Docker Networking -Project: Created Default network for a two-tier application
Types of Network
Default Bridge
Custom Bridge network
Host network
MAC VLAN network
None network
Overlay network
ip address show: To view all the ip address
Loopback network: The network to run anything locally(ex-localhost)
Ethernet: To connect with outside (ex- shows ip of wifi attached to network)
sudo apt install docker.io: To install docker
ip address show: To show the ip addresses ( a new docker0 network has been added used for docker)
How to resolve permission denied error while using docker?
Error : docker ps: to view all the running container
Resolved error:
sudo usermod -aG docker $USER: to add the current user to docker group which will give the permission to access docker
sudo reboot: To reboot the system
The default type of network when installing a docker:
docker network ls: To list the network in the docker
Default Bridge:
By default, the network is used by the container to access outside, and when the outside world wants to connect to the container we have to expose the port of the container)
docker run -d --name nginx nginx: To run the image nginx in detached/background with the name given nginx
docker ps: To view all the running container
docker inspect bridge: to view all the information of the bridge network(by default network)
-> It shows the bridge network has got a container named nginx with "172.17.0.2/16"
-> Copy ip address from ec2-instance and paste into the browser but still it won't connect as the container does have published the port to access the outside world.
Resolution:
-> We have to map port 80 of the docker container to port 80 of the host.
docker ps: To view all the running containers
docker kill 58cd11fc248f: to stop the container
docker rm 58cd11fc248f: to remove the container
docker run -d --name nginx -p 80:80 nginx -> To run the image of nginx with port 80 of container mapped to port 80 of the host which enables the container to be able to access the outside world.
docker ps: to view the running container
->Now, copy-paste the IP address and the Nginx container is able to access the outside world through the default bridge network.
Host network
docker ps: to view all the running container
docker kill 4da7955ab07a: to stop the container
docker rm 4da7955ab07a: to remove the container
-> Now, create a new container with a host network attached to it not the default bridge network
docker run -d --name nginx --network host nginx: to make a container of nginx with host network
NOTE: In the case of the Bridge, we have to map port 80 of container to the port 80 of the host to access the internet but when using the host network in place of the bridge, the container is directly connected to the host.
docker inspect host: to view all the information related to the host network(container nginx is using the host network.)
Interview question: How does the bridge network container have ip address but the host network container doesn't?
The host network container doesn't have any IP address as it is working on the host IP address(computer system).
Custom Bridge
docker network create custone-bridge: to create a custom network bridge(custom bridge has been created)
docker network ls: To view all the docker networks
docker ps: to view all the running container
docker kill nginx: to stop the container
docker rm nginx: to remove the container
(Now, no container is running)
docker run -d --name nginx-def nginx: to create a container of nginx with name nginx-def using by default bridge.
docker inspect bridge: to view the information related to the default bridge network.
docker run -d --name nginx-cus1 --network custone-bridge nginx: to create an nginx container with name nginx-cus1 using a user-defined bridge named custone-bridge
docker run -d --name nginx-cus2 --network custone-bridge nginx:
to create a container using the user-defined custone-bridge
docker inspect custone-bridge: to view all information of user-defined bridge(user defined custone-bridge is used by nginx-cus1 and nginx-cus2, and also both the containers can connect to each other as they are using the same network )
Project- created default network for two-tier applications using docker.
git clone github.com/ManishNegi963/microservices-k8s...
(copying the application locally)
cat Dockerfile: to view the data in the file
docker build . -t pythn-image: To create an image from Dockerfile in the current directory
docker network create my-bridge: to create a user-defined network for docker
docker network ls: to view all the docker network
docker run -d -p 5000:5000 --name python-ctr --network my-bridge pyhtn-image: to create a container using my-bridge(user-defined network) from pythn-image
-> This container is using user-defined docker network my-bridge.
->Now, go to the ec2-instance -> security group-> inbound rule->add rule->port 5000 from anywhere ipv4->save.
->This will allow access to ec2 from anywhere using the IP address with port 5000.
-> Copy the IP address with port 5000 and you will get the below message running.
creating a container in a user-defined network
docker run -d --name nginx-cus-1 --network my-bridge nginx: to make another container using the docker user-defined network my-bridge named as nginx-cus-1
creating a container in a user-defined network
docker run -d --name nginx-cus-2 --network my-bridge nginx: to create a container nginx-cus-2 using docker user-defined network my-bridge
creating a container in by default docker network
docker run -d --name nginx-def nginx: to create a container nginx-def using default docker network bridge
docker ps: to view all the running container
docker exec -it baba763459be sh: to go inside and interact with the container
->ping google.com : to check if the container is able to access the internet through the user-defined network my-bridge
->ping nginx-cus-1: to check if the python-ctr is able to connect with another container nginx-cus-1 using the same user-defined network my-bridge
->ping nginx-cus-2: to check if the python-ctr is able to connect with another container nginx-cus-2 using the same user-defined network my-bridge
IMPORTANT=>ping nginx-def: to check if the python-ctr is able to connect with another container nginx-def as it is not on the same network, as pythn-ctr is using the user-defined network my-bridge and nginx-def is using by default bridge which creates network isolation for both from each other.
connecting the mongo database container to the python application container
docker run -d --name mongo mongo: to create a container of mongo db
docker ps: to view all the running container
->In the app.py file, it stated that if entered /tasks with an IP address it will prompt a new page.
->Go to ec2-instance and enter the IP address with port 5000/tasks.
\=>The IP address won't connect with /tasks as it is using by default bridge network and the Python application is using a user-defined bridge (my-bridge).
docker logs pythn-ctr :to check the logs of python app(As both the application and mongo db are running on different network)
->Now, stop the Mongo container and make a new container on the user-defined my-bridge network to connect the Python app container to the Mongo db container.
docker run -d --name mongo --network my-bridge mongo: to create a mongo container using the my-bridge docker network
docker inspect my-bridge: to view information
-> In the my-bridge network, we have pythn-ctr as well as mongo
->IP address now working as both the containers are using the same customized network my-bridge
None network
docker run -d --name nginx-none --network none nginx: to create an nginx container using the none network
It is an isolated container used for dummy data.
Overlay network:
The overlay network driver creates a distributed network among multiple Docker daemon hosts. This network sits on top of (overlays) the host-specific networks, allowing containers connected to it (including swarm service containers) to communicate securely when encryption is enabled.
docker network create --driver=overlay my-overlay-network
docker service create --network=my-overlay-network my-service
Macvlan network:
It allows containers to have a MAC address assigned to them directly. It is useful when containers require direct Layer 2 network access or when you want to connect containers directly to the external network.