Docker Compose Network

In this article, we will learn about the docker compose network. The network is an essential part of system/applications/services. Without them, it would be impossible to protect services. We will talk about the docker compose network.

Docker Network Basic

Before starting to docker compose network we will introduce basic docker network.

Running the docker network ls will list out all network on your current Docker engine. It should look like to the following;

➜ ~ docker network ls
NETWORK ID NAME DRIVER SCOPE
e3236346c26e bridge bridge local
9cafca499f94 host host local
c12cf623f7e1 none null local
➜ ~

All network has a unique network id and name. We will inspect network details with docker network inspect bridge. The output looks like;

[
{
"Name": "bridge",
"Id": "e3236346c26eb6605584321c4e65374d114a4c992d9c4b612f5e26d44866b90f",
"Created": "2018-07-31T10:10:03.383336661Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.17.0.0/16",
"Gateway": "172.17.0.1"
}
]
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}
]

By default, container are connecting to the bridge network when we create a new container.

Docker Compose Network

We created sample docker-compose.yml file look like below, it’s pretty simple;

version: '3.6'

services:
api-gateway:
container_name: api-gateway
image: api-gateway
ports:
- 9090:8080
restart:
on-failure

Let’s run it via docker-compose up -d;

➜ ~ docker-compose up -d
Creating network "caysever_default" with the default driver
Creating api-gateway ... done
➜ ~

Docker created “caysever_default” network for us. “caysever” is the name of the directory where the docker-compose.yml file is located. We will override this network name with the project name parameter.

➜ ~ docker-compose -p aakkus up -d
Creating network "aakkus_default" with the default driver
Creating api-gateway ... done

Let’s typing docker network ls and inspect created new network;

➜ ~ docker network ls
NETWORK ID NAME DRIVER SCOPE
40d67218477f aakkus_default bridge local
e3236346c26e bridge bridge local
d258b6665135 cuzdan_network bridge local
9cafca499f94 host host local
c12cf623f7e1 none null local
➜ ~ docker network inspect aakkus_default
[
{
"Name": "aakkus_default",
"Id": "40d67218477f9688e1d4c2536d921c4de9b3a3baf7d7d6b2cbe9a483a9a6d75c",
"Created": "2018-08-04T21:01:51.0097888Z",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.20.0.0/16",
"Gateway": "172.20.0.1"
}
]
},
"Internal": false,
"Attachable": true,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"464b5c40b7bf0ebb797938fa9d6b34c2ab576ee6a6be2014188b4cb638e7e5e1": {
"Name": "api-gateway",
"EndpointID": "784ac4aabff13038ad6705116c2272e5c321ebe7fddc7d1fa0a63b66011b13cd",
"MacAddress": "02:42:ac:14:00:02",
"IPv4Address": "172.20.0.2/16",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "aakkus",
"com.docker.compose.version": "1.22.0"
}
}
]
➜ ~

We will see one container is attached to this network. It’s our container 😀

We will use the existing network for all containers in the docker-compose file.

Create a network on the docker engine and modify file;

Latest compose file;

version: '3.6'

services:
api-gateway:
container_name: api-gateway
image: api-gateway
ports:
- 9090:8080
restart:
on-failure
networks:
default:
external:
name: test

And run it;

➜ ~ docker network create test
f8dd3acecc9f55c8677b81cd4a73d5cc615f16e9044f4ffc9b4abfeb9eb11efa
➜ ~ docker-compose up -d
Creating api-gateway ... done
➜ ~

Note : When we use the default network without any existing network, docker-compose down command will remove the created network. But when we use the existing network, docker skipping remove our network.

Note 2 : We will also define custom ip address in compose file for services.

We will also define a custom network instead of use default. As;

version: '3.6'

services:
api-gateway:
container_name: api-gateway
image: api-gateway
networks:
- gateway
ports:
- 9090:8080
restart:
on-failure
networks:
gateway: {}

And run it;

➜ ~ docker-compose up -d
Creating network "caysever_gateway" with the default driver
Creating api-gateway ... done
➜ ~

By default, all containers in the same network can reach each other.

Modify compose file as below;

version: '3.6'

services:
api-gateway:
container_name: api-gateway
image: api-gateway
networks:
- gateway
ports:
- 9090:8080
restart:
on-failure
api-gateway-replica:
container_name: api-gateway-replica
image: api-gateway
networks:
- gateway
ports:
- 9092:8080
restart:
on-failure
networks:
gateway: {}

We created a new service called api-gateway-replica. We use the same image. Run them and connect to api-gateway from replica;

➜  ~ docker-compose up -d
Creating api-gateway-replica ... done
Creating api-gateway         ... done
➜  ~ docker-compose exec api-gateway-replica /bin/sh
/ # ping api-gateway
PING api-gateway (172.22.0.3): 56 data bytes
64 bytes from 172.22.0.3: seq=0 ttl=64 time=0.372 ms
64 bytes from 172.22.0.3: seq=1 ttl=64 time=0.127 ms
➜  ~

Note: We can reach other containers by service name. The docker organizes the iptable so that the containers can reach each other.

Furthermore, we can prevent containers from reaching each other for the same business policy. Modify the compose file;

version: '3.6'

services:
api-gateway:
container_name: api-gateway
image: api-gateway
networks:
- gateway
ports:
- 9090:8080
restart:
on-failure
api-gateway-replica:
container_name: api-gateway-replica
image: api-gateway
networks:
- gateway-replica
ports:
- 9092:8080
restart:
on-failure
networks:
gateway: {}
gateway-replica: {}

We created a new network and separate containers to different networks. We must be unable to reach the other container.

➜ ~ docker-compose up -d
Creating network "caysever_gateway-replica" with the default driver
Creating api-gateway ... done
Creating api-gateway-replica ... done
➜ ~ docker-compose exec api-gateway-replica /bin/sh
/ # ping api-gateway
ping: bad address 'api-gateway'
/ # % ➜ ~

As you can see above we couldn’t reach to api-gateway container due to they are connected to the different network.

I hope this post useful for you. See you at next posts