feat(lab-02): complete Phase 3 - Network & VPC lab

Implement Lab 02 with Docker bridge networks simulating VPC/Subnets. Test Infrastructure (RED phase): - 6 bash test scripts for network creation, isolation, INF-02 compliance - Fail-fast orchestration with run-all-tests.sh - Quick validation script for development Documentation (Diátaxis framework): - 3 tutorials: VPC creation, container deployment, isolation verification - 4 how-to guides: create network, inspect config, test isolation, cleanup - 3 reference docs: Docker network commands, Compose syntax, VPC mapping - 1 explanation: Docker ↔ VPC parallels (PARA-01/02/03/04) Infrastructure (GREEN phase): - docker-compose.yml with VPC networks (10.0.1.0/24, 10.0.2.0/24) - 5 services: web, app, db, test-public, test-private - INF-02 compliant: 127.0.0.1 bindings only, no 0.0.0.0 - Private network with --internal flag - Multi-homed app container (public + private networks) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 17:26:35 +01:00
parent d4c4f7d717
commit 5b2c8c37aa
22 changed files with 3988 additions and 12 deletions
--- a/labs/lab-02-network/how-to-guides/cleanup-networks.md
+++ b/labs/lab-02-network/how-to-guides/cleanup-networks.md
@@ -0,0 +1,102 @@
+# How-To: Pulire le Reti Docker
+
+Guida per rimuovere reti, container e volumi Docker.
+
+## Pulire Container e Reti
+
+### Singola Rete
+
+```bash
+# Rimuovi rete specifica
+docker network rm my-network
+```
+
+### Tutte le Reti Custom (preserva bridge, host, none)
+
+```bash
+# Lista solo reti custom
+docker network ls --filter 'type=custom' -q | xargs docker network rm
+```
+
+## Pulire Container e Reti Together
+
+### Ferma e Rimuovi Tutti i Container
+
+```bash
+docker stop $(docker ps -aq)
+docker rm $(docker ps -aq)
+```
+
+### Rimuovi Tutte le Reti Non Usate
+
+```bash
+docker network prune
+```
+
+## Pulire per Lab Specifico
+
+### Lab 02 Network Cleanup
+
+```bash
+cd ~/laboratori-cloud/labs/lab-02-network
+
+# Ferma e rimuovi container del compose
+docker compose down
+
+# Rimuovi reti specifiche
+docker network rm lab02-vpc-public lab02-vpc-private 2>/dev/null || true
+
+# Rimuovi volumi (opzionale)
+docker volume rm lab02-network_db-data 2>/dev/null || true
+```
+
+### Reset Completo Lab 02
+
+```bash
+cd ~/laboratori-cloud/labs/lab-02-network
+
+# Tutto giu
+docker compose down -v --remove-orphans
+docker network prune -f
+docker volume prune -f
+```
+
+## Verificare lo Stato di Pulizia
+
+```bash
+# Container attivi
+docker ps
+
+# Reti presenti
+docker network ls
+
+# Volumi presenti
+docker volume ls
+```
+
+## Troubleshooting
+
+### Rete in Uso da Container
+
+```bash
+# Trova container usando la rete
+docker network inspect my-network --format '{{json .Containers}}' | jq '.[] | .Name'
+
+# Scollega tutti i container
+docker network disconnect -f my-network $(docker network inspect my-network --format '{{json .Containers}}' | jq -r '.[] | .Name')
+
+# Rimuovi rete
+docker network rm my-network
+```
+
+### Container con Rete "Ghost"
+
+```bash
+# Pulizia completa Docker
+docker system prune -a --volumes
+```
+
+## Vedi Anche
+
+- [Reference: Docker Network Commands](../reference/docker-network-commands.md)
+- [How-To: Reset Ambiente Docker](../../how-to-guides/reset-docker-environment.md)
--- a/labs/lab-02-network/how-to-guides/create-custom-network.md
+++ b/labs/lab-02-network/how-to-guides/create-custom-network.md
@@ -0,0 +1,82 @@
+# How-To: Creare una Rete Docker Personalizzata
+
+Guida rapida per creare reti Docker bridge con subnet personalizzate.
+
+## Comando Rapido
+
+```bash
+# Crea rete con subnet personalizzata
+docker network create --driver bridge --subnet 10.0.1.0/24 --gateway 10.0.1.1 my-custom-network
+```
+
+## Sintassi Completa
+
+```bash
+docker network create [OPTIONS] NETWORK
+
+Options:
+  --driver bridge        # Driver di rete (default: bridge)
+  --subnet SUBNET        # CIDR block (es. 10.0.1.0/24)
+  --gateway GATEWAY      # Gateway IP (es. 10.0.1.1)
+  --internal             # Isola la rete (no accesso esterno)
+  --attachable           # Permette container stand-alone di collegarsi
+```
+
+## Esempi
+
+### Rete Pubblica Standard
+
+```bash
+docker network create --driver bridge \
+  --subnet 10.0.1.0/24 \
+  --gateway 10.0.1.1 \
+  my-public-network
+```
+
+### Rete Privata Isolata
+
+```bash
+docker network create --driver bridge \
+  --subnet 10.0.2.0/24 \
+  --gateway 10.0.2.1 \
+  --internal \
+  my-private-network
+```
+
+### Rete Multi-Subnet
+
+```bash
+docker network create --driver bridge \
+  --subnet=10.0.10.0/24 \
+  --gateway=10.0.10.1 \
+  --subnet=10.0.20.0/24 \
+  --gateway=10.0.20.1 \
+  my-multi-network
+```
+
+## Verifica
+
+```bash
+# Lista reti
+docker network ls
+
+# Ispeziona rete
+docker network inspect my-custom-network
+
+# Rimuovi rete
+docker network rm my-custom-network
+```
+
+## Nomenclatura Cloud (PARA-02)
+
+| Locale | Cloud AWS | Raccomandazione |
+|--------|-----------|-----------------|
+| `vpc-main` | VPC | Nome principale VPC |
+| `public-subnet-1a` | Public Subnet | Subnet pubblica + AZ |
+| `private-subnet-1a` | Private Subnet | Subnet privata + AZ |
+| `10.0.1.0/24` | CIDR | /24 per subnet |
+
+## Vedi Anche
+
+- [Tutorial: Creare Reti VPC](../tutorial/01-create-vpc-networks.md)
+- [Reference: Docker Network Commands](../reference/docker-network-commands.md)
--- a/labs/lab-02-network/how-to-guides/inspect-network-configuration.md
+++ b/labs/lab-02-network/how-to-guides/inspect-network-configuration.md
@@ -0,0 +1,89 @@
+# How-To: Ispezionare la Configurazione di Rete
+
+Guida per analizzare e debuggare le reti Docker.
+
+## Ispezionare una Rete Specifica
+
+```bash
+docker network inspect NETWORK_NAME
+```
+
+Output JSON con: Subnet, Gateway, Driver, Container collegati.
+
+## Comandi Utili
+
+### Mostra Solo le Informazioni Importanti
+
+```bash
+# Subnet e Gateway
+docker network inspect my-network --format '{{range .IPAM.Config}}{{.Subnet}} (GW: {{.Gateway}}){{end}}'
+
+# Solo container collegati
+docker network inspect my-network --format '{{range .Containers}}{{.Name}} {{.IPv4Address}}{{end}}'
+
+# Driver e Scope
+docker network inspect my-network --format 'Driver: {{.Driver}}, Scope: {{.Scope}}'
+```
+
+### Vedere i Container in una Rete
+
+```bash
+# Metodo 1: Tramite inspect
+docker network inspect my-network --format '{{json .Containers}}' | jq '.[] | .Name'
+
+# Metodo 2: Tramite docker ps con filtro
+docker ps --filter "network=my-network" --format "{{.Names}}"
+```
+
+### Verificare IP di un Container
+
+```bash
+# Tutti gli IP del container
+docker inspect container-name --format '{{range .NetworkSettings.Networks}}{{.Network}}: {{.IPAddress}}{{end}}'
+
+# IP in una rete specifica
+docker inspect container-name --format '{{range $k, $v := .NetworkSettings.Networks}}{{if eq $k "my-network"}}{{$v.IPAddress}}{{end}}{{end}}'
+```
+
+### Debug con Output Formattato
+
+```bash
+# Tabella container -> IP -> Rete
+docker ps --format "{{.Names}}" | while read c; do
+    echo "Container: $c"
+    docker inspect $c --format '{{range $k, $v := .NetworkSettings.Networks}}  {{$k}}: {{$v.IPAddress}}{{end}}'
+done
+```
+
+## Risoluzione Problemi
+
+### Rete Non Trovata
+
+```bash
+# Verifica esistenza rete
+docker network ls | grep my-network
+
+# Se non esiste, creala
+docker network create my-network
+```
+
+### Container Non in Rete
+
+```bash
+# Collega container a rete
+docker network connect my-network container-name
+
+# Scollega container da rete
+docker network disconnect my-network container-name
+```
+
+### Subnet Conflicts
+
+```bash
+# Trova subnet in conflitto
+docker network ls -q | xargs docker network inspect --format '{{.Name}}: {{range .IPAM.Config}}{{.Subnet}}{{end}}' | grep "10.0.1"
+```
+
+## Vedi Anche
+
+- [Reference: Compose Network Syntax](../reference/compose-network-syntax.md)
--- a/labs/lab-02-network/how-to-guides/test-network-isolation.md
+++ b/labs/lab-02-network/how-to-guides/test-network-isolation.md
@@ -0,0 +1,87 @@
+# How-To: Testare l'Isolamento delle Reti
+
+Guida per verificare che l'isolamento tra reti Docker funzioni correttamente.
+
+## Test Rapido
+
+```bash
+# Crea due container in reti diverse
+docker run -d --name test1 --network net1 alpine sleep 3600
+docker run -d --name test2 --network net2 alpine sleep 3600
+
+# Test: DOVREBBE FALLIRE (isolamento)
+docker exec test1 ping -c 1 test2
+
+# Cleanup
+docker stop test1 test2 && docker rm test1 test2
+```
+
+## Test Completivo
+
+### 1. Creare Reti di Test
+
+```bash
+docker network create --subnet 10.0.1.0/24 test-net1
+docker network create --subnet 10.0.2.0/24 test-net2
+```
+
+### 2. Creare Container
+
+```bash
+# Container nella stessa rete
+docker run -d --name c1 --network test-net1 alpine sleep 3600
+docker run -d --name c2 --network test-net1 alpine sleep 3600
+
+# Container in rete diversa
+docker run -d --name c3 --network test-net2 alpine sleep 3600
+```
+
+### 3. Test Isolamento
+
+```bash
+# Stessa rete: SUCCESSO
+docker exec c1 ping -c 2 -W 1 c2
+
+# Reti diverse: FALLISCE (atteso)
+docker exec c1 ping -c 2 -W 1 c3
+```
+
+### 4. Test DNS
+
+```bash
+# DNS stessa rete: SUCCESSO
+docker exec c1 nslookup c2
+
+# DNS cross-rete: FALLISCE (atteso)
+docker exec c1 nslookup c3
+```
+
+### 5. Cleanup
+
+```bash
+docker stop c1 c2 c3
+docker rm c1 c2 c3
+docker network rm test-net1 test-net2
+```
+
+## Test con Script
+
+Usa lo script del lab:
+
+```bash
+bash labs/lab-02-network/tests/02-isolation-verification-test.sh
+```
+
+## Risultati Attesi
+
+| Test | Risultato Atteso | Significato |
+|------|------------------|--------------|
+| `ping c2` da c1 (stessa rete) | SUCCESSO | Comunicazione funziona |
+| `ping c3` da c1 (rete diversa) | FALLISCE | Isolamento funzionante |
+| `nslookup c2` da c1 | SUCCESSO | DNS funziona in rete |
+| `nslookup c3` da c1 | FALLISCE | DNS isolato tra reti |
+
+## Vedi Anche
+
+- [Tutorial: Verificare Isolamento](../tutorial/03-verify-network-isolation.md)
+- [Test: Isolation Verification Script](../tests/02-isolation-verification-test.sh)