Docker with VLANs

Рет қаралды 4,389

Scotti-BYTE Enterprise Consulting Services

Күн бұрын

By popular request, in this video I revisit VLANs by explaining how to use Docker with VLANs.
On your Docker host, you must determine the name of the network interface with: ip route
List your current Docker containers:
docker ps
List your Docker networks:
docker network ls
Create a Docker network in my example:
docker network create -d macvlan --subnet=192.168.100.0/24 --gateway=192.168.100.1 -o parent=qvs0.100 vlan100
Create a container to use the new network:
docker run -d --name=Whiteboard -p 8080:8080 --memory=2g --cpus=1 --restart=always --net=vlan100 --ip=192.168.100.17 rofl256/whiteboard
Other commands:
docker stop Whiteboard
docker rm Whiteboard
docker network rm vlan100
[Chapters]
00:00 Intro
00:35 Docker with VLANs
01:11 What does Docker do?
02:59 How Most Folks Do VLANs
03:55 Switch Port Profiles
04:40 What Does Macvlan Do?
05:44 Docker and macvlan
07:46 Docker and macvlan Showcase
09:38 Docker and macvlan - SSH
12:03 Running the application on the new network
14:14 Summary
-----
Come visit us at: www.scottibyte.com
Discourse: discussion.scottibyte.com
RocketChat: chat.scottibyte.com

Пікірлер: 27

@helioradial 4 ай бұрын

Thank you, was in a jam. Much appreciated :)

@scottibyte 4 ай бұрын

My pleasure!

@lukesweigart271 Жыл бұрын

This video is amazing and could've saved me so much time had I found it earlier. I am using docker compose but these concepts really helped me when segregating my media server stack.

@scottibyte Жыл бұрын

Glad to hear it Luke. I have lots of videos devoted to not only Docker, but the awesome LXD container technology. Hope you subscribe and watch. Come by chat.scottibyte.com/ to ask questions.

@try-that 2 жыл бұрын

Nice video, I understand it a lot more now, just have to convert to docker-compose now. I'll create the network either through portainer or more probable via CLI. I've noticed there really aren't load of examples or tutorials concerning networking via docker-compose files. I know I can do it all via CLI and it is slightly easier that way, but I like using 'stacks' in portainer and having my text file of containers I've used and for me, it's just so much quicker and straight forward to make alterations via the 'stacks' function. But thanks again for taking the time for the video.

@scottibyte 2 жыл бұрын

I am not as fluent in Docker per se. However, there is nothing wrong with creating the network interface at the cli and then referencing it in the Docker Compose. Docker Compose ends up being problematic for many users because of the YAML file format and spacing.

@asyraftaqi162 10 ай бұрын

you are awesome!!!! cheers

@dalle5 Жыл бұрын

Thank you for this. Saved me from allot of work!! :-)

@scottibyte Жыл бұрын

That's my hope. Please subscribe and check out my ever growing library of solutions.

@Deffcolony 2 жыл бұрын

[Chapters] 00:00 Intro 00:35 Docker with VLANs 01:11 What does Docker do? 02:59 How Most Folks Do VLANs 03:55 Switch Port Profiles 04:40 What Does Macvlan Do? 05:44 Docker and macvlan 07:46 Docker and macvlan Showcase 09:38 Docker and macvlan - SSH 12:03 Running the application on the new network 14:14 Summary 14:54 Outro

@scottibyte 2 жыл бұрын

Thanks

@chrisschneider983 Жыл бұрын

Hi Scott, I just watched your video. This summarizes in 15min, what I have found out the hard way over a couple of nights. Very nice! There is still one open question: could you please set your switchport profile to vlan100? -> is it possible to have the host and some of the containers in the same VLAN? If I do this, I cannot ssh into my host or I loose all connectivity to the container. I never managed to have both. Is this some hardware limitation? Do I need some special routing settings? I just managed to get the connectivity by using ipvlan in docker, but then, the containers are not visibile in the unifi dashboard - which was very handy.

@scottibyte Жыл бұрын

Chris, a lot of good questions here. Once you set your switch port profile to a single LAN, all the instances of docker/LXD running on the host on that switch port are forced to that VLAN. That's why I advocate creating VLAN connections with both Docker Networks and LXD Profiles. With that philosophy, you leave your switch port profile as "all" which means that the various containers can operate on multiple VLANs. The hardware limitation question is more of a firewall configuration question. Come by chat.scottibyte.com/ and we can discuss what that means.

@chrisschneider983 Жыл бұрын

@@scottibyte Thanks for the quick answer. I created a switch port profile with a "native network" on VLAN100 and added one tagged VLAN30 to it. The container on VLAN30 is perfectly accessible. The container on VLAN100 is not accessable - or if it is, I loose the connectivity to the host, who is obviously on VLAN100 as well. As if they steal the traffic of each other...

@scottibyte Жыл бұрын

@@chrisschneider983 Again, meet me on chat.scottibyte.com/ If you have docker networkis defined for vlan 30 and vlan 100, I am unsure why you want to set a port profile also.

@MrGenbu Жыл бұрын

hi !, nice video i was asking if you can arrange your vidoes in playlist in order you seem to have a lot of interesting videos but i can not really seem to have an overall view on it

@scottibyte Жыл бұрын

I thought about that several times. Each playlist would only have 2 -3 videos because of how they follow. The videos fall in chronological order. If there is any grouping or related videos, it is typically the one before and the one after.

@MrGenbu Жыл бұрын

@@scottibyte if you at least arrange the new ones will save a lot of time in the future if you decided to arrange them.

@scottibyte Жыл бұрын

@@MrGenbu Typically I try to back reference other videos in later videos when appropriate. In looking back at the older ones, they really follow chronologically. Others have mentioned playlists and I started looking at it seriously. Problem is I ended up with playlists of 1 or 2 videos often and it just didn't add value.

@MrGenbu Жыл бұрын

@@scottibyte it will add value when i try to go through your channel , typically what any one does is to go first for playlist section , you see all the headings for things you need really fast , if you have a problem categorizing your videos maybe make a more general playlist headings to include more

@scottibyte Жыл бұрын

@@MrGenbu I looked at the playlist feature. My thoughts are that I would put all of my videos in one playlist chronologically which is already done in the main listing. Perhaps you can organize them for me.

@SolarPV. 2 жыл бұрын

Interesting video, how would this work with Docker within Proxmox ?

@scottibyte 2 жыл бұрын

Proxmox allows you to open a command shell in the host that is running your Docker. You would follow the procedure I described in that command shell.

@SolarPV. 2 жыл бұрын

@@scottibyte Ah ok, Then I enable ALLOW VLANS in Proxmox to allow VLANS out ?

@scottibyte 2 жыл бұрын

@@SolarPV. docker network create is the command that you use to create the network. This is a docker command line command. Proxmox does not manipulate docker containers directly. Perhaps you could load portainer and see if it has a GUI way to create and use docker networks. The purpose of this video is to understand the actual CLI commands to create and use vlan connections. I would think that any "ALLOW VLANS" setting in proxmox would be referring to VMs and not Docker containers. I am not a Proxmox user.

@GordonBlue Жыл бұрын

@@SolarPV. It depends on your setup. If you run docker directly on your proxmox host, then I am not sure if you would need to do anything except follow the guide in this video and creating a macvlan network on the interface that you want to use. If you run docker on a virtual machine or LXC that is run on the Proxmox host, then the virtual bridge needs to be vlan aware. You do this under the Node --> System --> Network --> name of the bridge (vmbr0) then edit and check the box for vlan aware. If you're new to VLANs I would suggest starting of with something more simple, like using a VM on a VLAN.