728x90
728x90
테스트용 Dockerfile
FROM ubuntu
RUN apt update
RUN apt-get install -y net-tools iproute2 dnsutils
ENTRYPOINT ["/bin/bash", "-c", "sleep 100000000"]
기본 네트워크인 Bridge 로 컨테이너를 띄우는 경우
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:ac:11:00:02 txqueuelen 0 (Ethernet)
RX packets 784 bytes 1123147 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 802 bytes 89184 (87.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
# ip route show
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2기본 bridge 네트워크 대역인 172.17로의 라우팅이 존재한다.
현재 bridge network의 Subnet은 아래처럼 확인할 수 있다.
docker network inspect bridge | jq '.[0].IPAM.Config'
[
{
"Subnet": "172.17.0.0/16"
}
]
특정 상황에서, Bridge 네트워크가 아닌 Host 네트워크가 필요한 경우가 있다.
(통신이 필요한 대역이 172.17 대역이라던가.... 통신이 필요한 대역이 172.17 대역이라던가.... 🥲)
Host Network는 Bridge처럼 별도의 가상 네트워크를 사용하는 것이 아닌 현재 Host (즉 현재 내 macbook)의 네트워크 인터페이스를 그대로 사용하게 된다.
Host Network를 사용해 Conatiner를 띄우기 위해선 아래의 명령을 사용하면 된다.
docker run -d --name [container name] --network host [image name]
그러나 Docker Desktop Engine을 사용하는 MacBook에선 위처럼 띄웠을 시..
# ifconfig
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
inet6 fe80::42:29ff:fe9a:29b prefixlen 64 scopeid 0x20<link>
ether 02:42:29:9a:02:9b txqueuelen 0 (Ethernet)
RX packets 44118 bytes 3680713 (3.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51886 bytes 480867968 (458.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.65.4 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::44f:61ff:fe5f:5481 prefixlen 64 scopeid 0x20<link>
ether 06:4f:61:5f:54:81 txqueuelen 0 (Ethernet)
RX packets 120387 bytes 534772931 (509.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 96934 bytes 11767924 (11.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 52 bytes 4392 (4.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 52 bytes 4392 (4.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth30be747: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::98e5:3bff:fe31:2e59 prefixlen 64 scopeid 0x20<link>
ether 9a:e5:3b:31:2e:59 txqueuelen 0 (Ethernet)
RX packets 3525 bytes 567930 (554.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5306 bytes 623210 (608.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethef815fe: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e4f9:7cff:fed4:3fd3 prefixlen 64 scopeid 0x20<link>
ether e6:f9:7c:d4:3f:d3 txqueuelen 0 (Ethernet)
RX packets 986 bytes 91218 (89.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 987 bytes 10003144 (9.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.65.5 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.65.5 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
# ip route show
default via 192.168.65.5 dev eth0
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.65.5 dev eth0 proto kernel scope link src 192.168.65.4Host Network를 사용하긴 하는데, 172.17의 Bridge 네트워크 대역도 여전히 가지고 있다.
Docker Desktop Engine 차이인지, MAC에 docker0 인터페이스가 없는 탓인지, MAC에서 보안상 막아뒀다던지....등의 이유를 추측하긴 하지만, 정확한 이유는 잘 모르겠다.
아무튼 그래서 Host Network로 제대로 띄우기 위해선 Docker Daemon 설정에서 Bridge를 사용하지 않겠다고 명시해주면 되긴 한다.
vim ~/.docker/daemon.json
{
"builder": { "gc": { "defaultKeepStorage": "20GB", "enabled": true } },
"experimental": false,
"features": { "buildkit": true },
"bridge": "none" ## 추가
}
"bridge": "none" 을 추가해주고, Docker Desktop을 Restart 한 후, host network로 다시 띄워보면...
# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.65.4 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::8b2:15ff:fe31:28cf prefixlen 64 scopeid 0x20<link>
ether 0a:b2:15:31:28:cf txqueuelen 0 (Ethernet)
RX packets 1041 bytes 10017942 (9.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1009 bytes 79343 (77.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 52 bytes 4392 (4.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 52 bytes 4392 (4.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.65.5 0.0.0.0 UG 0 0 0 eth0
192.168.65.5 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
# ip route show
default via 192.168.65.5 dev eth0
192.168.65.5 dev eth0 proto kernel scope link src 192.168.65.4
172.17 네트워크가 드디어 보이지 않는다.
그러나 요 방법은 bridge network를 써줘야 할 때마다 다시 수정 후 docker restart 를 해줘야 하며, image를 build할때도 --network host 를 지정해줘야 한다. (그냥 할 시 bridge network를 못찾는다는 에러가 난다)
끝!
728x90
728x90
'공부 > Container' 카테고리의 다른 글
| [Docker] CentOS 기반 리눅스 Docker 관련 초기 세팅 (0) | 2023.05.21 |
|---|---|
| [Container] 컨테이너 & 도커 입문 (3) | 2021.07.11 |
댓글