Don’t leave yourself unprotected, get the best protection by checking out BitDefender Premium Security at the link below. bit.ly/BitdefenderNC Today you are going to explore the mysterious world of Docker networking. From the default bridge to the blackhole of none. NetworkChuck is going to help you navigate this fascinating technology. 🔥🔥 Guide and Walkthrough: ntck.co/Docker-networking Follow Christian Everywhere: RUclips: ruclips.net/user/thedigitallifetech Twitter: @christian_tdl Instagram: christian_tdl Linkedin: Christian Lempa 0:00 ⏩ Intro 1:17 ⏩ What do you need? 2:19 ⏩ Let’s do this! 3:33 ⏩ The first network: The Default Bridge 10:44 ⏩ The second network: The User-defined Bridge 15:38 ⏩ The third but best network: The MACVLAN 22:51 ⏩ MACVLAN, trunked: MACVLAN 802.1q 25:01 ⏩ The fourth network: IPVLAN (L2) 27:05 ⏩ The fifth and my favorite network: IPVLAN (L3) 36:40 ⏩ The sixth network: Overlay network 37:35 ⏩ None 38:11 ⏩ Outro
Bitdefender used to be my go-to until it started quarantining everything on my computer including itself. They addressed it in an update later but the damage was done.
Finally, someone who explains it at a detailed level but also doesn’t assume everyone watching is a networking expert. This was the perfect video for this subject
I always thought Docker was dumb when you can just spin up a virtual machine, but after watching this my mind has changed. You can create dockers WAY MORE QUICKLY than installing new ISO's to VM's!! Thanks for this!
Biggest issue with my Cybersecurity degree is everything is online. Like, why am I even paying for this with little to no instructor interaction. There's a huge campus for the school too. 🤷♂️
This should be on the official Docker page. Absolutely fantastic!!!! Loved the content. Researching this has been mind numbing, but this right here, is the jackpot. It's amazing how you dig into the actual networking while still keeping everything light and entertaining.
Yeah, this is definitely what I needed right now. Diving into docker and had just a basic understanding of docker networking from prior use on my unraid server. Digging into the weeds of running my own docker containers managed through Portainer on a new enterprise server box I recently got for my homelab. The way you present this is just awesome!
I totally agree about that... He is a funny guy with a funny way to teach. I was using LXD/LXC for containerization but just a few weeks now I'm into Docker and this network stuff makes me happy because i figured it to run on LXC this way but did not know it was possible to use macvlan for Docker as well. So LXD goes and Docker stays with Portainer its realy funny and easy to use.
I am running a few dockers and VMs on a new Unraid Server now. Would love to connect we can share ideas? This video was perfect for me too, but even still, I get so confused on what is talking with what at times. I managed to get home assistant on Unraid but it isn't working externally, while other apps like Plex is working. My head is crazy
So cool. As mainly a front-end dev, I'm finding out it's STILL unavoidable to learn a bit about containers, deployment and networking. I've memorized enough of the basic workflows to get me by, but your explanations actually have me UNDERSTANDING what's going on under the hood, and why! Love your lingo, your playful approach, and ESPECIALLY your drawings. Makes me feel like cracking open my laptop on a Saturday night! Thanks Chuck!
As Chuck said, if you are using the default bridge network you can't use the docker dns with containers name as ip address, instead you can use the id of the container and it will work fine. Also you can get a container id by the environment variable named HOSTNAME that is automatically created with the container, so this way you don't need to hardcode the id.
At 7:27 the bridge data are stored inside a NoSQL database (MongoDB Document model) . It always uses JSON like syntax to store data inside the collection . Amazing
Chuck, great video, thanks for keeping this entertaining, as this topic be a bit dry when researching it on the docker docs. One additional tip that I like to do with docker networking is switching the networks the containers are connected too or adding the containers to existing docker networks. Instead of stopping and deleting the containers , I just run 'docker network connect | disconnect '. You may already be aware of it, it's just something I like to use, as I hate rebuilding the containers. Thanks again
I am doing this at home right now at 10pm , instead of playing a video game. I have screamed like 4 times at how cool and powerful this is. This is also solving a current project/contract I have. Can't thank you enough man!
Up your Terminal Foo: - Ctrl + A: Jump cursor to beginning of the line - Ctrl + E: Jump cursor to the end of the line - Ctrl + R: Back search command history, start typing and it finds the command, addl Ctrl + R to cycle through matches
This is crazy. Diving in some topic in software engineering is not difficult. The hardest part is how you gonna begin with it. Your video is the best guidance for the beginners. Thank you!
I wish I'd had this video a few years ago. It explains the subject so clearly. I've been using a messy workaround to get unique IPs for each of my containers, when Docker had the solution for me all along. Thanks for finally helping me understand it!
I feel like Chuck is the kind of guy who needs to learn something for a project or his work, then he researches and shares it. I don't think he has the capacity to keep anything for himself. What a guy, What a guy!
@9:35, rather than up a bunch of times use Ctrl+R, type a string match to the command you're looking for, it will lookup in your command history filtered by that string. If the first result isn't it pressing Ctrl+r again will go to the next most recent one, etc.
Dude I can’t tell you how much I appreciate your videos. I just deployed adguard as a docker container to my home network. You make it so much fun to work through. Thanks! Im learning a bunch.
The way you teach with examples and diagrams for visualization into a network, it makes Docker more interesting to learn. Really Appreciated. Thanks for the Video !!
By far the best video on "docker networks" I ever saw...and a saw a lot of them. Chuck, I just love your awesome work and knowledge sharing! Keep it going!
I am a programmer who joined this world after finishing my major in materials engineering. So, I do not have a formal education on computer stuff. But, I always try to learn stuff deeply, so I can better understand my work and navigate through stuff more easily. I beleive in order to be able to do the work like a pro, you need to understand your env well enough. These kind of videos which go through subjects throughly enough is really rare. We need more content like this in the internet. Thanks for this video man, it is great!
Hey Chuck, Awesome video! I would like to share some of my experience with you. You mentioned busybox images, from my personal security perspective I suggest never using these images in production (so it includes for example alpine linux image). The reason is simply as we all know containers are not the same type of isolation as hypervisor, all processes launched in container are visible to the host and we want to create the best security for our containers because of that - so we want the block some malicious commands inside our container like "mount" (this should definitely be blocked lol). Docker does that by default using awesome app called Apparmor and it's profiles, but the problem is busybox kind of boxes all of these normally separate executables in one big executable, meaning we cannot block specific commands, we must either block entire busybox or nothing as everything is inside one executable. THIS makes even the default apparmor profile not work and commands like MOUNT are available to container. VERY dangerous in production, so I do not personally suggest using busybox images for production.
Euhm mount is not available on alpine and docker block this command by default.... And don't forget that alpine is made to be used as docker image, and they can be used on most production environments
@@CyberFreaked this is incorrect mount is very much available in alpine linux images with exception of images that are non-root (of course people should use these, but some applications are just problematic in non root environment).
One of the driving reasons using docker is to get away from VMs. You add an extra layer of overheard by running docker on a VM. You can run docker any OS, though preferred is Linux. They are also very easy to clean up, so no real need to do a VM for that either
docker on windows is in my experience a massive headache, this is only local for development/testing so overhead doesn't matter. In production you likely (hopefully) aren't running win10
Not true. Docker only runs on Linux except if you're running Docker for windows with these gigabyte sized windows images that basically noone uses. Docker Desktop for Windows or MacOS ALWAYS RUNS ON A VM under the hood... Also literally noone wants to "get away from VMs" you run docker on top of VMs the vast majority of times, what docker gives you is a standardized way to deploy and run applications with all their dependencies in the correct versions included in an isolated and especially portable way.
@@meamzcs Ah...the correct dependencies in an isolated and portable way. I'll admit, this sounds great. Lean applications that work! But then you'll start to think a bit about the consequences of this approach. Unfortunately, with any approach you'll take to to tackle any kind of problem, there will be consequences. Docker (and all other forms of containerization, like flatpak, snap, appimage etc) will introduce more maintenance headache. In every company there is a division between people that are busy doing the new stuff and the rest that are tasked with maintenance of existing (legacy) production software. Docker is absolutely awesome for the people doing the new stuff. Going for the new stuff is by far more fun and therefore popular with everyone. But for maintenance of (legacy) production software you are creating a lot more maintenance headache. Some legacy production software is locked to certain versions of dll's, libraries and other forms of executable software. Looking for the new stuff is important for future direction of the company. Production software is the lifeblood that provides the income to allow the company to exist. Production software therefore needs to run. Doing maintenance within containers requires much more bandwidth from more people to do correctly. And as this production software really needs to run, maintenance also includes security. Containerization makes this part of maintenance more involved. Just saw a video from "Dave's Garage", a retired software engineer from Microsoft. He actually tested software performance on bare metal Linux against bare metal Windows against bare metal MacOS. And then repeated these tests with VMs running on these operating systems and then the same test in Docker, running on all operating systems. In his tests, bare metal Linux won the performance crown. Bare metal Windows was about 2% slower. Bare metal MacOS just below Windows. The same pattern occurred with the same tests in VMs. Virtualization imposed about an extra 3% loss of performance on each OS. With bare metal, you hardly notice the differences, with VMs the drop in performance does become noticeable to those attuned to such things. And then the Docker tests...those introduced a 15% loss in software performance. Anyone notices that, and usually warrants the purchase of a new business class server with proper licensing. Or more monthly subscription costs for (serious) hardware in the Cloud. The money saved by making the job of the persons involved with the new stuff easier, is doubly spent at the side that provides the company's income. More operational maintenance and costs against convenience. Don't expect Docker (or other containers) to take over from VMs. Containers absolutely have their place and really are interesting as a concept. Definitely more fun than VMs or bare metal. But a replacement? In many cases it isn't, once you'll calculate the actual costs. A 15% drop of performance with Docker was larger than I expected. Production software that runs at peek performance will generate more income. So that 15% performance drop "bites" the company twice (loss of income and extra costs to make up the lost performance). Have fun selling that in the next budget meeting.
Bro you are the best thanks, I wanted to run pihole on my mini server for ages but couldn't because of apache, now I can run both in parallel. I searched the internet but no one explained it as detailed and simple as you. I will name my first born after you 😁
Very helpful video. I want to lean more about the IPVLAN L3 but need to understand port forwarding a bit more since I only have a single public IP on my home network (FiOS router) and from there my lab network is on a totally different IP network using a pfSense router and HAProxy. One thing though… I think you forgot to include “container” as a network type. For example, I have a VPN container and then have multiple other containers running inside it. The other containers do not get their own IPs or ports. The VPN uses user-defined bridged network and the ports are mapped inside that container. This lets me choose which containers on my host run through the VPN and which do not.
Great video. Question: What tool do you use to annotate your screen? What do you use to sketch? Also any recommendations for zoom utility for Ubuntu so we can zoom into something during presentations. (Sorry if you have answered these before; if so, please point me to them).
I am commenting without completing this video yet... but this is like my best docker networking video yet... after watching that of your buddy you keep bringing up... the animation your video and moving things around nailed it for me... great job ... Thank you so much...
On the docker image make sure net-tools and iproute2 are installed or "docker inspect bridge " won't show container info like you see on his screen. Joe
Has anyone ever told you that you're an amazing teacher and motivator towards learning? If not, You are an amazing teach and motivator!!!! Great video.
Duuuude, the fact that you said coffee a million times made me want one. I'm gaming and have your video in background on 2nd monitor. I don't even need coffee right now. You just got a new subscriber.
Not every software you run needs network connections, lets suppose you're running something that just processing files on disk, no network necessary but you still benefit from resource isolation of cgroups.
Dear Chuck, I have been slowly rolling into Docker. It really becomes fun with your elaboration, especially on networking. It makes a pretty complex thing more accessible. Thanks!🤘
Sir, this has been the most useful video on docker (in general, even disregarding networking specific) that I have ever seen. Thanks. I have been able to use it to explain docker networking to friends sysadmins who always complain about and hate using docker. They usually hate it because they're from the cold hard metal generation, and they think this is just adding points of failure, which, of course, is valid if you're already using clusters and clones for all your hosts anyway etc. but still. Thanks! By the way, for me it's tea. Really expensive tea though, I usually buy it in Thailand (kilos if I'm ever there, which makes the trip cheaper in a way). Thailand knows what tea should taste like. Even their ice-teas are amazing. You should try ichitan blooming green tea for example. So good! Anyway, thanks again!
Great tut as usual. Been using Bitdefender for a couple years now, had to reset my two Windoze computers to get rid of Norton. Bitdefender provides a UN-install tool, which is one reason I made the switch. You need a Ember coffee cup. My daughter gave me one for X-mas this year, no more cold coffee for me. Thanks for all the great content, I'm learning a lot, keep it up.
Grabbing a coffee myself for this one. I was "exposed" to docker networking when I put all my "network services" including DHCP and DNS into docket containers. Then I created several MQTT networks, including internal docket MQTT servers for software use and external MQTT servers for real devices. The main downside to docker I find is just how much spam it puts into outputs like "mount" and "ifconfig", I think mine shows close to 60 different network endpoints in there. It's annoying.
I'm a retired PCB designer/embedded with no intense IT background. I setup a home Ubuntu server, and was curious about docker. My take away: Thank you.
I like docker even more now. Thought at first containers where any easy way to setup small vm's or to quickly run programs without having to setup environment/dependences . However this video opens up whole new world of virtualized networking. Great video
You are a great man. You're prolonging it a little bit, but there is no good narrator like you. I don't speak English but still solved my problems. Thanks bro.
Greetings from Ontario Canada! Thank you so much for this video. It has helped me open up my existing dockers to my main network... Something I've been looking to accomplish for some time now.
Great content. Gave me enough to delve deeper into container networking. Slight differences between docker and podman (that threw me for a second - podman inspect on a container bridge doesn't show you container IP addresses), but that hasn't stopped me from learning some very useful stuff. Thanks!
Such an excellent video. Quick, concise, with examples, no fluff. You could spend a couple of days in a dull class on this or 2h watching this video and stepping through the examples yourself. Thank you!
I respect Chuck (longtime follower), however I disagree a bit here. With the rising popularity of managed Kubernetes, networking details are obstructed so that developers/DevOps engineers can focus more on the application. I'd recommend prioritize learning Kubernetes, along with essential Docker concepts (like Dockerfile) for interviews, and real world projects, with less focus on Docker networking. Much love to Chuck, keep inspiring students like me.
Dude wtf I love IT and I'm competent with computers but there's so much I wanted to learn but didn't cause I only found dull and sad videos. You're my new favourite channel, I'll learn so much! Thanks for all!
Thanks you so much. I needed this for setting up a docker container as a wireguard client to a remote network. The container is now the gateway for the other physical machines in my network too.
This was a great video as I currently have three containers running and was about to build nginx container. I followed someone else instructions and I jacked up their networking instructions where I created a bridge network that went no where. After discovering I could not get the repository open inside Docker. It was more my fault I kind of forgot my IP addressing and subnet binary after not dealing with it routinely for the past 14 years since I retired from my IT position.. Anyway I needed to understand the networking portion better with Docker and you hit the nail on the head! Beautiful, thank you!
A great overview of Docker networking modes with their pluses and minuses. Defiantly worth a view and review when you are about to play or setup some new Docker systems.
Man I love your videos! From the bottom of my heart thank you so much for your educational IT videos. You make it fun and not so serious but at the end I end up learning more than I do from any other videos. Thanks Chuck!
Bang! This is amazing! I just started getting familiar with Docker recently but the networking part was bit of a mist. Now your video hit the light!!! THANK YOU!
9:53 I have been trying to deploy Nginx on a container for a while now but whenever I went to view it on port 80 it never worked... I searched everywhere for a solution, stack overflow, reddit, github, nothing. But then today out of nowhere, I found this video..Thank you so much man!
OMG this is some of the coolest IT I have ever seen I deal with VMs on a daily basis but this is a whole other level of awesome, thanks Chuck and may the Lord continue to bless your channel!
I'll just replay this a few thousand times over and over until there's nothing left in my brain except this video and a desire for Network Chucks super hi caf coffee.
I have a hard time sitting down to read anything (ADD), so my default is audiobooks, youtube videos and things like that. Time and time again, when I am up against a wall crying in a corner like I'm installing Arch, I'll search for explanations for my obstacle and most times, I'll wind up here and almost always, the solution to my mental block is here.
IPVlan L3 and Overlay networking reminds me of NSX. The L3 networks are essentially the different network segments and the Linux host is the ESXi host with the T0 or T1 routers on them.... and the overlay network is the same=TEP. I've been a VMware Engineer for so long, and have always "understood" networking, but now getting into these newer concepts of NSX-T, Docker/Containers, Kubernetes.....the networking has me actually excited to learn more of what's capable. Not to mention, your way of explaining and presenting the information is incredible and effective.
Don’t leave yourself unprotected, get the best protection by checking out BitDefender Premium Security at the link below.
bit.ly/BitdefenderNC
Today you are going to explore the mysterious world of Docker networking. From the default bridge to the blackhole of none. NetworkChuck is going to help you navigate this fascinating technology.
🔥🔥 Guide and Walkthrough: ntck.co/Docker-networking
Follow Christian Everywhere:
RUclips: ruclips.net/user/thedigitallifetech
Twitter: @christian_tdl
Instagram: christian_tdl
Linkedin: Christian Lempa
0:00 ⏩ Intro
1:17 ⏩ What do you need?
2:19 ⏩ Let’s do this!
3:33 ⏩ The first network: The Default Bridge
10:44 ⏩ The second network: The User-defined Bridge
15:38 ⏩ The third but best network: The MACVLAN
22:51 ⏩ MACVLAN, trunked: MACVLAN 802.1q
25:01 ⏩ The fourth network: IPVLAN (L2)
27:05 ⏩ The fifth and my favorite network: IPVLAN (L3)
36:40 ⏩ The sixth network: Overlay network
37:35 ⏩ None
38:11 ⏩ Outro
Okay
Learn language correction by David wyn Miller through mathematical interface.
ruclips.net/video/6iJQETEJNQc/видео.html
Bitdefender used to be my go-to until it started quarantining everything on my computer including itself. They addressed it in an update later but the damage was done.
You're one of my favorite teachers Chuck! I invested in networkchuck academy because I believe in you
Finally, someone who explains it at a detailed level but also doesn’t assume everyone watching is a networking expert. This was the perfect video for this subject
I so hear you!!!
Yeah, this is the one where it all made sense finally for me.
Yeah, like that prick who teaches C# on RUclips
I always thought Docker was dumb when you can just spin up a virtual machine, but after watching this my mind has changed. You can create dockers WAY MORE QUICKLY than installing new ISO's to VM's!! Thanks for this!
Admit now.... We all want a Teacher Like Him💯💕💕💕💯
How do you mean? We *have* him as a teacher, all you need to learn is to pay attention for 30mins. And its free.
@@sliceoflife5812 bro i meant... We need teachers like him at college.... 🙂
@@sliceoflife5812 Be cool my friend.... He may be joking🙂
Biggest issue with my Cybersecurity degree is everything is online. Like, why am I even paying for this with little to no instructor interaction. There's a huge campus for the school too. 🤷♂️
He's gives tid bits of knowledge. There is a reason he quit cbt.
This should be on the official Docker page. Absolutely fantastic!!!! Loved the content. Researching this has been mind numbing, but this right here, is the jackpot. It's amazing how you dig into the actual networking while still keeping everything light and entertaining.
Yeah, this is definitely what I needed right now. Diving into docker and had just a basic understanding of docker networking from prior use on my unraid server. Digging into the weeds of running my own docker containers managed through Portainer on a new enterprise server box I recently got for my homelab. The way you present this is just awesome!
I totally agree about that... He is a funny guy with a funny way to teach. I was using LXD/LXC for containerization but just a few weeks now I'm into Docker and this network stuff makes me happy because i figured it to run on LXC this way but did not know it was possible to use macvlan for Docker as well. So LXD goes and Docker stays with Portainer its realy funny and easy to use.
I am running a few dockers and VMs on a new Unraid Server now. Would love to connect we can share ideas? This video was perfect for me too, but even still, I get so confused on what is talking with what at times. I managed to get home assistant on Unraid but it isn't working externally, while other apps like Plex is working. My head is crazy
yes yes I too am running docker containers managed through Portainer on my "enterprise server" cough .. raspberry pi with OMV ... cough
I've been doing Docker for many years and it's still great to get an all-in-one summary of docker networking which can seem like wizardry at times.
One network shortcut I like is “ip -br a” which hides a lot of the cruft and just lists the adapters and addresses.
Try ip -4 -br a
brah . . . :)
Seriously man, I haven't seen somebody so passionate explaining networking stuff. Thanks for the explanation and elaboration, it was fantastic!
He's Network Chuck ;)
So cool. As mainly a front-end dev, I'm finding out it's STILL unavoidable to learn a bit about containers, deployment and networking. I've memorized enough of the basic workflows to get me by, but your explanations actually have me UNDERSTANDING what's going on under the hood, and why! Love your lingo, your playful approach, and ESPECIALLY your drawings. Makes me feel like cracking open my laptop on a Saturday night! Thanks Chuck!
As Chuck said, if you are using the default bridge network you can't use the docker dns with containers name as ip address, instead you can use the id of the container and it will work fine. Also you can get a container id by the environment variable named HOSTNAME that is automatically created with the container, so this way you don't need to hardcode the id.
This was by far the best explanation on docker networking I have ever seen. Throw away all books and watch this. Thanks a million. Great stuff
At 7:27 the bridge data are stored inside a NoSQL database (MongoDB Document model) . It always uses JSON like syntax to store data inside the collection . Amazing
Chuck, great video, thanks for keeping this entertaining, as this topic be a bit dry when researching it on the docker docs. One additional tip that I like to do with docker networking is switching the networks the containers are connected too or adding the containers to existing docker networks. Instead of stopping and deleting the containers , I just run 'docker network connect | disconnect '. You may already be aware of it, it's just something I like to use, as I hate rebuilding the containers. Thanks again
Boom ty
I never seen a teacher like you chuck .. y make the IT easy and funny good luck chuck
I am doing this at home right now at 10pm , instead of playing a video game. I have screamed like 4 times at how cool and powerful this is. This is also solving a current project/contract I have. Can't thank you enough man!
This is perfect! I’ve been looking into learning more about docker and your videos always have the information I’m looking for.
Up your Terminal Foo:
- Ctrl + A: Jump cursor to beginning of the line
- Ctrl + E: Jump cursor to the end of the line
- Ctrl + R: Back search command history, start typing and it finds the command, addl Ctrl + R to cycle through matches
The L3 IP vlan is amazing! Unique IP for each container is much better than trying to map ports to every container
Man, usually I don't like to leave comments, but not today! Amazing explanation and material supply! 5 stars⭐
This is crazy. Diving in some topic in software engineering is not difficult. The hardest part is how you gonna begin with it. Your video is the best guidance for the beginners. Thank you!
Finally a real expert that is not scared to real time test-Lab/teaching amazing guy, all the best for Chuck!
I wish I'd had this video a few years ago. It explains the subject so clearly. I've been using a messy workaround to get unique IPs for each of my containers, when Docker had the solution for me all along. Thanks for finally helping me understand it!
I feel like Chuck is the kind of guy who needs to learn something for a project or his work, then he researches and shares it. I don't think he has the capacity to keep anything for himself. What a guy, What a guy!
@9:35, rather than up a bunch of times use Ctrl+R, type a string match to the command you're looking for, it will lookup in your command history filtered by that string.
If the first result isn't it pressing Ctrl+r again will go to the next most recent one, etc.
Dude I can’t tell you how much I appreciate your videos. I just deployed adguard as a docker container to my home network. You make it so much fun to work through. Thanks! Im learning a bunch.
This is probably the most comprehensive Docker Networking tutorial of any kind and it is under 40 mins. NetworkChuck you are awesome !
The way you teach with examples and diagrams for visualization into a network, it makes Docker more interesting to learn.
Really Appreciated.
Thanks for the Video !!
By far the best video on "docker networks" I ever saw...and a saw a lot of them. Chuck, I just love your awesome work and knowledge sharing! Keep it going!
I am a programmer who joined this world after finishing my major in materials engineering. So, I do not have a formal education on computer stuff. But, I always try to learn stuff deeply, so I can better understand my work and navigate through stuff more easily.
I beleive in order to be able to do the work like a pro, you need to understand your env well enough. These kind of videos which go through subjects throughly enough is really rare. We need more content like this in the internet.
Thanks for this video man, it is great!
Hey Chuck,
Awesome video! I would like to share some of my experience with you. You mentioned busybox images, from my personal security perspective I suggest never using these images in production (so it includes for example alpine linux image). The reason is simply as we all know containers are not the same type of isolation as hypervisor, all processes launched in container are visible to the host and we want to create the best security for our containers because of that - so we want the block some malicious commands inside our container like "mount" (this should definitely be blocked lol). Docker does that by default using awesome app called Apparmor and it's profiles, but the problem is busybox kind of boxes all of these normally separate executables in one big executable, meaning we cannot block specific commands, we must either block entire busybox or nothing as everything is inside one executable. THIS makes even the default apparmor profile not work and commands like MOUNT are available to container. VERY dangerous in production, so I do not personally suggest using busybox images for production.
I think he was using busybox just so he could enter the containers and run commands like ping and ip addr, don't think he said to use it in prod
Euhm mount is not available on alpine and docker block this command by default....
And don't forget that alpine is made to be used as docker image, and they can be used on most production environments
@@grmancool Hey, yes I know, it's just information comment for other people trying out docker :)
@@CyberFreaked this is incorrect mount is very much available in alpine linux images with exception of images that are non-root (of course people should use these, but some applications are just problematic in non root environment).
better idea: use buildah to create your images and only have the absolute minimum in them what you actually need instead of basing it on an OS image
I keep coming back to this video, it's such a great tutorial and explanation of each network mode.
You know he's in serious mode when he's not doing it on LieNode.
Is linode no good?
@@MrMustachehead for lab environment I love it. But I wouldn't use it for critical production environments
@@bieggerm what would you use instead?
@@dynapilot definitely some hyperscaler
Man, what a video! Absolute MUST for everyone that is working and learning Docker. Thank you for providing so valuable information!
One of the driving reasons using docker is to get away from VMs. You add an extra layer of overheard by running docker on a VM. You can run docker any OS, though preferred is Linux. They are also very easy to clean up, so no real need to do a VM for that either
docker on windows is in my experience a massive headache, this is only local for development/testing so overhead doesn't matter. In production you likely (hopefully) aren't running win10
Not true. Docker only runs on Linux except if you're running Docker for windows with these gigabyte sized windows images that basically noone uses. Docker Desktop for Windows or MacOS ALWAYS RUNS ON A VM under the hood... Also literally noone wants to "get away from VMs" you run docker on top of VMs the vast majority of times, what docker gives you is a standardized way to deploy and run applications with all their dependencies in the correct versions included in an isolated and especially portable way.
@@meamzcs Ah...the correct dependencies in an isolated and portable way. I'll admit, this sounds great. Lean applications that work!
But then you'll start to think a bit about the consequences of this approach. Unfortunately, with any approach you'll take to to tackle any kind of problem, there will be consequences. Docker (and all other forms of containerization, like flatpak, snap, appimage etc) will introduce more maintenance headache. In every company there is a division between people that are busy doing the new stuff and the rest that are tasked with maintenance of existing (legacy) production software.
Docker is absolutely awesome for the people doing the new stuff. Going for the new stuff is by far more fun and therefore popular with everyone. But for maintenance of (legacy) production software you are creating a lot more maintenance headache. Some legacy production software is locked to certain versions of dll's, libraries and other forms of executable software. Looking for the new stuff is important for future direction of the company. Production software is the lifeblood that provides the income to allow the company to exist. Production software therefore needs to run. Doing maintenance within containers requires much more bandwidth from more people to do correctly. And as this production software really needs to run, maintenance also includes security. Containerization makes this part of maintenance more involved.
Just saw a video from "Dave's Garage", a retired software engineer from Microsoft. He actually tested software performance on bare metal Linux against bare metal Windows against bare metal MacOS. And then repeated these tests with VMs running on these operating systems and then the same test in Docker, running on all operating systems.
In his tests, bare metal Linux won the performance crown. Bare metal Windows was about 2% slower. Bare metal MacOS just below Windows. The same pattern occurred with the same tests in VMs. Virtualization imposed about an extra 3% loss of performance on each OS. With bare metal, you hardly notice the differences, with VMs the drop in performance does become noticeable to those attuned to such things. And then the Docker tests...those introduced a 15% loss in software performance. Anyone notices that, and usually warrants the purchase of a new business class server with proper licensing. Or more monthly subscription costs for (serious) hardware in the Cloud.
The money saved by making the job of the persons involved with the new stuff easier, is doubly spent at the side that provides the company's income. More operational maintenance and costs against convenience. Don't expect Docker (or other containers) to take over from VMs. Containers absolutely have their place and really are interesting as a concept. Definitely more fun than VMs or bare metal. But a replacement? In many cases it isn't, once you'll calculate the actual costs.
A 15% drop of performance with Docker was larger than I expected. Production software that runs at peek performance will generate more income. So that 15% performance drop "bites" the company twice (loss of income and extra costs to make up the lost performance). Have fun selling that in the next budget meeting.
@geroldmanders9742 Not seeing this performance loss you are claiming in my testing
His excitement is contagious. And I barely know anything about networks.
Excellent video. And I love the enthusiasm and appreciation of just how incredibly cool it is to create virtual networks of all kinds.
Bro you are the best thanks, I wanted to run pihole on my mini server for ages but couldn't because of apache, now I can run both in parallel.
I searched the internet but no one explained it as detailed and simple as you.
I will name my first born after you 😁
Very helpful video. I want to lean more about the IPVLAN L3 but need to understand port forwarding a bit more since I only have a single public IP on my home network (FiOS router) and from there my lab network is on a totally different IP network using a pfSense router and HAProxy. One thing though… I think you forgot to include “container” as a network type. For example, I have a VPN container and then have multiple other containers running inside it. The other containers do not get their own IPs or ports. The VPN uses user-defined bridged network and the ports are mapped inside that container. This lets me choose which containers on my host run through the VPN and which do not.
You don't seem like a typical teacher; it appears more like you've accomplished something significant and are now proudly displaying it.
you're still using virtual box instead of WSL?
The elephant in the room is: WHY WSL? WHY VIRTUALBOX? Just go native Linux! 🤓
Man, I'm a Brazilian and come to your channel to watch funny and instructive videos ❤❤
Great video. Question: What tool do you use to annotate your screen? What do you use to sketch? Also any recommendations for zoom utility for Ubuntu so we can zoom into something during presentations. (Sorry if you have answered these before; if so, please point me to them).
I am commenting without completing this video yet... but this is like my best docker networking video yet... after watching that of your buddy you keep bringing up... the animation your video and moving things around nailed it for me... great job ... Thank you so much...
You are just an amazing teacher 😊
Duuude, seriously, the one most epic videos every docker tutorial is missing. Explained in depth and high speed..... I love this shit! Thanks
Love the effort u put in to edit ur videos
It's amazing how *basic* concepts that have existed for decades blow the minds off people reading a hello world tutorial on virtual networking.
it is awesome! thank you for straightforward explanation! cheers!
On the docker image make sure net-tools and iproute2 are installed or "docker inspect bridge " won't show container info like you see on his screen. Joe
I lost you at 0:01
omg thx, you so clean talking about this networks, my task to add our microservices in docker closed in time )
Thanks that was one awesome style of sharing; mad learning; love it
Has anyone ever told you that you're an amazing teacher and motivator towards learning? If not,
You are an amazing teach and motivator!!!! Great video.
Love ❤️ ur videos best teachers
Thank you!
Love ur videos very encouraging pls keep going making new content
Thank you ❤️
Duuuude, the fact that you said coffee a million times made me want one. I'm gaming and have your video in background on 2nd monitor. I don't even need coffee right now. You just got a new subscriber.
Hi, really good content. May I ask you one use case of the "none" network ?
Not every software you run needs network connections, lets suppose you're running something that just processing files on disk, no network necessary but you still benefit from resource isolation of cgroups.
Dear Chuck, I have been slowly rolling into Docker. It really becomes fun with your elaboration, especially on networking. It makes a pretty complex thing more accessible. Thanks!🤘
At 39:11, you wrote 'docker entrork" and it somehow autocorrected to 'docker network'. How did you do it?
By pressing the Tab key
Sir, this has been the most useful video on docker (in general, even disregarding networking specific) that I have ever seen. Thanks. I have been able to use it to explain docker networking to friends sysadmins who always complain about and hate using docker. They usually hate it because they're from the cold hard metal generation, and they think this is just adding points of failure, which, of course, is valid if you're already using clusters and clones for all your hosts anyway etc. but still. Thanks! By the way, for me it's tea. Really expensive tea though, I usually buy it in Thailand (kilos if I'm ever there, which makes the trip cheaper in a way). Thailand knows what tea should taste like. Even their ice-teas are amazing. You should try ichitan blooming green tea for example. So good! Anyway, thanks again!
Oh Man, those drawings, make things so much clearer, than trying to read through heavy detailed and cumbersome documentation
Great tut as usual. Been using Bitdefender for a couple years now, had to reset my two Windoze computers to get rid of Norton. Bitdefender provides a UN-install tool, which is one reason I made the switch. You need a Ember coffee cup. My daughter gave me one for X-mas this year, no more cold coffee for me. Thanks for all the great content, I'm learning a lot, keep it up.
I suddenly have an urge to boot up my old not so silent xxiv port cisco switch..
Urge = plugging it in now. What a sight!!
Excellent video.
If there is anyone who makes tech as easy as a piece of cake it is Network chuck!
Grabbing a coffee myself for this one. I was "exposed" to docker networking when I put all my "network services" including DHCP and DNS into docket containers. Then I created several MQTT networks, including internal docket MQTT servers for software use and external MQTT servers for real devices.
The main downside to docker I find is just how much spam it puts into outputs like "mount" and "ifconfig", I think mine shows close to 60 different network endpoints in there. It's annoying.
I'm a retired PCB designer/embedded with no intense IT background. I setup a home Ubuntu server, and was curious about docker. My take away:
Thank you.
I like docker even more now. Thought at first containers where any easy way to setup small vm's or to quickly run programs without having to setup environment/dependences . However this video opens up whole new world of virtualized networking. Great video
You are a great man. You're prolonging it a little bit, but there is no good narrator like you. I don't speak English but still solved my problems. Thanks bro.
You have only succeeded in showing me how ignorant i am about networking, didnt learn anything here. but i'll now have to go study networking.
This blew my mind! Thx Chuck!!
I try before to run some dockers and i was annoyed but now im more clear about how they works and I dont see that complicated anymore! Thank you!
Greetings from Ontario Canada! Thank you so much for this video. It has helped me open up my existing dockers to my main network... Something I've been looking to accomplish for some time now.
Great content. Gave me enough to delve deeper into container networking. Slight differences between docker and podman (that threw me for a second - podman inspect on a container bridge doesn't show you container IP addresses), but that hasn't stopped me from learning some very useful stuff. Thanks!
Such an excellent video. Quick, concise, with examples, no fluff. You could spend a couple of days in a dull class on this or 2h watching this video and stepping through the examples yourself. Thank you!
I respect Chuck (longtime follower), however I disagree a bit here. With the rising popularity of managed Kubernetes, networking details are obstructed so that developers/DevOps engineers can focus more on the application. I'd recommend prioritize learning Kubernetes, along with essential Docker concepts (like Dockerfile) for interviews, and real world projects, with less focus on Docker networking. Much love to Chuck, keep inspiring students like me.
I've been using the default bridge for years and didn't know the others existed. Thanks for a great overview!
This video is crazy good. Presentation, content, graphics, format all 100%
Dude wtf I love IT and I'm competent with computers but there's so much I wanted to learn but didn't cause I only found dull and sad videos. You're my new favourite channel, I'll learn so much!
Thanks for all!
Thanks you so much.
I needed this for setting up a docker container as a wireguard client to a remote network. The container is now the gateway for the other physical machines in my network too.
It's cool, it's nice, I'm using docker so I'll be fine.
When I started with docker, it was an overwhelming to understand all networking options. This is a great overview and explanation. Nice work.
This was a great video as I currently have three containers running and was about to build nginx container. I followed someone else instructions and I jacked up their networking instructions where I created a bridge network that went no where. After discovering I could not get the repository open inside Docker. It was more my fault I kind of forgot my IP addressing and subnet binary after not dealing with it routinely for the past 14 years since I retired from my IT position.. Anyway I needed to understand the networking portion better with Docker and you hit the nail on the head! Beautiful, thank you!
I might never have understood so much about networking in so little time .. absolutely exceptional, thank you!!
A great overview of Docker networking modes with their pluses and minuses. Defiantly worth a view and review when you are about to play or setup some new Docker systems.
This is probably the best explanation video on docker networks that I've ever seen. Great job!
Man I love your videos! From the bottom of my heart thank you so much for your educational IT videos. You make it fun and not so serious but at the end I end up learning more than I do from any other videos. Thanks Chuck!
Absolute best video on Docker networking. I've just recently moved away from the default docker network , nice to learn the different types.
I liked that fact you left your mistakes in and explained why it didnt work and what you did to fix it. Huge plus from, and a sub.
Bang! This is amazing! I just started getting familiar with Docker recently but the networking part was bit of a mist. Now your video hit the light!!!
THANK YOU!
9:53 I have been trying to deploy Nginx on a container for a while now but whenever I went to view it on port 80 it never worked... I searched everywhere for a solution, stack overflow, reddit, github, nothing. But then today out of nowhere, I found this video..Thank you so much man!
OMG this is some of the coolest IT I have ever seen I deal with VMs on a daily basis but this is a whole other level of awesome, thanks Chuck and may the Lord continue to bless your channel!
I didn't need to learn docker but always enjoy the way you create ya videos, flawlessly superb..
I usually hate network or any low level stuffs but you make it so funny. I had to watch till the end. Well done.
I'll just replay this a few thousand times over and over until there's nothing left in my brain except this video and a desire for Network Chucks super hi caf coffee.
Covers a lot and moves along nicely. Appreciate the content.
I have a hard time sitting down to read anything (ADD), so my default is audiobooks, youtube videos and things like that. Time and time again, when I am up against a wall crying in a corner like I'm installing Arch, I'll search for explanations for my obstacle and most times, I'll wind up here and almost always, the solution to my mental block is here.
Just no words Chuck. More than gratitude sir. Keep doing what you do.
This is maybe the most important video I've ever watched on youtube
This video is absolutely incredible. To top it off - awesome quality, well spoken, and fun. Thank you! Subscribed!
IPVlan L3 and Overlay networking reminds me of NSX. The L3 networks are essentially the different network segments and the Linux host is the ESXi host with the T0 or T1 routers on them.... and the overlay network is the same=TEP. I've been a VMware Engineer for so long, and have always "understood" networking, but now getting into these newer concepts of NSX-T, Docker/Containers, Kubernetes.....the networking has me actually excited to learn more of what's capable.
Not to mention, your way of explaining and presenting the information is incredible and effective.
I love you went into the details of what's causing problem on the network switch.