github.com/pwn-term/docker@v0.0.0-20210616085119-6e977cce2565/libnetwork/docs/overlay.md

github.com/pwn-term/docker@v0.0.0-20210616085119-6e977cce2565/libnetwork/docs/overlay.md (about)

     1  # Overlay Driver
     2  
     3  ### Design
     4  TODO
     5  
     6  ### Multi-Host Overlay Driver Quick Start
     7  
     8  This example is to provision two Docker Hosts with the **experimental** Libnetwork overlay network driver.
     9  
    10  ### Pre-Requisites
    11  
    12  - Kernel >= 3.16
    13  - Experimental Docker client
    14  
    15  ### Install Docker Experimental
    16  
    17  Follow Docker experimental installation instructions at: [https://github.com/docker/docker/tree/master/experimental](https://github.com/docker/docker/tree/master/experimental)
    18  
    19  To ensure you are running the experimental Docker branch, check the version and look for the experimental tag:
    20  
    21  ```
    22  $ docker -v
    23  Docker version 1.8.0-dev, build f39b9a0, experimental
    24  ```
    25  
    26  ### Install and Bootstrap K/V Store
    27  
    28  
    29  Multi-host networking uses a pluggable Key-Value store backend to distribute states using `libkv`.
    30  `libkv` supports multiple pluggable backends such as `consul`, `etcd` & `zookeeper` (more to come).
    31  
    32  In this example we will use `consul`
    33  
    34  Install:
    35  
    36  ```
    37  $ curl -OL https://dl.bintray.com/mitchellh/consul/0.5.2_linux_amd64.zip
    38  $ unzip 0.5.2_linux_amd64.zip
    39  $ mv consul /usr/local/bin/
    40  ```
    41  
    42  **host-1** Start Consul as a server in bootstrap mode:
    43  
    44  ``` 
    45  $ consul agent -server -bootstrap -data-dir /tmp/consul -bind=<host-1-ip-address>
    46  ```
    47  
    48  **host-2** Start the Consul agent:
    49  
    50  ``` 
    51  $ consul agent -data-dir /tmp/consul -bind=<host-2-ip-address>
    52  $ consul join <host-1-ip-address>
    53  ```
    54  
    55  
    56  ### Start the Docker Daemon with the Network Driver Daemon Flags
    57  
    58  **host-1** Docker daemon:
    59  
    60  ```
    61  $ docker -d --kv-store=consul:localhost:8500 --label=com.docker.network.driver.overlay.bind_interface=eth0
    62  ```
    63  
    64  **host-2** Start the Docker Daemon with the neighbor ID configuration:
    65  
    66  ```
    67  $ docker -d --kv-store=consul:localhost:8500 --label=com.docker.network.driver.overlay.bind_interface=eth0 --label=com.docker.network.driver.overlay.neighbor_ip=<host-1-ip-address>
    68  ```
    69  
    70  ### QuickStart Containers Attached to a Network
    71  
    72  **host-1** Start a container that publishes a service svc1 in the network dev that is managed by overlay driver.
    73  
    74  ```
    75  $ docker run -i -t --publish-service=svc1.dev.overlay debian
    76  root@21578ff721a9:/# ip add show eth0
    77  34: eth0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    78      link/ether 02:42:ec:41:35:bf brd ff:ff:ff:ff:ff:ff
    79      inet 172.21.0.16/16 scope global eth0
    80         valid_lft forever preferred_lft forever
    81      inet6 fe80::42:ecff:fe41:35bf/64 scope link
    82         valid_lft forever preferred_lft forever
    83  ```
    84  
    85  **host-2** Start a container that publishes a service svc2 in the network dev that is managed by overlay driver.
    86  
    87  ```
    88  $ docker run -i -t --publish-service=svc2.dev.overlay debian
    89  root@d217828eb876:/# ping svc1
    90  PING svc1 (172.21.0.16): 56 data bytes
    91  64 bytes from 172.21.0.16: icmp_seq=0 ttl=64 time=0.706 ms
    92  64 bytes from 172.21.0.16: icmp_seq=1 ttl=64 time=0.687 ms
    93  64 bytes from 172.21.0.16: icmp_seq=2 ttl=64 time=0.841 ms
    94  ```
    95  ### Detailed Setup
    96  
    97  You can also setup networks and services and then attach a running container to them.
    98  
    99  **host-1**:
   100  
   101  ```
   102  docker network create -d overlay prod 
   103  docker network ls
   104  docker network info prod
   105  docker service publish db1.prod
   106  cid=$(docker run -itd -p 8000:8000 ubuntu)
   107  docker service attach $cid db1.prod
   108  ```
   109  
   110  **host-2**:
   111  
   112  ```
   113  docker network ls
   114  docker network info prod
   115  docker service publish db2.prod
   116  cid=$(docker run -itd -p 8000:8000 ubuntu)
   117  docker service attach $cid db2.prod
   118  ```
   119  
   120  Once a container is started, a container on `host-1` and `host-2` both containers should be able to ping one another via IP, service name, \<service name>.\<network name>
   121  
   122  
   123  View information about the networks and services using `ls` and `info` subcommands like so:
   124  
   125  ```
   126  $ docker service ls
   127  SERVICE ID          NAME                  NETWORK             CONTAINER
   128  0771deb5f84b        db2                   prod                0e54a527f22c
   129  aea23b224acf        db1                   prod                4b0a309ca311
   130  
   131  $ docker network info prod
   132  Network Id: 5ac68be2518959b48ad102e9ec3d8f42fb2ec72056aa9592eb5abd0252203012
   133  	Name: prod
   134  	Type: overlay
   135  
   136  $ docker service info db1.prod
   137  Service Id: aea23b224acfd2da9b893870e0d632499188a1a4b3881515ba042928a9d3f465
   138  	Name: db1
   139  	Network: prod
   140  ```
   141  
   142  To detach and unpublish a service:
   143  
   144  ```
   145  $ docker service detach $cid <service>.<network>
   146  $ docker service unpublish <service>.<network>
   147  
   148  # Example:
   149  $ docker service detach $cid  db2.prod
   150  $ docker service unpublish db2.prod
   151  ```
   152  
   153  To reiterate, this is experimental, and will be under active development.