Docker Network Operations: Difference between revisions
(25 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
* [[Docker Operations#Network|Docker Operations]] | * [[Docker Operations#Network|Docker Operations]] | ||
* [[Docker Networking Concepts#Overview|Docker Networking Concepts]] | |||
=Overview= | =Overview= | ||
Line 8: | Line 9: | ||
docker network ls | docker network ls | ||
=Get Detailed Information about a Network= | |||
docker network inspect <''network-name''> | |||
The containers listed in the "Containers" list are connected (plugged into) to the network. | |||
<syntaxhighlight lang='json'> | |||
[ | |||
{ | |||
"Name": "bridge", | |||
"Id": "3c9a92ee1a7d1d4208e7f924343b85d1af9152ea3d02634c48007d27103f9d36", | |||
"Created": "2018-04-30T20:12:12.943677437-07:00", | |||
"Scope": "local", | |||
"Driver": "bridge", | |||
"EnableIPv6": false, | |||
"IPAM": { | |||
"Driver": "default", | |||
"Options": null, | |||
"Config": [ | |||
{ | |||
"Subnet": "172.17.0.0/16", | |||
"Gateway": "172.17.0.1" | |||
} | |||
] | |||
}, | |||
"Internal": false, | |||
"Attachable": false, | |||
"Ingress": false, | |||
"ConfigFrom": { | |||
"Network": "" | |||
}, | |||
"ConfigOnly": false, | |||
"Containers": { | |||
"4e5c55294dcc0b4274c73639268c2a570c1e0cae0819ea2fbe21f58d7fdbeba5": { | |||
"Name": "alpine1", | |||
"EndpointID": "779600189ed5197e2ab2fb081f0e5d71d4348bc9af096c8ee77b83c7500afef3", | |||
"MacAddress": "02:42:ac:11:00:02", | |||
"IPv4Address": "172.17.0.2/16", | |||
"IPv6Address": "" | |||
}, | |||
"e3092a676f3d9ace791fd7ebb297b71950f1bbd3abe0383f6c7ad78d1fd76523": { | |||
"Name": "alpine2", | |||
"EndpointID": "f060429bfcaf8b2af04f071d88cd886b2a4e352a032ac9e2b2c98f40fb0dc759", | |||
"MacAddress": "02:42:ac:11:00:03", | |||
"IPv4Address": "172.17.0.3/16", | |||
"IPv6Address": "" | |||
} | |||
}, | |||
"Options": { | |||
"com.docker.network.bridge.default_bridge": "true", | |||
"com.docker.network.bridge.enable_icc": "true", | |||
"com.docker.network.bridge.enable_ip_masquerade": "true", | |||
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0", | |||
"com.docker.network.bridge.name": "docker0", | |||
"com.docker.network.driver.mtu": "1500" | |||
}, | |||
"Labels": {} | |||
} | |||
] | |||
</syntaxhighlight> | |||
=Create a New User-Defined Bridge Network= | =Create a New User-Defined Bridge Network= | ||
Line 21: | Line 83: | ||
[--[[Docker_Networking_Concepts#User-Defined_Bridge_Network_Gateway|gateway]]=172.29.5.253] \ | [--[[Docker_Networking_Concepts#User-Defined_Bridge_Network_Gateway|gateway]]=172.29.5.253] \ | ||
<''user-defined-bridge-network-name''> | <''user-defined-bridge-network-name''> | ||
Example: | |||
docker network create --driver=bridge green | |||
docker network ls | |||
NETWORK ID NAME DRIVER SCOPE | |||
... | |||
663b4388fb68 green bridge local | |||
=Remove a User-Defined Bridge Network= | =Remove a User-Defined Bridge Network= | ||
Line 27: | Line 98: | ||
Note that containers [[#Disconnect_a_Container_from_a_Network|need to be disconnected]] first from the network being removed. | Note that containers [[#Disconnect_a_Container_from_a_Network|need to be disconnected]] first from the network being removed. | ||
=Connect a Container to a Network= | |||
In all examples below, the network to connect to can be [[Docker_Networking_Concepts#The_Default_Bridge_Network|the default "bridge" network]] (which it does not make too much sense, since that is the default), a [[Docker_Networking_Concepts#User-Defined_Bridge_Networks|user-defined bridge network]], a [[Docker_Networking_Concepts#host|host network]], etc. | |||
==At Container Creation Phase== | |||
When a container is created with [[Docker create#Overview|docker create]], one more more --network flags can be specified. Docker will use this information to connect the container to the specified network(s). | |||
[[Docker create#Overview|docker create]] --name <''container-name''> \ | |||
'''--network''' <''network-name''> \ | |||
--publish <''host-port''>:<''container-port''> \ | |||
... | |||
==By 'docker run' Command== | |||
[[Docker_run#--network|docker run ... --network <''network-name''> ...]] | |||
associates the container with the specified network and ''connects'' it to the network. After the command completes, the container's IP is routable outside to the Docker host. | |||
==When the Container is Running== | |||
The container can be connected dynamically to a network while it is running: | |||
docker network connect <''network-name''> <''container-name''> | |||
=Disconnect a Container from a Network= | =Disconnect a Container from a Network= | ||
docker network disconnect <''network-name''> <''container-name''> | docker network disconnect <''network-name''> <''container-name''> | ||
=Enable IP Forwarding from Containers on the Default Bridge= | |||
By default, [[Docker_Networking_Concepts#IP_Forwarding|IP forwarding]] from containers connected to the default bridge is not enabled. To enabled it: | |||
1. Configure the Linux kernel on the Docker host [[IP Forwarding#Overview|to allow forwarding]]. | |||
2. Change the [[Iptables_Command_Line_Tool#List_Rules|iptables]] FORWARD policy from DROP to ACCEPT: | |||
sudo iptables -P FORWARD ACCEPT | |||
These settings do not persist across a reboot, so in order to survive, they need to be added to a script. |
Latest revision as of 17:38, 1 May 2018
Internal
Overview
List Networks
docker network ls
Get Detailed Information about a Network
docker network inspect <network-name>
The containers listed in the "Containers" list are connected (plugged into) to the network.
[
{
"Name": "bridge",
"Id": "3c9a92ee1a7d1d4208e7f924343b85d1af9152ea3d02634c48007d27103f9d36",
"Created": "2018-04-30T20:12:12.943677437-07:00",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"4e5c55294dcc0b4274c73639268c2a570c1e0cae0819ea2fbe21f58d7fdbeba5": {
"Name": "alpine1",
"EndpointID": "779600189ed5197e2ab2fb081f0e5d71d4348bc9af096c8ee77b83c7500afef3",
"MacAddress": "02:42:ac:11:00:02",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": ""
},
"e3092a676f3d9ace791fd7ebb297b71950f1bbd3abe0383f6c7ad78d1fd76523": {
"Name": "alpine2",
"EndpointID": "f060429bfcaf8b2af04f071d88cd886b2a4e352a032ac9e2b2c98f40fb0dc759",
"MacAddress": "02:42:ac:11:00:03",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": ""
}
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]
Create a New User-Defined Bridge Network
Command creates a user-defined bridge network:
docker network create \ [--driver=bridge] \ [--subnet=172.29.0.0/16] \ [--ip-range=172.28.5.0/24 ] \ [--gateway=172.29.5.253] \ <user-defined-bridge-network-name>
Example:
docker network create --driver=bridge green
docker network ls NETWORK ID NAME DRIVER SCOPE ... 663b4388fb68 green bridge local
Remove a User-Defined Bridge Network
docker network rm <user-defined-bridge-network-name>
Note that containers need to be disconnected first from the network being removed.
Connect a Container to a Network
In all examples below, the network to connect to can be the default "bridge" network (which it does not make too much sense, since that is the default), a user-defined bridge network, a host network, etc.
At Container Creation Phase
When a container is created with docker create, one more more --network flags can be specified. Docker will use this information to connect the container to the specified network(s).
docker create --name <container-name> \ --network <network-name> \ --publish <host-port>:<container-port> \ ...
By 'docker run' Command
docker run ... --network <network-name> ...
associates the container with the specified network and connects it to the network. After the command completes, the container's IP is routable outside to the Docker host.
When the Container is Running
The container can be connected dynamically to a network while it is running:
docker network connect <network-name> <container-name>
Disconnect a Container from a Network
docker network disconnect <network-name> <container-name>
Enable IP Forwarding from Containers on the Default Bridge
By default, IP forwarding from containers connected to the default bridge is not enabled. To enabled it:
1. Configure the Linux kernel on the Docker host to allow forwarding.
2. Change the iptables FORWARD policy from DROP to ACCEPT:
sudo iptables -P FORWARD ACCEPT
These settings do not persist across a reboot, so in order to survive, they need to be added to a script.