_<storage_driver> |_<storage_driver>
|_containers |_containers
@ -270,7 +270,7 @@ To modify a file during while the container runs docker creates a local copy in
**volume mounting**: create a volume under the docker installation folder (`/var/lib/docker/volumes/`). **volume mounting**: create a volume under the docker installation folder (`/var/lib/docker/volumes/`).
**bind mounting**: link docker to an exiting folder to be used as a volume. **bind mounting**: link docker to an exiting folder to be used as a volume.
```sh linenums="1" ```sh
docker run -v <existing_dir>:<container_dir> <image>:<tag> # older command for bind mounting docker run -v <existing_dir>:<container_dir> <image>:<tag> # older command for bind mounting
docker run --mount type=bind, source=:<existing_dir>, target=<container_dir> <image>:<tag> # modern command for bind mounting docker run --mount type=bind, source=:<existing_dir>, target=<container_dir> <image>:<tag> # modern command for bind mounting
``` ```
@ -287,7 +287,7 @@ Using Compose is basically a three-step process:
2. Define the services that make up your app in `docker-compose.yml` so they can be run together in an isolated environment. 2. Define the services that make up your app in `docker-compose.yml` so they can be run together in an isolated environment.
3. Run `docker-compose up` and Compose starts and runs the entire app. 3. Run `docker-compose up` and Compose starts and runs the entire app.
```yaml linenums="1" ```yaml
version: 3.x version: 3.x
services: services:
<service_name>: <service_name>:
@ -302,6 +302,9 @@ services:
- ARG=<value> - ARG=<value>
ports: ports:
- <host_port>:<container_port> - <host_port>:<container_port>
extra_hosts: # add hostname mappings to container network interface config
- <hostname>:<ip>
- <hostname>:host-gateway # map host machine network
networks: # attach container to one or more networks networks: # attach container to one or more networks
- <network_name> - <network_name>
depends_on: # make sure dependencies are running before this container depends_on: # make sure dependencies are running before this container