docker_network.md

IMP NOTES

SENARIO 1

1. Here we have 2 containers and 1 is front end container and 2nd is backend container and this 2 containers should communicate with each other.
2. Frontend -- should talk to backend.
3. There should be a networking way to talk to each other.
4. Any container will definitly talk to the host be'coz containers are package or bundle which don't have complete operating systems. Subnet : Basically a networking group

SENARIO 2

ISOLATION

1. 2 Containers 1 is Login and other payment, which are completely isolated that means, that they are not is same network, they don't talk to each other.

what does a docker container will talk to the system or host

--

1. By default we have eth0 network Ex: 192.168.138.156, It will be created by default by any resources that you are creating that as container or VM.
2. Docker conatiner runs of 172.17.0.2 eth0
3. If we try to ping from container 172.17.0.2 to 192.168.138.156 host machine. The ping will not work we will get network error.

4. To the solve docker created as virtual network called eth with basically docker 0

5. WIthout this virtual network conatiner can not talk to the host. And this is called Bridge network

6. Default network in docker is bridge networking. This is virtual eth which is called docker 0

7. If we try to docker this bridge network then the container will not talk to host

Docker networks

1. Bridge network
2. Host networking --- Containers will directly use the host. In this case docker will directly bind ip address of the host not exactly ip address eth0 of the host, when we are creating container. -- Host has 192.168.138.4 and conatiner as 192.168.138.6, both of them are in same subnet. Bydefault we y ou try to ping the conatiner to host, it is possible. -- Whoever have the access to host can also have access to container.
3. Overlay networking -- Mostly used in k8s or docker swarm

Isolated containers

1. Container 1 is login container and container 2 is the finance container. The finance container is completely isolated or as much as secure as compare with login container.
2. But if we use the default network. there is only one eth0 docker 0 the container 2 finance conatiner will also use the same network, and both of them are using the same virutal network to talk to the host.
3. This is the problem and it is not secure.

4. If we are using Out of the box bridge networking all of the container can ping or one container can ping other conatiner can talk to the host using veth0. This is also not secure.

THE ABOVE PROBLEM WILL BE SOLVED BY BRIDGE NETWORKING (Isolated containers)

Docker allow us to create own custom bridge network

Create a custom bridge network using a docker network command

1. For docker run command we can pass this as --network
2. Container -- custom network -- eth0

Create 2 containers and check whether they are pinging to each other

1. sudo docker run -d --name login nginx:latest

Enter inside a container sudo docker exec -it login /bin/bash

install iputils-ping to ping from login to logout container ping is working

Create another container

1. sudo docker run -d --name logout nginx:latest
2. sudo docker inspect login

Create custom bridge network

1. sudo docker network create secure-network (secure-network is network name)
2. sudo docker network ls (To check the networks)
3. sudo docker run -d --name finance --network=secure-network nginx:latest (To run with custom network)
4. sudo docker inspect finance
5. Now we are not able to ping this conatiner with other container, because it secure and isolated.

Create a conatiner with host network

1. Host network is nothing but pc or vm or instancce network

2. Container will be created with no ip address if we inspect we don't get any ip address

3. It has same ip address as our system ip

4. sudo docker run -d --name host-demo --network=host nginx:latest

5. sudo docker inspect host-demo