lucasacchi/laboratori-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7fac88e129fc58c3c76636376d3b0484bdb1b302
laboratori-cloud/labs/lab-02-network/reference/compose-network-syntax.md
Luca Sacchi Ricciardi 5b2c8c37aa feat(lab-02): complete Phase 3 - Network & VPC lab 
Implement Lab 02 with Docker bridge networks simulating VPC/Subnets.

Test Infrastructure (RED phase):
- 6 bash test scripts for network creation, isolation, INF-02 compliance
- Fail-fast orchestration with run-all-tests.sh
- Quick validation script for development

Documentation (Diátaxis framework):
- 3 tutorials: VPC creation, container deployment, isolation verification
- 4 how-to guides: create network, inspect config, test isolation, cleanup
- 3 reference docs: Docker network commands, Compose syntax, VPC mapping
- 1 explanation: Docker ↔ VPC parallels (PARA-01/02/03/04)

Infrastructure (GREEN phase):
- docker-compose.yml with VPC networks (10.0.1.0/24, 10.0.2.0/24)
- 5 services: web, app, db, test-public, test-private
- INF-02 compliant: 127.0.0.1 bindings only, no 0.0.0.0
- Private network with --internal flag
- Multi-homed app container (public + private networks)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 17:26:35 +01:00

4.9 KiB
Raw Blame History

Reference: Sintassi Network Docker Compose

Specifiche tecniche per definire reti in docker-compose.yml.

Struttura Base

version: "3.8"

networks:
  network-name:
    driver: bridge
    name: actual-network-name
    ipam:
      driver: default
      config:
        - subnet: 10.0.1.0/24
          gateway: 10.0.1.1

services:
  service-name:
    image: image:tag
    networks:
      - network-name

Sezione Networks

Configurazione Minima

networks:
  my-network:
    driver: bridge

Configurazione Completa

networks:
  vpc-public:
    name: lab02-vpc-public        # Nome effettivo della rete
    driver: bridge                 # Driver (bridge, overlay)
    driver_opts:
      com.docker.network.bridge.name: br-public  # Nome bridge host
    ipam:
      driver: default
      config:
        - subnet: 10.0.1.0/24
          gateway: 10.0.1.1
          ip_range: 10.0.1.128/25    # (opzionale) Range per container
    internal: false                 # (opzionale) Isola rete
    attachable: false               # (opzionale) Permette container esterni
    labels:                        # (opzionale) Metadata
      env: development

Rete Interna (Privata)

networks:
  vpc-private:
    driver: bridge
    internal: true                 # Blocca accesso esterno
    ipam:
      config:
        - subnet: 10.0.2.0/24
          gateway: 10.0.2.1

Rete Esterna (Preesistente)

networks:
  external-network:
    name: existing-network         # Usa rete esistente
    external: true

Sezione Services

Container in Singola Rete

services:
  web:
    image: nginx:alpine
    networks:
      - vpc-public

Container con IP Statico

services:
  web:
    image: nginx:alpine
    networks:
      vpc-public:
        ipv4_address: 10.0.1.10

Container in Multiple Reti (Multi-homed)

services:
  app:
    image: myapp:latest
    networks:
      vpc-public:
        ipv4_address: 10.0.1.20
      vpc-private:
        ipv4_address: 10.0.2.20

Alias DNS Personalizzati

services:
  db:
    image: postgres:16
    networks:
      vpc-private:
        aliases:
          - database
          - postgres-primary

Port Publishing (INF-02)

Sicuro (Locale Only)

services:
  web:
    ports:
      - "127.0.0.1:8080:80"    # Solo localhost (COMPLIANT)
      - "127.0.0.1:8443:443"

Non Sicuro (Tutte le Interfacce)

services:
  web:
    ports:
      - "8080:80"             # VIOLA INF-02 (0.0.0.0:8080)
      - "0.0.0.0:8080:80"     # VIOLA INF-02 (esplicito)

Nessuna Porta (Servizio Privato)

services:
  db:
    # Nessuna sezione ports - completamente privato

Priorita e Dipendenze

services:
  app:
    image: myapp
    networks:
      - vpc-public
    depends_on:
      - db

  db:
    image: postgres
    networks:
      - vpc-private

Esempio Completo

version: "3.8"

services:
  web:
    image: nginx:alpine
    container_name: lab02-web
    networks:
      vpc-public:
        ipv4_address: 10.0.1.10
    ports:
      - "127.0.0.1:8080:80"
    restart: unless-stopped

  app:
    image: myapp:latest
    container_name: lab02-app
    networks:
      vpc-public:
        ipv4_address: 10.0.1.20
      vpc-private:
        ipv4_address: 10.0.2.20
    ports:
      - "127.0.0.1:8081:8080"
    depends_on:
      - db
    restart: unless-stopped

  db:
    image: postgres:16-alpine
    container_name: lab02-db
    environment:
      POSTGRES_PASSWORD: secret
    networks:
      vpc-private:
        ipv4_address: 10.0.2.10
    volumes:
      - db-data:/var/lib/postgresql/data
    restart: unless-stopped

volumes:
  db-data:

networks:
  vpc-public:
    name: lab02-vpc-public
    driver: bridge
    ipam:
      config:
        - subnet: 10.0.1.0/24
          gateway: 10.0.1.1

  vpc-private:
    name: lab02-vpc-private
    driver: bridge
    internal: true
    ipam:
      config:
        - subnet: 10.0.2.0/24
          gateway: 10.0.2.1

Comandi di Verifica

# Valida configurazione
docker compose -f docker-compose.yml config

# Mostra rete generate
docker compose -f docker-compose.yml config | grep -A 20 "Networks:"

# Crea rete senza avviare servizi
docker compose -f docker-compose.yml up --no-deps --no-start

# Ispeziona rete creata
docker network inspect lab02-vpc-public

Troubleshooting

Subnet Conflicts

# Verifica subnet in uso
docker network ls -q | xargs docker network inspect --format '{{.Name}}: {{range .IPAM.Config}}{{.Subnet}}{{end}}'

# Cambia subnet nel compose
ipam:
  config:
    - subnet: 10.0.10.0/24    # Usa CIDR diverso

Container Non Ottengono IP

# Rimuovi IP statici
# (lascia Docker assegnare automaticamente)
services:
  web:
    networks:
      - vpc-public    # Rimuovi ipv4_address

Vedi Anche

Reference in New Issue View Git Blame Copy Permalink