Is There A Reason Oui Containers Say Single Service Only?

How To Communicate Betwixt Docker Containers

You've gone through the quickstarts and you've run your first Docker containers. But now you lot're struggling to understand how to run more than one container at the same time. If Docker containers are isolated, then how the heck do they communicate with each other?

Modernistic apps consist of dissimilar components that need to communicate with each other.

In the real world, beyond the realm of the elementary hello-world tutorial, running merely one container isn't enough for nigh apps. A modern awarding typically consists of a few components – such as a database, a web server, or some microservices.

So if you want to run all of your components in containers, how tin can the applications talk to each other?

How do containers communicate with each other, if they're supposed to be isolated?

In this article, nosotros'll look at simple communication between Docker containers, when they are running on the same host (which is sometimes called single-host networking).

Advertisements

How do containers communicate?

Beginning, a quick overview! Although containers have a level of isolation from the environs around them, they often need to communicate with each other, and the outside world.

Networking or file sharing?

Two containers tin talk to each other in one of two means, usually:

• Communicating through networking: Containers are designed to be isolated. Just they tin transport and receive requests to other applications, using networking.

  For case: a web server container might expose a port, so that it tin receive requests on port 80. Or an application container might make a connection to a database container.

• Sharing files on disk: Some applications communicate by reading and writing files. These kinds of applications tin communicate by writing their files into a volume, which can also be shared with other containers.

  For instance: a data processing awarding might write a file to a shared volume which contains customer data, which is then read by some other awarding. Or, two identical containers might even share the same files.

File sharing is peachy, but…. for this article, nosotros'll look at applications that use networking every bit the primary way they either expose or consume services.

We'll talk most how to ready a network, which allows Docker containers on the same host to communicate with other.

Communication betwixt containers with networking

Near container-based applications talk to each other using networking. This basically means that an application running in one container will create a network connectedness to a port on another container.

Advertisements

For instance, an application might telephone call a Residual or GraphQL API, or open a connexion to a database.

Containers are platonic for applications or processes which expose some sort of network service. The most well-known examples of these kinds of applications are:

• Web servers - east.g. Nginx, Apache

• Backend applications and APIs - east.g. Node, Python, JBoss, Wildfly, Leap Boot

• Databases and data stores - east.g. MongoDB, PostgreSQL

There are more examples, but these are probably the most common ones!

With Docker, container-to-container advice is usually done using a virtual network.

Edifice your (Virtual) Network

If you are running more than ane container, you tin let your containers communicate with each other by attaching them to the same network.

A Docker network lets your containers communicate with each other

Docker creates virtual networks which let your containers talk to each other. In a network, a container has an IP address, and optionally a hostname.

You tin create different types of networks depending on what you would like to do. We'll embrace the easiest options:

• The default bridge network, which allows uncomplicated container-to-container advice by IP address, and is created by default.

• A user-divers span network, which you create yourself, and allows your containers to communicate with each other, by using their container name equally a hostname.

Default bridge network (easiest pick)

The simplest network in Docker is the span network. It'south too Docker'south default networking driver.

A bridge network allows containers to communicate with each other

Source: Vektorarte/Freepik

A bridge network gives you simple advice between containers on the aforementioned host.

When Docker starts upwards, information technology will create a default network called… span. 🤔 It should start automatically, without whatever configuration required past yous.

From that point onwards, all containers are added into to the bridge network, unless you say otherwise.

In a bridge network, each container is assigned its ain IP address. So containers can communicate with each other by IP.

So let's see an example of using the default bridge network.

How to use the default bridge network

Hither's how to use the span network to get two Docker containers on the same host to talk to each other:

1. Check that the bridge network is running: Y'all tin check information technology'due south running past typing docker network ls. This should show the bridge network in the listing.

                     $ docker network ls NETWORK ID     Proper noun      DRIVER    SCOPE acce5c7fd02b   bridge    bridge    local a6998b3cf420   host      host      local d7f563b21fc6   none      cipher      local                                  

2. Start your containers: Kickoff your containers as normal, with docker run. When you start each container, Docker volition add it to the span network.

   (If you prefer, you lot can be explicit well-nigh the network connection by adding --cyberspace=bridge to the docker run command.)

3. Accost another container by its IP address: At present one container can talk to another, by using its IP accost.

   You'l need to know the IP address of the container - check the little box below to notice out how.

How practise you find out the IP address of a Docker container?

To find the IP addresses of a container, expect at the output of the docker inspect command:

                $ docker inspect <container_id> | grep IPAddress             "IPAddress": "172.17.0.2",                              

Example

Here's a complete case. I'll start an nginx container. Then I'll beginning a busybox container alongside nginx, and effort to make a request to Nginx with wget:

                              # Start an nginx container, give it the name 'mynginx' and run in the background                $                docker run                --rm                --name                mynginx                --detach                nginx                # Become the IP address of the container                $                docker inspect mynginx |                grep                IPAddress                "IPAddress":                "172.17.0.two",                # Or, if you have 'jq' installed - here'due south a funky way to get the IP accost                $                                sudo                docker inspect mynginx | jq                '.[].NetworkSettings.Networks.bridge.IPAddress'                "172.17.0.two"                # Run busybox (a utility container). It volition join the span network                $                docker run                -information technology                busybox sh                # Fetch the nginx homepage by using the container'south IP address                busybox$                wget                -q                -O                - 172.17.0.two:80 <!DOCTYPE html> <html> <head                >                <title>Welcome to nginx!</title> <style>                # Voila! The nginx homepage!                          

How to check if a container is in the bridge network

If y'all want to run into how all this magic works, y'all can check which containers are in a Docker network.

Use the docker network inspect bridge command. This will show y'all the containers currently attached to the bridge network:

                                  $                                    sudo                  docker inspect bridge ...                  "Containers":                  {                  "1cdc34001e9f5b109836d...":                  {                  "Name":                  "vibrant_tesla",                  # This is my busybox container                  "EndpointID":                  "6d51e27f9277bf2...",                  "MacAddress":                  "02:42:air-conditioning:11:00:03",                  "IPv4Address":                  "172.17.0.iii/16",                  "IPv6Address":                  ""                  },                  "dbb6b814d0f11bfcad11e...":                  {                  "Name":                  "mynginx",                  # This is my nginx container                  "EndpointID":                  "aa65052c8c4e26fd...",                  "MacAddress":                  "02:42:air-conditioning:11:00:02",                  "IPv4Address":                  "172.17.0.two/16",                  "IPv6Address":                  ""                  }                  }, ...                              

The default bridge is….. fine…. simply it means every container tin can see every other container.

What you lot probably want is: a user-divers network, and so that you lot can exist more granular nigh which containers tin can see each other.

Let's look at that option.

User-defined bridge: the more sensible option

If you only use the default bridge network, then all your containers can see and admission other containers' ports. This isn't always what you desire!

Another "feature" of the default bridge network, is that containers tin only talk to each other by their IP accost. Plainly, this is a bit brittle, because IP addresses can change.

Advertisements

The 2d choice, the user-defined bridge, lets you accept a scrap more control.

Go more command, with a user-defined span

To let Docker containers communicate with each other by proper name, yous can create a user-defined span network. In a user-divers bridge network, you tin can be more explicit about who joins the network, and you get an added bonus:

…containers can be addressed by their name or alias.

In a user-divers span network, you command which containers are in the network, and they can address each other by hostname

Aliases, what are they then?

Docker gives each container a unique name, but yous tin choose your own name or alias for a Docker container when it starts.

Y'all can choose a more friendly name (e.1000. my-nginx, or myapp-dev).

When these containers are joined to the user-divers span network, they can address each other past this name.

This means y'all don't need to worry about keeping track of containers' IP addresses, which can frequently alter.

Example: if y'all run a database in a container, and give it the name mydatabase, then your app in a container can address the database using the hostname mydatabase. If you're using MongoDB, the connectedness string might look like this: mongodb://mydatabase:27017

How to create a user-defined bridge network

To allow two Docker containers on the same host to communicate with each other by proper noun:

1. Create a user-defined bridge network: Create your own custom bridge network commencement using docker network create. Under the hood, Docker sets up the relevant networking tables on your operating system.

   For example, I'k going to create a network chosen tulip-net for applications about tulips: 🥀

                     docker network create tulip-net                                  

2. Outset a container and connect it to the bridge: Start your container equally normal. Add it to your user-divers span network using the --net option, e.k. --net tulip-net.

                     docker run --rm --net tulip-cyberspace --name tulipnginx -d nginx                                  

3. Address another container, using its proper name as the hostname: When two containers are joined to the same user-defined span network, 1 container is able to address another by using its proper noun (equally the hostname).

                                         # Commencement a busybox container so that nosotros can test out the network                    $                    docker run                    --internet                    tulip-net                    -information technology                    busybox sh                    # Use 'wget' inside busybox, using the container name as the hostname!                    busybox$                    wget                    -q                    -O                    - tulipnginx:80 <!DOCTYPE html> <html> <head                    >                    <title>Welcome to nginx!</championship> ...you lot get the picture....                                  

Can you connect an existing container to a network?

Yes, yous can! If you lot already accept a container running, you tin can to connect it to your new user-defined bridge network without having to restart the container. Use the docker network connect control. For example:

                docker network connect tulip-net mongodb                              

Now Docker volition connect the container mongodb to the network tulip-cyberspace.

And that's user-defined bridge networking. It's a dandy way to have a custom network prepare upwards, and isolation from other containers that aren't in the network.

TL;DR

Too long, didn't read? Hither'south the gist:

• For containers to communicate with other, they need to be part of the same "network".

• Docker creates a virtual network chosen span by default, and connects your containers to it.

• In the network, containers are assigned an IP address, which they tin can use to address each other.

• If you want more command (and you definitely do), you lot tin can create a user-defined span, which volition give you lot the added benefit of hostnames for your containers too.

Want to learn more? Containers Fundamentals is a xl-hour course from Linux Foundation that covers container networking, images, runtimes, storage, security and much more than.

Happy networking!

Copyright © 2022 Tom Donohue. All rights reserved, except where stated.

Tutorial Works is a participant in the Amazon.com Services LLC Associates Program. Every bit an Amazon Acquaintance we earn from qualifying purchases. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates.

Source: https://www.tutorialworks.com/container-networking/

Posted by: merrillfrenjudipt.blogspot.com

Share this post