###### tags: `Study Circle Note`, `Docker in Action 2ed` # Docker in Action 2ed 第四次 2021-07-24 - Ch5 ## 討論 - overlay/underly 是不是剛好講相反 - underlay > you can use underlay networks provided by the macvlan or ipvlan network drivers. - overlay > The overlay network driver is available on Docker engines where swarm mode is enabled. - joined containers 是不是類似 host 模式到另一個 container 中？ - 有點不太一樣，joined container 是讓 container 共用同一個 network namespace - [host mode](https://docs.docker.com/network/host/) 是讓 container 跟 host 使用同一個 namespace - 推薦好文： > 在 Linux 上目前其實也支援了非常多類型種類的 Virtual network interface https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking > [name=Jerry Wang - 為何 `/etc/resolv.conf` 會是 127.0.0.11 ? > Docker 篡改的，[程式碼似乎在這](https://github.com/moby/moby/blob/6317d7467a858de28531516fac75d1b230d024dd/container/container_unix.go#L63)，詳細[過程說明](https://collabnix.com/how-service-discovery-works-under-docker-1-12/) ## 補充 Lab 1. Install docker[1] with Ubuntu 20.04 server. Here is the docker version. ``` $ docker version Client: Docker Engine - Community Version: 20.10.7 API version: 1.41 Go version: go1.13.15 Git commit: f0df350 Built: Wed Jun 2 11:56:38 2021 OS/Arch: linux/amd64 Context: default Experimental: true Server: Docker Engine - Community Engine: Version: 20.10.7 API version: 1.41 (minimum version 1.12) Go version: go1.13.15 Git commit: b0f5bc3 Built: Wed Jun 2 11:54:50 2021 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.4.8 GitCommit: 7eba5930496d9bbe375fdf71603e610ad737d2b2 runc: Version: 1.0.0 GitCommit: v1.0.0-0-g84113ee docker-init: Version: 0.19.0 GitCommit: de40ad0 ``` 2. Run a Nginx container. ``` $ docker run -d \ --name nginx\ -p 8080:80\ nginx ``` ``` $ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 4810764994ea nginx "/docker-entrypoint.…" About a minute ago Up About a minute 0.0.0.0:8080->80/tcp, :::8080->80/tcp nginx $ docker inspect 4810764994ea | grep "IPAddress" "SecondaryIPAddresses": null, "IPAddress": "172.17.0.2", "IPAddress": "172.17.0.2", ``` ``` $ ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc fq_codel state UP group default qlen 1000 link/ether 06:6d:9c:00:30:cf brd ff:ff:ff:ff:ff:ff inet 172.31.21.51/20 brd 172.31.31.255 scope global dynamic eth0 valid_lft 3195sec preferred_lft 3195sec inet6 fe80::46d:9cff:fe00:30cf/64 scope link valid_lft forever preferred_lft forever 3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:42:fa:a5:24:4c brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:faff:fea5:244c/64 scope link valid_lft forever preferred_lft forever 5: vethaba889b@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default link/ether a2:5f:fc:b2:f5:11 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 fe80::a05f:fcff:feb2:f511/64 scope link valid_lft forever preferred_lft forever ``` 3. Capture the packets on the sever side, which is running Nginx container. ``` $ sudo tcpdump -i any -w lab-nginx.pcap tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes ^C139 packets captured 142 packets received by filter 0 packets dropped by kernel ``` 4. On client side 34.243.235.127(eth0: 172.31.15.47), request HTTP via curl command 3 times. sever and client are in the same subnet(VPC). 34.243.235.127(eth0: 172.31.15.47) <-> server 54.155.144.125(eth0: 172.31.21.51) ``` $ curl 54.155.144.125:8080 ``` If you want to analyze the pcap file, pleaes download the [file](https://drive.google.com/file/d/17yu64m8MjxfApus31c-WhMY6k3Ibs3Ig/view?usp=sharing). References: 1. https://docs.docker.com/engine/install/ubuntu/