How to publish a container port in the bridge network:
docker run -d -p 80:80 nginx
How to disable network isolation for a container:
docker run -d --rm --network host nginx
The first command creates a reverse proxy using docker-proxy
on the host
The second command opens a port on the host
docker run
docker run --net ...
docker-compose
docker-compose.yml
docker-compose.yml
Containers in the same docker-compose.yml
are deployed to the same network:
docker-compose up -d
docker network ls
docker-compose exec svc1 ping svc2
Docker provides DNS and load balancing for service names
Docker updates /etc/resolve.conf
Containers launched over the mapped daemon socket do not end up in the same network context:
docker-compose \
--file docker-compose.yml \
--file docker-compose.context.yml \
up -d
docker-compose exec dind sh
Inside of the dind
service, start a new container:
docker run -it alpine
It will not be able to see any service from the docker-compose
files:
ping svc1
ping svc2
/etc/resolv.conf
points to host DNS servers
Continue to test inside the dind
service:
docker run -it --rm --network 050_networks_default alpine
Once the container is started in the network used by the deployment, it can see other services:
ping svc1
ping svc2
/etc/resolve.conf
points to DNS server provided by Docker
Use case: Reverse proxy on public
for services on private
Using multiple network with docker-compose
:
docker-compose --file docker-compose.networks.yml up -d
docker-compose exec svc1 ping svc2
docker run
docker network create public
docker network create private
docker create --network public --name foo nginx
docker network connect private foo
docker start foo
docker exec -it foo apt-get install iproute2
docker exec -it foo ip a