Networking in Docker (text)

by Sasha Shkrebets — last modified Mar 06, 2023 01:20 PM

In this lecture I'll give a brief overview of networking With Docker. I'll provide an overview of Docker networking basics. Including, how containers can network together with a Docker bridge. I'll talk about different ways to network Docker containers. Including, exposing ports to other containers, linking containers together, and mapping ports to external hosts and networks. It's also possible to network Docker containers together,

Welcome back.

In this lecture I'll give a brief overview of networking With Docker.

I'll provide an overview of Docker networking basics.

Including, how containers can network together with a Docker bridge.

I'll talk about different ways to network Docker containers.

Including, exposing ports to other containers,

linking containers together, and mapping ports to external hosts and networks.

It's also possible to network Docker containers together,

even if they're sitting in different virtual machines,

using either the Linux bridge or Open vSwitch.

I won't cover this topic in detail in this lecture,

but there's an example of how to do this linked from the course webpage.

When you start a Docker container, by default, it runs in complete isolation.

Docker provides a bridge network via an internal network switch.

But further configuration is required to permit

these two containers to communicate.

In this lecture, we're going to work with two containers based on Ubuntu Linux.

One where we will run the client is a stock Linux installation.

We'll install an Apache web server in the other container, and

then connect that web server to both the client and container in the outside world.

Let's first install Apache on a Docker container

that has the latest Ubuntu image.

To do so we'll start the container, install the Apache package,

detach the container, stop it, and then commit the container with a new name.

The Run command allows us to start the container.

PS gives us a list of running containers.

You can see the container we just created with the name Install.

We can now attach to this container and install the Apache web server.

When the installation completes we can detach from the container.

Using Ctrl+p, Ctrl+q.

We can then stop the container using Docker stop and

commit the current state of our container with a new name called

Apache Test, that we can instantiate later.

Now we'll look at how we can run the container with Apache, so

that it exposes the HTTP port, port 80 to other containers.

To do so we can issue Docker's Run command with the expose option

which tells Docker to expose corresponding port when we run the container.

Thus allowing the container such as the client shown here to send traffic to

port 80 of the container that's running the Apache web server.

Let's start the Apache container that we created and give it a convenient name

again, this time web, so that we can conveniently attach to it.

And let's also get the IP address of the web server where this container's running.

We can now detach from this container and start a new client container.

When we attach to the client we can now connect to the web server running in

the other container.

And we can get the default web page that's being served by the Apache web server.

Docker makes communication between containers a bit easier through

a process called linking, which allows a client container to get information

related to the link container, such as a host name and its environment variables.

To link the web and

client containers we can run our client container with Docker's link option.

Let's now attach to that length client, and you can see that when we run a length

client with an alias name we can use the environment variables for

the web container because they are visible in the client container.

Docker also updates the etc/host file so

that it's possible to communicate with the web container directly by name.

For example we can ping web and we can also ping web alias.

Of course, as before, we can also communicate with the web server that's

running except now we can do so directly by the name of the container.

Docker also makes it possible to map ports from a given container

to the external network, using the p flag on a run command.

This allows us to access the Docker container from other internet-connected

hosts, including the host machine or other remotely connected hosts.

To see how port mapping works, let's stop and remove our old web container.

And let's restart it with the port mapping option.

As before we can attach to the container and we can start the Apache web server.

Now let's detach from the container.

The interesting thing now is that this container that we just started is

externally visible because we've mapped port 80 to port 8080.

So now from the host to us, I can simply connect to the externally visible port

8080, and as before you can that see we can contact the web server.

It's also possible to network virtual machines that have Docker containers

running inside them with Open vSwitch.

The course page has a pointer to an experiment that you can run that

implements the setup which connects two Ubuntu virtual machine's with Open

vSwitch and connects each respective Open vSwitch to a dock or

bridge running on its respective machine.

In summary Docker is a mechanism for deploying light weight containers

that can also be networked with each other and with external networks.

As this technology matures,

I suspect it will become even easier to create virtual networks

by linking together Docker containers with software switches such as Open vSwitch.