This content originally appeared on Level Up Coding - Medium and was authored by Anas Anjaria
Programming
A thought on inbound & outbound traffic.
In this post, I have explained the basic concept of how multiple docker containers communicate with each other.
Using this concept, I have explained my takeaways on inbound & outbound traffic using docker networking.
Docker containers communicate with each other if they share the same network.
Usecase — Multiple services in a single docker-compose file
When we write a docker-compose file containing multiple services, they share the same network. Hence, services can communicate with each other.
For instance, in the following YAML file, services kibana andelasticsearch communicate with each using a service name or a container name.
version: '3.8'
services:
elasticsearch:
image: 'docker.elastic.co/elasticsearch/elasticsearch:7.17.1'
container_name: elasticsearch-1
ports:
- '9200:9200'
- '9300:9300'
environment:
- "discovery.type=single-node"
kibana:
container_name: kibana
image: 'docker.elastic.co/kibana/kibana:7.17.1'
environment:
- 'ELASTICSEARCH_HOSTS=http://elasticsearch:9200'
depends_on:
- elasticsearch
ports:
- '5601:5601'
By default, docker-compose creates a network named YOUR-FOLDER-NAME_default .
Usecase — Multiple services in multiple docker-compose files
There could be several reasons for separating services in the different docker-compose files.
But doing so would not enable communication between services out of the box. Hence we need to ensure that they all are in the same network.
Let’s consider the same example with separate docker-compose files.
-- docker-compose-a.yaml
version: '3.8'
services:
elasticsearch:
image: 'docker.elastic.co/elasticsearch/elasticsearch:7.17.1'
container_name: elasticsearch
ports:
- '9200:9200'
- '9300:9300'
environment:
- "discovery.type=single-node"
networks:
- demo
networks:
demo:
name: 'demo'
-- docker-compose-a.yaml
version: '3.8'
services:
kibana:
container_name: kibana
image: 'docker.elastic.co/kibana/kibana:7.17.1'
environment:
- 'ELASTICSEARCH_HOSTS=http://elasticsearch:9200'
depends_on:
- elasticsearch
networks:
- demo
ports:
- '5601:5601'
networks:
demo:
name: 'demo'
If you look closely, I have explicitly specified a network called demo in each service. This way, they share the same network and hence can also communicate with each other.
You can run these services using the following command.
docker-compose -f docker-compose-a.yaml \
-f docker-compose-b.yaml \
up -d
My takeaway from this docker networking
Have you paid close attention to inbound & outbound traffic in this exercise?
If you observe closely, you will see that there are no restrictions on outbound traffic. It means that containers can communicate easily with the outside world (or the internet).
However, there are always restrictions on inbound traffic. Everybody cares about incoming traffic and protecting their network.
Keeping in mind the same principle, you will now be able to understand why network A is not allowing traffic from network B. We can’t trust other networks but only ours.
If we expose our services to the external world (or the internet), we need a security layer to protect our network.
Thanks for reading.
If you enjoy this post, you might also like my following series.
Want to connect?
Facebook | LinkedIn | Twitter
Subscribe to get my work directly into your inbox.
https://medium.com/subscribe/@anasanjaria
What Did I Learn From Docker Networking? was originally published in Level Up Coding on Medium, where people are continuing the conversation by highlighting and responding to this story.
This content originally appeared on Level Up Coding - Medium and was authored by Anas Anjaria
Anas Anjaria | Sciencx (2022-10-10T02:08:39+00:00) What Did I Learn From Docker Networking?. Retrieved from https://www.scien.cx/2022/10/10/what-did-i-learn-from-docker-networking/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.