-
Notifications
You must be signed in to change notification settings - Fork 7
Part 1 Default Docker Network
- Go to console.aws.amazon.com
- Sign in with your AWS account
- Select
EC2
- Click on
Launch Instance
- Choose
Ubuntu Server 14.04 LTS (HVM)
- t2.micro is fine, click
Review and Launch
-
Launch
the instance choosing the key created earlier thenview instances
to see the public and private IPs
ssh -i my_key.pem ubuntu@public.ip
ip addr
At this stage the VM will only have loopback and eth0 interfaces
sudo iptables -t nat -L -n
No NAT rules yet
wget -qO- https://get.docker.com/ | sh
Beware of piping untrusted scripts from the Internet into your shell. It's fine for a disposable VM, but not appropriate for a production environment.
ip addr
The docker0 bridge should now be visible with its default IP of 172.17.42.1/16
sudo iptables -t nat -L -n
A number of rules have been added during the Docker install, most notably MASQUERADE for 172.17.0.0/16
###Start container
CON1=$(sudo docker run -d cpswan/hello_onug)
Assigning a shell variable to the output of a sub shell command saves having to copy and paste container IDs into subsequent commands.
The cpswan/hello_onug image is a super minimal implementation of a web server using Go.
###Get IP
CON1IP=$(sudo docker inspect --format='{{.NetworkSettings.IPAddress}}' $CON1)
The --format='{{.NetworkSettings.IPAddress}}
parameter extracts just the IP address, which will likely be 172.17.0.1 for the first container launched.
###Show IP and use it
echo $CON1IP && curl $CON1IP:8080
##Start 2nd container and inspect network
###Start container
CON2=$(sudo docker run -d -p 8080:8080 cpswan/hello_onug)
This time we're binding the container port 8080 to the host port 8080 so there's no need to figure out the container address to connect to.
###Connect to the container
curl localhost:8080
##Take another look at the host network
###Show IPs
ip addr
There will now be two veth interfaces, which are the host side of interface pairs that show up as eth0 in the containers.
sudo iptables -t nat -L -n
The port mapping will now show up as MASQUERADE and DNAT rules.