Basic Understanding of Docker
Docker is a platform that helps developers package applications and their dependencies into units called containers. Containers are lightweight, standalone environments that can run consistently on any machine with Docker installed, be it a local computer or a remote cloud server. This makes it easy to develop, test, and deploy applications in different environments without worrying about compatibility issues.
Key Concepts in Docker
Docker Image: A Docker image is like a blueprint for containers. It contains everything the application needs to run—such as the code, system tools, libraries, and settings. Images are reusable, so you can use the same image on different machines.
Docker Container: A container is a running instance of a Docker image. It’s isolated from other containers and the host system, ensuring that the application behaves the same everywhere. Containers are lightweight because they share the host machine’s operating system kernel, unlike traditional virtual machines that need a full OS.
Dockerfile: A Dockerfile is a simple text file with instructions for building a Docker image. It defines the base image (e.g., Ubuntu or Alpine), the application code, and the steps required to set up the environment. When you build an image from a Dockerfile, Docker follows the instructions and packages everything into a container-ready image.
for deep knowledge refer to a Docker Doc
Docker Network Types
Docker has a built-in networking system that manages communication between containers, the Docker host, and external networks. It supports different types of networks to handle a range of use cases, ensuring secure and flexible communication within containerized environments.
Docker Networks
- bridge
- host
- overlay
- IPvLAN
- macvlan
- None
1. bridge
Bridge network is a default network, Bridge networks in Docker create a virtual connection between the host system and the containers. Containers in this network can communicate with each other but are isolated from external networks unless specifically configured.
Each container gets its IP address within the bridge network. Through the bridge, containers can access the local network (LAN) and the internet, but they won’t appear as separate physical devices on the LAN. This type of network is commonly used for container communication on a single host.
2. host
In host network mode, Docker containers directly share the host’s network, meaning there’s no network isolation between the container and the host. The container uses the same IP address as the host, and any ports exposed by the container are bound directly to the host’s network. For instance, if a container is configured to listen on port 80, it will bind to the host's IP and port 80 (:80). This setup can improve performance since there’s no virtual network layer, but it sacrifices the isolation and security offered by other Docker network modes. It's often used for specific cases requiring direct access to the host network.
3. overlay
Overlay networks are used in Docker to connect containers running on different hosts, allowing them to communicate as if they were on the same network. This type of network spans multiple Docker hosts and doesn't require OS-level routing, making it useful for scaling applications across distributed systems.
Overlay networks are essential for Docker Swarm clusters, but they can also be used independently to connect containers across separate Docker Engine instances. This enables you to build distributed environments where containers from different hosts can communicate seamlessly, simulating a Swarm-like setup without using it.
4. IPvLAN
IPvlan is a networking option that allows you to manage how IP addresses are assigned to your Docker containers. This means you can better organize your network traffic by tagging it with VLANs, which helps separate different data types. This setup is instrumental if you want to connect your containerized applications directly to a physical network, like your office network while improving performance compared to standard bridge networks. Overall, IPvlan helps create a more efficient and organized network environment.
5. macvlan
Macvlan allows each container to act like a physical device on the network. By assigning a unique MAC address to each container, it makes them recognizable as separate devices. To use macvlan, you need to dedicate one of your host's network interfaces to this purpose. This means the external network must be capable of handling multiple MAC addresses. Macvlan is great for scenarios where containers need to be treated like independent devices, such as for network monitoring or when specific network permissions are required. This way, you get the benefits of containerization while still having the flexibility of physical network devices.
6. None
A "none" Docker network is a special network type where the container doesn't have any network interface, except a loopback interface (lo). Essentially, it isolates the container entirely from any external network connectivity. This is useful when you want to ensure that the container doesn't communicate with the outside world or other containers unless explicitly connected to another network.
In short, a container on the "none" network has no external network access by default.
How Docker Networking Works
Docker uses your host's network to enable containers to communicate. It does this by setting up special rules using IPtables, a tool in Linux that controls how traffic moves through the network. These rules automatically send the right traffic to your containers, so you don't need to set them up manually.
Each Docker container has its virtual network environment, called a network namespace, which keeps it isolated. Docker also creates virtual network interfaces on the host, allowing the containers to communicate with the outside world using the host’s network.
Although the process behind Docker networking is complex, Docker handles everything for you, making it easy to use. You can find more details in Docker's documentation.
Basic commands for Docker Network
Here are the basic commands for creating and managing Docker networks:
1. Create a Docker Network
docker network create my-network
This command creates a network named my-network.
2. List Docker Networks
docker network ls
Shows all the existing Docker networks on your system.
3. Inspect a Docker Network
docker network inspect my-network
Provides detailed information about the my-network, such as connected containers, subnet, and configuration.
4. Remove a Docker Network
docker network rm my-network
Deletes the network my-network (only if no containers are connected to it).
5. Remove all networks with a single command
docker network prune
Creating a Docker Network
To create a new network, use the docker network create command. You can specify the driver (like bridge or host) with the -d flag. If you don't include this flag, Docker will create a bridge network by default.
Run the following command in your first terminal:
$ docker network create demo-network -d bridge
50ed05634f6a3312e56700ef683ca39df44bfc826e2e4da9179c2593c79910f9 ---output
Connecting Containers to Networks
You can connect new containers to a network using the --network flag in the docker run command. In your second terminal , run:
$ docker run -it --rm --name container1 --network demo-network busybox:latest
Next, open your third terminal window and start another container without the --network flag:
$ docker run -it --rm --name container2 busybox:latest
Now, try to communicate between the two containers using their names:
# in container1
/ # ping container2
ping: bad address 'container2'
Since the containers are not on the same network, they can't communicate yet.
To connect container2 to the network, use the first terminal window:
$ docker network connect demo-network container2
Now, both containers share the same network, allowing them to
communicate:
#in container1
/ # ping container2
PING container2 (172.22.0.3): 56 data bytes
64 bytes from 172.22.0.3: seq=0 ttl=64 time=4.205 ms
Using Host Networking
While bridge networks are commonly used to connect containers, you can also use host networking, which connects containers directly to the host's network interfaces. To enable host networking, run:
$ docker run -d --name nginx --network host nginx:latest
With this setup, NGINX listens on port 80 by default, and you can access it via localhost:80 on your host:
$ curl localhost:80
You should see the NGINX welcome page.
Disabling Networking
To completely disable a container's network connectivity, you can attach it to the none network:
$ docker run -it --rm --network none busybox:latest
/ # ping google.com
ping: bad address 'google.com'
This isolates the container, allowing you to sandbox unknown services.
Removing Containers from Networks
Docker allows you to manage network connections without needing to restart your containers. You can remove a container from a network like this:
$ docker network disconnect demo-network container2
Any changes you make will apply immediately.
Using Networks with Docker Compose
You can also use networks with Docker Compose services. When using Compose, services in your stack are automatically added to a shared bridge network, reducing the need for manual configuration. Here's an example Compose file:
version: "3"
services:
app:
image: php:7.2-apache
mysql:
image: mysql:8.0
environment:
MYSQL_ROOT_PASSWORD: changeme
Deploy the stack with:
$ docker-compose up -d
You will see the output indicating that the network was created for your stack:
$ docker network ls
Adding Extra Networks
You can define additional networks in your Compose file. Specify the network in the top-level networks field and connect your services by referencing it in the networks field for each service:
version: "3"
services:
app:
image: php:7.2-apache
networks:
- db
helper:
image: custom-image:latest
mysql:
image: mysql:8.0
environment:
MYSQL_ROOT_PASSWORD: changeme
networks:
- db
networks:
db:
In this example, only the app service can communicate with the mysql service, while the helper service cannot reach the database because it’s not on the same network.
Top comments (0)