Thursday, July 8, 2021

Docker-Learn3

 docker container run --detach --rm --publish 80:80 --name webserver nginx

docker container run --detach  --publish 80:80 --name webserver nginx

docker container rm <container_Name|container_Id_First3Digit_SHA>


Use -- flags, its a good practice in docker


docker image ls 


docker container logs webserver


docker container top ContainerID|containerName


docker run -d --name mongo mongo

-------------------------------------

$ docker run -it --rm --privileged --pid=host justincormack/nsenter1

/ #

-------------------------------------

ps aux | { head -1; grep -E 'mysql|mongo' ; }

ps -ef | { head -1; grep bash; }

ps aux | { head -1; grep 999 ; }

-------------------------------------


Docker proces is running on host 

docker top mongo 

//mongo is name of container and this command tells us processes running as a part of mongo docker container - top 10 Processes

ps aux | grep mongod


-------------------------------------

docs.docker.com

--help 

Our friends

-------------------------------------


docker container run -d -p 3306:3306 --name db --env MYSQL_RANDOM_ROOT_PASSWORD=yes mysql


-------------------------------------------------------------------------------------------------

Analyse Outside container

docker container top Container_Name

docker container inspect [OPTIONS] Container_Name

docker container stats [OPTIONS] [CONTAINER...]  //if no container_Name , it means all


-------------------------------------------------------------------------------------------------

Analyse Inside container - To know about whats happening in container

docker container start -ai Container_Name   //a means attach , i means interactive

docker container exec -it Container_Name   //t means tty , i means interactive

docker container run -it ImageName              //t means tty , i means interactive

-------------------------------------------------------------------------------------------------

apt-get update

apt-get install -y procps //Install "ps" in mysql - Its having debian

-------------------------------------------------------------------------------------------------

docker container port nginx


virtual network  ----is having a container's port

host port

only host port is mapped to only 1 Container...mapped


A container can talk to other container if they are on same virtual networks

-------------------------------------------------------------------------------------------------------

• Each Container is by default connected to - private virtual network "Bridge"

• Each PVN routes through NAT Firewall on host IP

• All containers on a virtual network can talk to each other without -p 

For example :

A network has 2 Containers :-> Mysql and httpd

httpd has 8080:80 

While Mysql has nothing

Mysql can talk to httpd

• 2 Different networks cannot talk to each other they have to go via NAT

• 1 host level port is mapped to 1 container only


• Make new virtual networks

• Attach containers to more than 1 virtual network

• Use docker network Drivers.

----------------------------------------------------------------------------------------------

ifconfig en0 // Linux based Actual Host machine

ipconfig // Windows based Actual Host machine

----------------------------------------------------------------------------------------------

docker container port ContainerID

docker container inspect ContainerID 

docker container inspect  --format  "{{ .NetworkSettings.IPAddress}}" nginx

----------------------------------------------------------------------------------------------

Why its called a bridge network ?

Its a type of "Driver"

because this vpn connects our container to outside physical network through  NAT  firewall

----------------------------------------------------------------------------------------------

:::::docker network commands :::::


• docker network ls      // Shows list of all private virtual networks with type of Drivers they possess

//bridge is called "bridge" or "docker0"



• docker network inspect bridge //shows containers attached to this network

Each Container has its own IP Address , although they are attached to same Network SHAid


• Network Type has a Subnet": "172.17.0.0/16" in IPAM Config

has many containers attached to it , Each having its own Ip Addresses

 "IPv4Address": "172.17.0.6/16"

 "IPv4Address": "172.17.0.3/16"

"IPv4Address": "172.17.0.2/16"

----------------------------------------------------------------------------------------------

172.17.0.0 ---- Default IP Address of Bridge Network


----------------------------------------------------------------------------------------------

another network is "host", gives up docker security

attaches directly to host interface

----------------------------------------------------------------------------------------------

docker network inspect bridge

docker network inspect host

docker network inspect none

----------------------------------------------------------------------------------------------

:::: Create a new network

docker network create my_app_net

docker network inspect my_app_net 

"Subnet": "172.18.0.0/16",

"Gateway": "172.18.0.1"

----------------------------------------------------------------------------------------------

docker network create my_app_net 

docker container run --name new_nginx --network my_app_net nginx:alpine //New Container

docker network inspect my_app_net // it has new_nginx attached to it

// --network network   flag on "run" command       Connect a container to a network

----------------------------------------------------------------------------------------------

//docker network 

// docker network connect [OPTIONS] NETWORK CONTAINER

docker network connect --help

docker network  connect  my_app_net nginx          //Attach network to container

docker container inspect nginx      //Inspect container --- It shows connection to 2 networks, now



 "Networks": {

                "bridge": {

                    "IPAMConfig": null,

                    "Gateway": "172.17.0.1",

                    "IPAddress": "172.17.0.6",

                },

                "my_app_net": {

                    "IPAMConfig": {},

                    "Gateway": "172.18.0.1",

                    "IPAddress": "172.18.0.3",


                }

            }

----------------------------------------------------------------------------------------------

docker network disconnect  my_app_net nginx    // Disconnect custom network from ContainerName

----------------------------------------------------------------------------------------------

if apps are on same host, then you should connect both apps to same network 

Explicit -p is very safe because all other ports are blocked!!!! so its very safe.

----------------------------------------------------------------------------------------------

docker network create --driver bridge my_app_net


----------------------------------------------------------------------------------------------

Containers should not rely on IP addresses for communication. DNS Should be used.


Custom Network have DNS Server built into them

default "bridge" network does not has DNS, use --link as workaround.


docker container exec -it my_nginx ping new_nginx


Container Names can be used as - DNS Hostnames , So, if there are 2 containes on same custom Network

They can ping each other using just "Container Names" which are DNS Names

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass