Understanding Docker Networking
When we talk about Docker, we say that containers are isolated. How do we communicate with our containers, or other applications like MySQL database? It is not useful if we can't access it.
Docker has a network concept. It has several network drivers to work with. Depending on how we want our container to behave, we can select our network. This helps us to connect container with a container or container with host.
Network Commands Summary
docker network ls
- list available networksdocker network create
- create a networkdocker network rm
- remove a networkdocker network inspect
- inspect a networkdocker network connect
- connect container to a networkdocker network disconnect
- disconnect container from a network
Docker Network Drivers
bridge
is the default network. When the Docker daemon service starts, it configures a virtual bridge named docker0
. When we don't specify the network, this is the one Docker uses. Docker creates a private network inside the host which allows containers to communicate with each other. host
tells Docker to use host computers network directly.
Network Commands
Just like other Docker commands, the Docker network command have the same pattern.
List Available Network Commands
docker network help
Inspecting a Network
Use the inspect command to inspect a Docker:
docker network inspect bridge
Create a Network
We can create our own network using the create command.
docker network create mynetwork
Docker prints the ID of the created network. Use the inspect command to see properties. You will see that it has used bridge as the driver since we didn't specify a driver to be used. We can specify a driver using the -d
option.
docker network inspect mynetwork
docker network create -d bridge mynetwork2
Remove a Network
We can use rm command to remove a network.
docker network rm mynetwork
Connect to A Network
When we create a Docker container, by default it is connected to bridge network. We can use the --net
option to connect with another network when we run the container.
docker container run -it --net=mynetwork nginx
Connect with The Host
Now we need to use our containers from the host. There is no meaning of isolating a container if we can't access it when needed (although there are isolated containers in some cases).
We can get the exposed port of an image by inspecting it. Issue the inspect command and see the line for "ExposedPorts."
docker image inspect nginx
"ExposedPorts": {"80/tcp": {}}
This means Nginx exposes port 80 to access from the host or other containers.
We can use -p
or --publish
option to bind this port to the host's port when running an image.
hostport:containerport
docker container run -it -p 81:80 nginx
This means we are binding the port 81 with Docker container's exposed port 80.
If we want to connect with a network,
docker container run -it --net=mynetwork -p 81:80 nginx
When we publish the port, we can access it using localhost like localhost:81
Or we can use host network directly.
docker container run -it --net=host nginx
Get Container Ports
We can get the containers port using port command
docker port cotainer_name/id
Let's run Nginx again and publish to 81.
docker container run --name my-nginx -p 81:80 nginx
Now when we inspect the container (under NetworkSettings), we can see that it has attached to host's port 81.
docker container inspect my-nginx
"Ports": {"80/tcp": [{"HostIp": "0.0.0.0","HostPort": "81"}]},
Conclusion
Docker networking is a very useful thing to learn. When we are building microservices and deploy using Docker containers, we need to connect them into the same network. It will be much easier to work with these kinds of scenarios when we have a basic understanding.