lucasacchi/laboratori-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(lab-02): complete Phase 3 - Network & VPC lab

Browse Source 
Implement Lab 02 with Docker bridge networks simulating VPC/Subnets.

Test Infrastructure (RED phase):
- 6 bash test scripts for network creation, isolation, INF-02 compliance
- Fail-fast orchestration with run-all-tests.sh
- Quick validation script for development

Documentation (Diátaxis framework):
- 3 tutorials: VPC creation, container deployment, isolation verification
- 4 how-to guides: create network, inspect config, test isolation, cleanup
- 3 reference docs: Docker network commands, Compose syntax, VPC mapping
- 1 explanation: Docker ↔ VPC parallels (PARA-01/02/03/04)

Infrastructure (GREEN phase):
- docker-compose.yml with VPC networks (10.0.1.0/24, 10.0.2.0/24)
- 5 services: web, app, db, test-public, test-private
- INF-02 compliant: 127.0.0.1 bindings only, no 0.0.0.0
- Private network with --internal flag
- Multi-homed app container (public + private networks)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Luca Sacchi Ricciardi
2026-03-25 17:26:35 +01:00
parent d4c4f7d717
commit 5b2c8c37aa
22 changed files with 3988 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

284
labs/lab-02-network/reference/compose-network-syntax.md Normal file
View File

@@ -0,0 +1,284 @@
# Reference: Sintassi Network Docker Compose
Specifiche tecniche per definire reti in docker-compose.yml.
## Struttura Base
```yaml
version: "3.8"
networks:
network-name:
driver: bridge
name: actual-network-name
ipam:
driver: default
config:
- subnet: 10.0.1.0/24
gateway: 10.0.1.1
services:
service-name:
image: image:tag
networks:
- network-name
```
## Sezione Networks
### Configurazione Minima
```yaml
networks:
my-network:
driver: bridge
```
### Configurazione Completa
```yaml
networks:
vpc-public:
name: lab02-vpc-public # Nome effettivo della rete
driver: bridge # Driver (bridge, overlay)
driver_opts:
com.docker.network.bridge.name: br-public # Nome bridge host
ipam:
driver: default
config:
- subnet: 10.0.1.0/24
gateway: 10.0.1.1
ip_range: 10.0.1.128/25 # (opzionale) Range per container
internal: false # (opzionale) Isola rete
attachable: false # (opzionale) Permette container esterni
labels: # (opzionale) Metadata
env: development
```
### Rete Interna (Privata)
```yaml
networks:
vpc-private:
driver: bridge
internal: true # Blocca accesso esterno
ipam:
config:
- subnet: 10.0.2.0/24
gateway: 10.0.2.1
```
### Rete Esterna (Preesistente)
```yaml
networks:
external-network:
name: existing-network # Usa rete esistente
external: true
```
## Sezione Services
### Container in Singola Rete
```yaml
services:
web:
image: nginx:alpine
networks:
- vpc-public
```
### Container con IP Statico
```yaml
services:
web:
image: nginx:alpine
networks:
vpc-public:
ipv4_address: 10.0.1.10
```
### Container in Multiple Reti (Multi-homed)
```yaml
services:
app:
image: myapp:latest
networks:
vpc-public:
ipv4_address: 10.0.1.20
vpc-private:
ipv4_address: 10.0.2.20
```
### Alias DNS Personalizzati
```yaml
services:
db:
image: postgres:16
networks:
vpc-private:
aliases:
- database
- postgres-primary
```
## Port Publishing (INF-02)
### Sicuro (Locale Only)
```yaml
services:
web:
ports:
- "127.0.0.1:8080:80" # Solo localhost (COMPLIANT)
- "127.0.0.1:8443:443"
```
### Non Sicuro (Tutte le Interfacce)
```yaml
services:
web:
ports:
- "8080:80" # VIOLA INF-02 (0.0.0.0:8080)
- "0.0.0.0:8080:80" # VIOLA INF-02 (esplicito)
```
### Nessuna Porta (Servizio Privato)
```yaml
services:
db:
# Nessuna sezione ports - completamente privato
```
## Priorita e Dipendenze
```yaml
services:
app:
image: myapp
networks:
- vpc-public
depends_on:
- db
db:
image: postgres
networks:
- vpc-private
```
## Esempio Completo
```yaml
version: "3.8"
services:
web:
image: nginx:alpine
container_name: lab02-web
networks:
vpc-public:
ipv4_address: 10.0.1.10
ports:
- "127.0.0.1:8080:80"
restart: unless-stopped
app:
image: myapp:latest
container_name: lab02-app
networks:
vpc-public:
ipv4_address: 10.0.1.20
vpc-private:
ipv4_address: 10.0.2.20
ports:
- "127.0.0.1:8081:8080"
depends_on:
- db
restart: unless-stopped
db:
image: postgres:16-alpine
container_name: lab02-db
environment:
POSTGRES_PASSWORD: secret
networks:
vpc-private:
ipv4_address: 10.0.2.10
volumes:
- db-data:/var/lib/postgresql/data
restart: unless-stopped
volumes:
db-data:
networks:
vpc-public:
name: lab02-vpc-public
driver: bridge
ipam:
config:
- subnet: 10.0.1.0/24
gateway: 10.0.1.1
vpc-private:
name: lab02-vpc-private
driver: bridge
internal: true
ipam:
config:
- subnet: 10.0.2.0/24
gateway: 10.0.2.1
```
## Comandi di Verifica
```bash
# Valida configurazione
docker compose -f docker-compose.yml config
# Mostra rete generate
docker compose -f docker-compose.yml config | grep -A 20 "Networks:"
# Crea rete senza avviare servizi
docker compose -f docker-compose.yml up --no-deps --no-start
# Ispeziona rete creata
docker network inspect lab02-vpc-public
```
## Troubleshooting
### Subnet Conflicts
```bash
# Verifica subnet in uso
docker network ls -q | xargs docker network inspect --format '{{.Name}}: {{range .IPAM.Config}}{{.Subnet}}{{end}}'
# Cambia subnet nel compose
ipam:
config:
- subnet: 10.0.10.0/24 # Usa CIDR diverso
```
### Container Non Ottengono IP
```bash
# Rimuovi IP statici
# (lascia Docker assegnare automaticamente)
services:
web:
networks:
- vpc-public # Rimuovi ipv4_address
```
## Vedi Anche
- [Tutorial: Deploy Container](../tutorial/02-deploy-containers-networks.md)
- [Reference: Docker Network Commands](./docker-network-commands.md)