Generic Top

I just announced the new Learn Spring course, focused on the fundamentals of Spring 5 and Spring Boot 2:

>> CHECK OUT THE COURSE

1. Overview

One of the main features of Docker is creating and isolating networks.

In this tutorial, we'll see how to extract information about networks and the containers they hold.

2. Networking in Docker

When we run a Docker container, we can define what ports we want to expose to the outside world. What this means is that we use (or create) an isolated network and put our container inside. We can decide how we'll communicate both with and inside this network.

Let's create a few containers and configure networking between them. They will all internally work on port 8080, and they will be placed in two networks.

Each of them will host a simple “Hello World” HTTP service:

version: "3.5"

services:
  test1:
    image: node
    command: node -e "const http = require('http'); http.createServer((req, res) => { res.write('Hello from test1\n'); res.end() }).listen(8080)"
    ports:
      - "8080:8080"
    networks:
      - network1
  test2:
    image: node
    command: node -e "const http = require('http'); http.createServer((req, res) => { res.write('Hello from test2\n'); res.end() }).listen(8080)"
    ports:
      - "8081:8080"
    networks:
      - network1
      - network2
  test3:
    image: node
    command: node -e "const http = require('http'); http.createServer((req, res) => { res.write('Hello from test3\n'); res.end() }).listen(8080)"
    ports:
      - "8082:8080"
    networks:
      - network2

networks:
  network1:
    name: network1
  network2:
    name: network2

Here's a diagram of these containers for a more visual representation:

Let's start them all with the docker-compose command:

$ docker-compose up -d
Starting bael_test2_1 ... done
Starting bael_test3_1 ... done
Starting bael_test1_1 ... done

3. Inspecting the Network

Firstly, let's list all available Docker's networks:

$ docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
86e6a8138c0d        bridge              bridge              local
73402de5766c        host                host                local
e943f7124776        network1            bridge              local
3b9a28673a16        network2            bridge              local
9361d16a834a        none                null                local

We can see the bridge network, which is the default network used when we use the docker run command. Also, we can see the networks we created with a docker-compose command.

Let's inspect them with the docker inspect command:

$ docker inspect network1 network2
[
    {
        "Name": "network1",
        "Id": "e943f7124776d45a1481ee26795b2dba3f2ab51f000d875a179a99ce832eee9f",
        "Created": "2020-08-22T10:38:22.198709146Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        // output cutout for brevity
    }
],
    {
        "Name": "network2",
        // output cutout for brevity
    }
}

This will produce lengthy, detailed output. We rarely need all of this information. Fortunately, we can format it using Go templates and extract only the elements that suit our needs. Let's get only the subnet of network1:

$ docker inspect -f '{{range .IPAM.Config}}{{.Subnet}}{{end}}' network1
172.22.0.0/16

4. Inspecting the Container

Similarly, we can inspect a specific container. First, let's list all containers with their identifiers:

$ docker ps --format 'table {{.ID}}\t{{.Names}}'
CONTAINER ID        NAMES
78c10f03ad89        bael_test2_1
f229dde68f3b        bael_test3_1
b09a8f47e2a8        bael_test1_1

Now we'll use the container's ID as an argument to the inspect command to find its IP address. Similarly to networks, we can format output to get just the information we need. We'll check the second container and its address in both networks we created:

$ docker inspect 78c10f03ad89 --format '{{.NetworkSettings.Networks.network1.IPAddress}}'
172.22.0.2
$ docker inspect 78c10f03ad89 --format '{{.NetworkSettings.Networks.network2.IPAddress}}'
172.23.0.3

Alternatively, we can print hosts directly from a container using the docker exec command:

$ docker exec 78c10f03ad89 cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.22.0.2	78c10f03ad89
172.23.0.3	78c10f03ad89

5. Communication Between Containers

Using knowledge about our Docker networks, we can establish communication between containers in the same network.

First, let's get inside the  “test1” container:

$ docker exec -it b09a8f47e2a8 /bin/bash

Then, use curl to send a request to the “test2” container:

[email protected]:/# curl 172.22.0.2:8080
Hello from test2

Since we're inside the Docker's network, we can also use the alias instead of the IP address. Docker's builtin DNS service will resolve the address for us:

[email protected]:/# curl test2:8080
Hello from test2

Mind that we can't connect to the “test3” container because it's in a different network. Connecting by the IP address will time out:

[email protected]:/# curl 172.23.0.2:8080

Connecting by the alias will also fail because the DNS service won't recognize it:

[email protected]:/# curl test3:8080
curl: (6) Could not resolve host: test3

To make this work, we need to add “test3” container to “network1” (from outside of the container):

$ docker network connect --alias test3 network1 f229dde68f3b

Now request to “test3” will work correctly:

[email protected]:/# curl test3:8080
Hello from test3

6. Conclusion

In this tutorial, we've seen how to configure networks for Docker containers and then query information about them.

Generic bottom

I just announced the new Learn Spring course, focused on the fundamentals of Spring 5 and Spring Boot 2:

>> CHECK OUT THE COURSE
guest
0 Comments
Inline Feedbacks
View all comments