Vous êtes ici : Formations en Ligne Gratuites » Catalogue » workbooks » DOF600 - Prérequis » DOE600 - Course Presentation » DOF606 - Overlay Network Management with Docker in Swarm Mode

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

--- elearning:workbooks:docker3:en:dre05 [2023/12/17 11:14] – admin
+++ elearning:workbooks:docker3:en:dre05 [2023/12/27 08:34] (Version actuelle) – admin
@@ Ligne 42: / Ligne 42: @@
 Traffic linked to the management of swarm services is encrypted by default using the AES algorithm in GCM mode. In order to encrypt application-related data traffic, it is possible to use the **--opt encrypted** option when creating the overlay network. In this case, Docker creates IPSEC tunnels between each node using the same algorithm as the swarm services traffic. There is therefore a performance degradation to be assessed before going into production. In both cases the keys are changed every 12 hours (see [[https://www.vaultproject.io/docs/internals/rotation.html]])
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **CAUTION**: Encryption of application-related data is not compatible with Windows(tm). When connecting the Windows(tm) node to an encrypted overlay network, no errors will be reported. However the node will be unable to communicate.
 </WRAP>
@@ Ligne 185: / Ligne 185: @@
 </code>
-<WRAP centre round info 50%>
+<WRAP center round info 50%>
 **Info**: The **docker_gwbridge** network connects the **ingress** network to the host's network adapter and therefore connects the Docker daemon to the other Docker daemons participating in swarm.
 </WRAP>
@@ Ligne 210: / Ligne 210: @@
 </code>
-====.2 - Creating a Service====
+====1.2 - Creating a Service====
 Create a nginx service that uses the **nginx-net** network:
@@ Ligne 375: / Ligne 375: @@
 </WRAP>
-====.3 - Move the Service to another Network overlay====
+====1.3 - Move the Service to another Network overlay====
 Check the overlay network **nginx-net** on the three nodes:
@@ Ligne 744: / Ligne 744: @@
 </code>
-====.4 - DNS container discovery====
+====1.4 - DNS container discovery====
 The Docker daemon runs an embedded DNS server at address 127.0.0.11 that enables name resolution in a custom network. If this server is unable to perform the resolution, it transfers the request to any external server defined in the container.
@@ Ligne 790: / Ligne 790: @@
 </code>
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network has not been created.
 </WRAP>
@@ Ligne 819: / Ligne 819: @@
 </code>
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network, having the same **NETWORK ID**, was automatically created when the **alpine2** container was created.
 </WRAP>
@@ Ligne 835: / Ligne 835: @@
 </code>
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network has not been created.
 </WRAP>
@@ Ligne 918: / Ligne 918: @@
 </code>
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **Important**: Note that the **test-net** network has been removed.
 </WRAP>
@@ Ligne 950: / Ligne 950: @@
 </code>
-====2.5 - Creating a Custom Network overlay====
+====1.5 - Creating a Custom Network overlay====
 It is possible to create a custom overlay network. In this case, the existing ingress network must be deleted:
@@ Ligne 1356: / Ligne 1356: @@
 {{ :elearning:workbooks:docker2:tvl1m.png?nolink&400 |}}
-  **replicas** - specifies the number of replicas
+  * **replicas** - specifies the number of replicas
-  **restart_policy** specifies what happens if the service is stopped. In the case above, docker will try to restart the service **3** times (**max_attempts**) at **10** second intervals (**delay**), waiting **120** seconds (**window**) each time to see if the service has actually restarted,
+  * **restart_policy** specifies what happens if the service is stopped. In the case above, docker will try to restart the service **3** times (**max_attempts**) at **10** second intervals (**delay**), waiting **120** seconds (**window**) each time to see if the service has actually restarted,
-  **placement** - specifies where the service should be started.
+  * **placement** - specifies where the service should be started.
 Now deploy the stack:
@@ Ligne 1405: / Ligne 1405: @@
 Return to the Apache Guacamole window in **your** computer's browser. Click on the **Debian11_10.0.2.46_VNC** connection. Then launch an Internet browser. Go to the URL http://10.0.2.62:8080 and consult the **visualizer** service:
-{{ :elearning:workbooks:docker:docker001.png?direct&600 |}}
 {{ :elearning:workbooks:docker:docker001.png |}}
@@ Ligne 1427: / Ligne 1425: @@
 </code>
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **Important**: Note that the three networks created are of type **overlay**.
 </WRAP>
@@ Ligne 1442: / Ligne 1440: @@
 </code>
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **Important**: Note that only the **app_frontend** network has been created in **worker1**.
 </WRAP>
@@ Ligne 1458: / Ligne 1456: @@
 </code>
-<WRAP centre round important 50%>
+<WRAP center round important 50%>
 **Important**: Note that the two networks **app_frontend** and **app_backend** were created in **worker2**.
 </WRAP>

Piste : • Topic 110: Security • Topic 207: Domain Name Server • LDF515 - Gestion du Système X et de l'Accès Universel • RH12406 - User Management • LCF310 - Gestion du Noyau et des Quotas • DOF204 - Gestion de la Sécurité de Docker • LCF302 - Comprendre le Réseau TCPv4 • RH13409 - Gestion des Conteneurs avec Podman • SO214 - Gestion des Services Réseau TCPv4 • LDF511 - Gestion des Paramètres du matériel et les Ressources

Différences

Recherche

Imprimer/exporter

Menu