Docker Network 방식 비교


Types of Docker network

https://docs.docker.com/engine/network/

# docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
fafa09f2813b   bridge    bridge    local
6ff30defc56c   host      host      local
e5c6c6671c21   none      null      local

Bridge Network (default)

컨테이터는 별도의 내부 IP를 가짐

HOST # docker run -d --rm --name web-test -p 8000:8000 crccheck/hello-world

HOST # ip addr
2: enp1s0: ...
    inet 192.168.0.250/24 brd 192.168.0.255 scope global enp1s0
3: docker0: ...
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

HOST # docker exec -it web-test /bin/sh

CONTAINER # ip addr
4: eth0@if5: ...
    inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0

iptables 규칙이 별도로 동작함. firewalld, ufw 등의 호스트 방화벽이 동작하지 않음.

HOST # ufw enable
REMOTE # curl 192.168.0.250:8000
<pre>Hello World...

Host Network

컨테이너 내부에서 호스트의 네트워크가 보이고 호스트의 IP를 가짐.

HOST # docker run -d --name web-test --net=host crccheck/hello-world

HOST # docker exec -it web-test /bin/sh

CONTAINER # ip addr
2: enp1s0: ...
    inet 192.168.0.250/24 brd 192.168.0.255 scope global enp1s0
3: docker0: ...
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0

CONTAINER # netstat -anp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 :::8000                 :::*                    LISTEN      7/httpd

firewalld, ufw 등의 호스트 방화벽이 동작함.

HOST # ufw enable
REMOTE # curl 192.168.0.250:8000
curl: (7) Failed to connect to ...
  • 레이블 없음