Containers compared to Virtual machines are much more simplified. They often run a minimal linux operating system. But in order to function , containers needs networking functionality to connect distributed applications across.
The article is spawned over 6 posts. in this we will see how containers talk to each and also how Pods in a Orchestration engine talk to each other.
The article is spawned over 6 posts. in this we will see how containers talk to each and also how Pods in a Orchestration engine talk to each other.
- Networking on Docker
- Network Modes in Docker - Host
- Network Modes in Docker - Bridge
- What happens exactly in bridge mode
- Container - Container linking
- Container network mode
- Unix Daemon Sockets
- Container to container communication in a POD
- Pause Container
- Pod to Pod communication - Single Machine
- Pod to Pod communication - Multiple Machines
- Docker networking for multiple containers running on multiple hosts
- Pod to Service communication
A Pod is a basic unit in kubernetes or Openshift. A Pod contains one or more containers that are created on a node which share some common resources like network , volumes etc. The basic advantage of sharing a network is that all running containers can talk to each other on a local host.
If there are 2 containers running and let's say the first container nginx is running on the port 80 , the second container can access the first using the “localhost:80”. This is done since we are sharing the network space between the containers in the Pod. But how does this work.
Docker networking
Let's first see how the basic networking works in the docker. How network is set for the container?
We all know that containers does not rely on any hardware emulation , it's just a process in host running a container runtime environment ( like Docker or Rkt ). They live in their own isolated and controlled namespaces that shares the kernel of the host.
A container will never connect to a hardware emulation but it would share one or more network interfaces or network namespaces that belong to the host.
We also know that there will be a standard network interface eth0 for every system. Eth0 is the first ethernet interface. This is basically a NIC interface connected to the network by a cable which passes the request to the internet.
When we install docker , docker creates and configures docker0, a network interface which is a ethernet bridge device. Docker configure docker0 with an ip address , netmask and ip allocation range. This is the default bridge network. When we don't give any networking mode to the container , this the default that it takes.
We can let container connect to the host network namespace (eth0) or we can let container connect to some sort of internal virtual networking interface of the kernel and let route tables like iptables do the mapping between the internal interface and this virtual interface. In order to let the container connect to network namespace , docker provides you a “Networking Mode” option. This lets us to start a container and choose a networking mode that is suitable for our requirements.
Lets see what all the network modes available for container to connect.
Host - With this host networking mode , the container will share the network space from the host machine. This just not only shares the host network space but also shares the host Port space even. The container will get the IP address of the host.
In order to create a container with the host networking mode, we can start the container with the “--net=host” argument. Check the IP address of the host machine,
[root@manja17-I13330 ~]# hostname -I
[root@manja17-I13330 ~]# hostname -I
10.131.175.138 172.17.0.1 10.32.0.1
Create the container with the --net=host mode and check the IP address,
[root@manja17-I13330 ~]# docker run -it --net=host docker.io/jagadesh1982/testing-service /bin/bash
root@manja17-I13330:/usr/src/app# hostname -I
10.131.175.138 172.17.0.1 10.32.0.1
root@manja17-I13330:/usr/src/app# exit
exit
The container now shares the same network namespace from the host and we can see that same IP address for both container and host. The ports which are opened from container will also be opened from the host machine. So ports opened from container are also being used from host machine.
The container now shares the same network namespace from the host and we can see that same IP address for both container and host. The ports which are opened from container will also be opened from the host machine. So ports opened from container are also being used from host machine.
The problem with this approach of networking is that ports being used by the containers are now blocked on the host machine. If we want to start one more same container with port 9876, we can't do that since it is being used by an existing container and is being used on the host machine. In order to solve this problem we can use the BRIDGE networking mode or we can tell the Orchestration engine to start the container with different ports. The Orchestration engine can pass the env variables like Port to the container on which they can start.
No comments :
Post a Comment