grimoire

personal wiki
git clone git://git.pyratebeard.net/grimoire.git
Log | Files | Refs

docker_networks.md (2511B)

      1 # docker networks
      2 ## concepts for private and public comms in containers
      3 
      4 * review of `docker container run -p`
      5 * for local dev/testing, networks usually "just work"
      6 * quick port check with `docker container port <container>`
      7 * learn concepts of docker networking
      8 * understand how network packets move around docker
      9 
     10 * each container uses a priv virt net "bridge"
     11 * each virt net routes through nat firewall
     12 * all containers on a virt net can talk without `-p`
     13 * "batteries included, but removable"
     14 	* defaults work well in many cases, but easy to swap out parts to customise it
     15 * make new virt nets
     16 * attach containers to more than one virt net
     17 * skip virt nets and use host (`--net=host`)
     18 * use different docker network drivers to gain new abilities
     19 
     20 
     21 ```
     22 docker container run -p 80:80 --name webhost -d nginx
     23 docker container port webhost
     24 ```
     25 
     26 * `--format` - a common option for formatting the output of commands using 'go templates'
     27 ```
     28 docker container inspect --format '{{ .NetworkSettings.IPAddress }}' webhost
     29 ```
     30 
     31 ## cli management of virtual networks
     32 | command                          | description                       |
     33 | ---                              | ---                               |
     34 | `docker network ls`              | show networks                     |
     35 | `docker network inspect`         | inspect a network                 |
     36 | `docker network create --driver` | create a network                  |
     37 | `docker network connect`         | attach a network to a container   |
     38 | `docker network disconnect`      | detach a network from a container |
     39 
     40 * bridge - default docker network
     41 * host - skip virtual networks but sacrifices security
     42 * none - removes eth0 leaving on localhost interface in container
     43 
     44 ```
     45 docker network create <network_name>
     46 ```
     47 * uses bridge driver by default
     48 
     49 ```
     50 docker container run -d --name <container_name> --network <network_name> <image>
     51 ```
     52 
     53 using `connect` and `disconnect` you can add more networks or change networks, like plugging additional nics or switching eth cables.
     54 
     55 ## dns and how container find each other
     56 
     57 * understand how dns is the key (can't rely on ips)
     58 	* can't use ip addresses because so dynamic
     59 * see how it works by default with custom networks
     60 * learn how to use `--link` to enable dns on default bridge network
     61 
     62 - containers on the same network have automatically dns resolution with container name
     63 - default bridge network does not have dns by default
     64 	- can use `--link` when starting containers to link in default bridge network