도커 스웜/네트워킹/보안 v0.3

2017-02-26

Docker Swarm, Networking and Security(v0.3)

Feb. 2017

안종석NAIM Networks, [email protected]

2Copyright ⓒ 2016 by NAIM Networks, Inc. All rights reserved.

네트워크 시스템 관리자를위한 도커(Docker) 목차

I. 개요

1. 구성

2. 기술

3. ‘docker info’

II. 이미지

1. 도커의 이미지

2. 이미지 작업

III. 컨테이너

1. Run

2. 스토리지

3. Filters

IV. 도커 스웜

1. 스웜 개요

2. 스웜 기능

3. 스웜 네트워킹

4. 서비스 디스커버리

5. 로드밸런서

V. 도커 네트워킹

1. 네트워킹 종류

2. 도커의 포트 구성

3. 컨테이너 오버레이

4. 요약

VI. 컨테이너 보안

1. 도커 보안 개요

2. 도커 보안 구성

3. 도커 이미지 보안

4. 컨테이너 보안

5. 요약

VII. 응용

1. 장애 대책

2. 보안 대책

3. 관리 / 성능

VIII. Trouble Shooting

IX. 성능 개선

Lab1. 리눅스(Linux) 설치

Lab2. 도커(Docker) 설치

Lab3. 이미지 (Image)

Lab4. 컨테이너 (Container)

Lab5. 볼륨 (Volume)

Lab6. 스웜 (Swarm)

Lab7. 보안 (Security)

Lab8. OVS(Open vSwitch)

Lab9. 라즈베리파이

Lab10. Mininet

Lab11. 도커 UCP

Lab12. 도커 Compose

Lab13. 네트워크 도구

Lab14. 기타

3Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

4Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

5Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

6Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

7Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

8Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

9Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

10Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

11Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

12Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

13Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

14Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

15Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

16Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

17Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

18Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

19Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

20Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

21Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

22Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

23Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

# macvlan$ docker network create -d macvlan \

--subnet=192.168.0.0/16 \—-ip-range=192.168.41.0/24 \--aux-address="favorite_ip_ever=192.168.41.2" \--gateway=192.168.41.1 \-o parent=eth0.41 macnet41

# , aux

# macvlan$ docker run --net=macnet41 -it --rm alpine /bin/sh

# (Docker Host) Frontend / Backend / Credit Card parent

, VLAN ID .

24Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

25Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

26Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

27Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

28Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

29Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

30Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

31Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

32Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

33Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

34Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

35Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

36Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

37Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

38Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

39Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

40Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

41Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

42Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

43Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.

44Copyright ⓒ 2017 by NAIM Networks, Inc. All rights reserved.