原文:
https://cloudkul.com/blog/understanding-communication-docker-containers/
Understanding Communication Between Docker Containers
In our earlier blogs, we have seen various architectures of docker containers to deploy Magento 2 server. We have seen how to setup single container architecture that included web server and database server inside single container using Dockerfile. We have also seen multi-container architectures having different services being run on different containers. These containers were interlinked with each other and there configured by docker-compose tool which use single configuration file docker-compose.yml file to deploy all the containers.
In between these setups, we have used various terms like containers linking, port exposure, volume mapping etc, but we had never discussed how containers are communicating with each other. So let’s take a break from setting up docker architecture and understand communication between docker containers.
Docker Network
Docker utilises three inbuilt networks that comes with fresh docker installation. If you run,
|
1
|
docker network ls
|
you might see three networks as:
- Bridge
- None
- Host
Lets take a brief overview about these networks
- Bridge network is default networks that comes with all docker installation. It is also known as docker0 network. If not mentioned otherwise, all docker containers are created within docker0 network.
- None network is generally known as container specific network. A container can be attached to none network. This is utilised for internal communication between containers being isolated to outside network.
- The host network adds a container on the host’s network stack.. As far as the network is concerned, there is no isolation between the host machine and the container. For instance, if you run a container that runs a web server on port 80 using host networking, the web server is available on port 80 of the host machine.
Apart from these builtin networks, there are also user-defined networks. We can create our own network and to control which containers can communicate with each other, and also to enable automatic DNS resolution of container names to IP addresses. With the help of default network drivers being provided, we can create following networks:
- Bridge network
- Overlay network
- MACVLAN network
Although, here we will keep our discussion limited to default bridge network.
Bridge Network
As mentioned earlier, docker containers are attached to bridge or docker0 network by default if no other network is mentioned. Take a note that all containers within the same bridge network can communicate with each other via IP addresses.
However they cannot resolve container names so communication via container names is not possible. To ensure communication via container names, these containers are needed to linked with each other in a one way or another. Docker0 bridge allows port mapping and linking to allow communication among containers or communication between container and host.
Communication between containers is managed at operating system level and it depends on two factors:
- By default Docker daemon attaches all containers to docker0 bridge, providing network address translation for their communication. So it is mandatory that network topology can identify containers’ network.
- Connection establishing permissions from iptables
Also, for communication between host and containers, it is mandatory that iptables settings and port mapping is done correctly to transfer packets between docker container and hosts.
Understanding By Example:
Let us understand container linking and port exposure by an example. We will link apache2 and mysql-server containers using docker command line tools.
First we will need mysql-server image,
|
1
2
3
|
docker pull mysql/mysql-server:5.6
|
Then we will launch a container from this image as,
|
1
|
docker run -p 3306:3306 --name mysql -e MYSQL_ROOT_PASSWORD=rootpassword123 -d mysql/mysql-server:5.6
|
In above command, -p arguments maps host’s port with container’s port and –name argument defines container’s name. We are mapping 3306 port of host with 3306 port inside the container. All traffic to and from mysql server will routed from these ports. Make sure ports on host are available to be used.
After image and docker container creation, we can check their status as,
|
1
2
3
|
docker images
docker ps
|
Now, lets pull apache2 server with php5 image as,
|
1
2
3
|
docker pull nimmis/apache-php5
|
Now as we have mysql container already running, we will launch apache2 container being linked to mysql container as,
|
1
|
docker run -tid -p 80:80 --name apache2 --link mysql nimmis/apache-php5
|
In above command, we have launched a container naming apache2 whose port 80 is mapped with 80 port of the host and this container is linked with our database container naming mysql by –link
Check the networks of both containers as:
|
1
2
3
|
docker inspect mysql
docker inspect apache2
|
You will see default bridge network for both containers.
We can check this connectivity by,
|
1
2
3
|
docker exec -ti apache2 bash
ping mysql
|
and,
|
1
2
3
|
docker exec -ti mysql bash
ping apache2
|
If we get response for both the pings, then docker containers have been linked properly.
So far we have seen how to link to docker containers within the default bridge network from simple command line docker commands. In our later blogs, we will discuss more about user-defined networks and container communication.