Docker network and storage management

Docker network

The network in Docker mainly solves the problem of mutual communication between containers, between containers and external networks, and between external networks and containers.

Docker communication mode

By default, Docker uses the bridge+NAT communication model.
When Docker is started, it will automatically create the bridge device Docker0 and configure the address.
When Docker starts the container, a pair of veth virtual network devices will be created. One veth network device will be attached to the bridge docker0, and the other will be added to the network command space of the container, which will be renamed eth0. In this way, containers of the same host can communicate with each other through docker0.

It is not enough to only solve the communication between containers inside the host, but also solve the communication between containers and external networks. Therefore, NAT is introduced.

  • Container access to external network
    In order to solve the problem that the container accesses the external network, Docker creates the following MASQUERADE
-tnat -A POSTROUTING -s ! -o docker0 -j MASQUERADE

This rule changes the IP address of all packets sent by container to host ip and sent by host.

  • External network access container
    The services provided by the container need to be exposed to the external network. When docker starts the container, it will create SNAT rules.
docker run -d -p 80:80 apache

The following SNAT rules will be created:

iptables -t nat-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
iptables -t nat-A Docker ! -i docker0 -tcp -m tcp --dport -j DNAT --to-destination

Docker network parameters

Network configuration parameters

Network configuration of Docker process

  • -B / - bridge: Specifies the bridge equipment used by docker. By default, docker will create docker0 bridge equipment. This parameter can specify that docker uses the existing bridge equipment.
  • --bip: specify the ip address and mask of docker0 of Wang Qiao's device, using the standard CIDR form,
  • --dns configuration container dns
    Network configuration of container
  • --net is used to specify the network communication mode used by the container.
    bridge: the default mode of docker
    none: the container has no network stack, and the container cannot communicate with the outside
    Container: docker will add the container to the network NameSpace of the specified container
    Host: indicates that the container uses the network of host and does not have its own independent network stack.

Docker data management


Once the container in Docker is deleted, the rootfs file system corresponding to the container itself will be deleted, and all data in the container will be deleted. Sometimes we want data, logs or other data that need to be persisted, which will not be deleted with the deletion of the container. Sometimes, we want to share data between containers of the same host. To this end, Docker provides data volumes, which can persist data and can also be used to share data between containers.

Data volume

Create data volume

[root@localhost ~]# docker run -it --rm -v /volume1 --name test1 ubuntu /bin/bash
root@816b0ee1b911:/# df -lh
Filesystem               Size  Used Avail Use% Mounted on
overlay                   37G   19G   19G  51% /
tmpfs                     64M     0   64M   0% /dev
tmpfs                    1.1G     0  1.1G   0% /sys/fs/cgroup
shm                       64M     0   64M   0% /dev/shm
/dev/mapper/centos-root   37G   19G   19G  51% /volume1
tmpfs                    1.1G     0  1.1G   0% /proc/asound
tmpfs                    1.1G     0  1.1G   0% /proc/acpi
tmpfs                    1.1G     0  1.1G   0% /proc/scsi
tmpfs                    1.1G     0  1.1G   0% /sys/firmware
root@816b0ee1b911:/# ls v 
var/     volume1/ 
root@816b0ee1b911:/# ls volume1/
root@816b0ee1b911:/# echo "hello" > /volume1/test.txt
root@816b0ee1b911:/# ls volume1/                     

For creating a data volume in this way, when the container is deleted, if no other container references the data volume, the corresponding host directory will also be deleted. Therefore, if you do not want the host directory to be deleted, you must specify the host directory.

Mount the directory of host as a data volume

In addition to creating the data volume, we can also mount the directory of the host to the container as the data volume of the container.

[root@localhost /]# docker run -it --rm -v /data/vulume1:/volueme1 ubuntu /bin/bash
root@0f9510ac0f90:/# df -lh 
Filesystem               Size  Used Avail Use% Mounted on
overlay                   37G   19G   19G  51% /
tmpfs                     64M     0   64M   0% /dev
tmpfs                    1.1G     0  1.1G   0% /sys/fs/cgroup
shm                       64M     0   64M   0% /dev/shm
/dev/mapper/centos-root   37G   19G   19G  51% /volueme1
tmpfs                    1.1G     0  1.1G   0% /proc/asound
tmpfs                    1.1G     0  1.1G   0% /proc/acpi
tmpfs                    1.1G     0  1.1G   0% /proc/scsi
tmpfs                    1.1G     0  1.1G   0% /sys/firmware
root@0f9510ac0f90:/# echo "hello" > /v                 
var/      volueme1/ 
root@0f9510ac0f90:/# echo "hello" > /volueme1/hello.txt
root@0f9510ac0f90:/# exit
[root@localhost /]# ls /data/vulume1/
[root@localhost /]# cat /data/vulume1/hello.txt 
[root@localhost /]# 

We mount / data/volume1 on the host to volume1 in the container In this way, we exchange data between host and container I frame hi. For example, applications in the container can write logs and important data to / volume1. In this way, even if the container is deleted, the data will remain on the host.

The host directory must be an absolute path. If the directory does not exist, docker will automatically create the directory.
By default, the container has read and write access to the mounted data. We can also mount read-only

Mount the host file as a data volume

[root@localhost /]# docker run -it --rm -v /etc/hosts:/etc/hosts ubuntu /bin/bash
root@2f2dd6a7a834:/# cat /etc/hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Data volume container

Create and mount data volume containers

Data can be shared between containers, and a data volume container can be created and then mounted by other containers.

[root@localhost /]# docker run -d -v /dbdata --name dbdata training/postgres echo Data-only container for postgres 
Unable to find image 'training/postgres:latest' locally
latest: Pulling from training/postgres
Image uses outdated schema1 manifest format. Please upgrade to a schema2 image for better future compatibility. More information at
a3ed95caeb02: Pull complete 
6e71c809542e: Pull complete 
2978d9af87ba: Pull complete 
e1bca35b062f: Pull complete 
500b6decf741: Pull complete 
74b14ef2151f: Pull complete 
7afd5ed3826e: Pull complete 
3c69bb244f5e: Pull complete 
d86f9ec5aedf: Pull complete 
010fabf20157: Pull complete 
Digest: sha256:a945dc6dcfbc8d009c3d972931608344b76c2870ce796da00a827bd50791907e
Status: Downloaded newer image for training/postgres:latest
[root@localhost /]# 

You can mount / dbdata data volumes in other containers via – volumes from

[root@localhost /]# docker run -d --volumes-from dbdata --name db1 training/postgres
[root@localhost /]# docker run -d --volumes-from dbdata --name db2  training/postgres
[root@localhost /]# 

In this way, db1 and db2 can also see all data volumes of dbdata.

You can also use multiple – volumes from parameters to mount multiple data volumes from multiple containers. You can also mount data volumes from other containers that have already mounted container volumes

[root@localhost /]# docker run -d --name db3 --volumes-from db1 training/postgres 
[root@localhost /]# 

Application of data volume container

Many applications usually log through the syslog of the system. We can install the application and rsylog into the image at the same time, and then run the application and rsylog in the same container.

  • Building an rsylog image
  • Run rsylog container
  • Write log to log container in other container

Backup, restore, and migrate data volumes

Backup data volume

[root@localhost /]# docker run --volumes-from dbdata -v $(pwd):/backup ubuntu tar cvf /backup/backup.tar /dbdata
tar: Removing leading `/' from member names
[root@localhost /]# ls
backup.tar  bin  boot  data  dev  etc  home  lib  lib64  media  mnt  opt  proc  root  run  sbin  some  srv  sys  tmp  usr  var  www
[root@localhost /]# 

Recover data volume

[root@localhost /]# docker run -v /dbdata --name dbdata2 ubuntu /bin/bash
[root@localhost /]# docker run --volumes-from dbdata2 -v $(pwd):/backup busybox tar xvf /backup/backup.tar  
[root@localhost /]# 

Keywords: Docker

Added by bundred on Sat, 19 Feb 2022 01:43:00 +0200