Docker Networking: O Guia Definitivo π
ββββββββββββββββββββββββββββββββββββββββββββββ
β DOCKER NETWORK TOPOLOGY β
β β
β [Container A] ββ [Bridge] ββ [Host] β
β β β β β
β [Container B] [Overlay] [MacVLAN] β
β β
ββββββββββββββββββββββββββββββββββββββββββββββ
Network Drivers π
Bridge Network (Default)
# Criar rede bridge
docker network create --driver bridge minha-rede
# Conectar container
docker run -d --network minha-rede nginx
# Inspecionar rede
docker network inspect bridge
Host Network
# Usar rede do host
docker run --network host nginx
# Verificar portas
netstat -tulpn
None Network
# Sem rede
docker run --network none alpine
Overlay Network
# Criar rede overlay
docker network create \
--driver overlay \
--attachable \
--subnet=10.0.9.0/24 \
overlay-net
# Habilitar criptografia
docker network create \
--driver overlay \
--opt encrypted \
secure-overlay
Macvlan
# Criar rede macvlan
docker network create \
-d macvlan \
--subnet=192.168.1.0/24 \
--gateway=192.168.1.1 \
-o parent=eth0 \
macvlan-net
Network Configuration π§
Port Mapping
# Mapear porta ΓΊnica
docker run -p 8080:80 nginx
# MΓΊltiplas portas
docker run \
-p 80:80 \
-p 443:443 \
nginx
# UDP ports
docker run -p 53:53/udp dns-server
# Range de portas
docker run -p 8000-8010:8000-8010 app
DNS Configuration
# Configurar DNS
docker run --dns 8.8.8.8 nginx
# Arquivo de configuração
cat /etc/docker/daemon.json
{
"dns": ["8.8.8.8", "8.8.4.4"],
"dns-search": ["example.com"]
}
Network Security π
Network Policies
# Network policy bΓ‘sica
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
Firewall Rules
# Regras iptables
iptables -I DOCKER-USER -i ext_if ! \
-s 192.168.1.0/24 -j DROP
# Permitir portas especΓficas
iptables -A DOCKER-USER -p tcp \
--dport 80 -j ACCEPT
Network Troubleshooting π
Debug Commands
# Inspecionar rede
docker network inspect bridge
# Listar endpoints
docker network inspect -f \
'{{range .Containers}}{{.Name}} {{.IPv4Address}}{{end}}' \
bridge
# EstatΓsticas
docker stats --format \
"table {{.Container}}\t{{.NetIO}}"
Network Tools
# tcpdump
docker run --net=container:target \
nicolaka/netshoot \
tcpdump -i any port 80
# netstat
docker exec container netstat -tulpn
# ping test
docker run --rm busybox ping container_name
Docker Compose Networking π¦
Basic Configuration
version: '3.8'
services:
web:
networks:
- frontend
- backend
api:
networks:
backend:
ipv4_address: 172.16.238.10
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true
Advanced Features
networks:
overlay_net:
driver: overlay
driver_opts:
encrypted: "true"
ipam:
driver: default
config:
- subnet: 10.0.9.0/24
Network Monitoring π
Basic Monitoring
# Network stats
docker stats --format \
"table {{.Name}}\t{{.NetIO}}"
# Network events
docker events --filter 'type=network'
# Container connections
docker exec container ss -tulpn
Advanced Monitoring
# Detailed metrics
docker run --rm \
--net=container:target \
nicolaka/netshoot \
iftop
# Network profiling
docker run --rm \
--net=container:target \
nicolaka/netshoot \
nethogs
Best Practices π‘
Network Design
Use user-defined networks
Isolate sensitive services
Implement network policies
Monitor network traffic
Regular security audits
Performance Tips
Use host network when possible
Minimize network overhead
Optimize DNS resolution
Use appropriate drivers
Monitor bandwidth usage
Waifu Network Tips π
Próximos Passos π―
Docker Compose
Performance Tuning
Referências π
16 abril 2025