Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 11. Communicating among containers

This chapter provides information about how to communicate among containers.

11.1. The network modes and layers

There are several different network modes in Podman:

  • bridge - creates another network on the default bridge network
  • container:<id> - uses the same network as the container with <id> id
  • host - uses the host network stack
  • network-id - uses a user-defined network created by the podman network create command
  • private - creates a new network for the container
  • slirp4nets - creates a user network stack with slirp4netns, the default option for rootless containers
Note

The host mode gives the container full access to local system services such as D-bus, a system for interprocess communication (IPC), and is therefore considered insecure.

11.2. Inspecting a network settings of a container

Use the podman inspect command with the --format option to display individual items from the podman inspect output.

Prerequisites

  • The container-tools module is installed.

Procedure

  1. Display the IP address of a container: 

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' containerName

  2. Display all networks to which container is connected: 

    # podman inspect --format='{{.NetworkSettings.Networks}}' containerName

  3. Display port mappings: 

    # podman inspect --format='{{.NetworkSettings.Ports}}' containerName

Additional resources

  • podman-inspect man page

11.3. Communicating between a container and an application

You can communicate between a container and an application. An application ports are in either listening or open state. These ports are automatically exposed to the container network, therefore, you can reach those containers using these networks. By default, the web server listens on port 80. Using this procedure, the myubi container communicates with the web-container application.

Prerequisites

  • The container-tools module is installed.

Procedure

  1. Start the container named web-container: 

    # podman run -dt --name=web-container docker.io/library/httpd

  2. List all containers: 

    # podman ps -a

CONTAINER ID  IMAGE                           COMMAND           CREATED        STATUS            PORTS       NAMES
b8c057333513  docker.io/library/httpd:latest  httpd-foreground  4 seconds ago  Up 5 seconds ago              web-container

  3. Inspect the container and display the IP address: 

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' web-container

10.88.0.2

  4. Run the myubi container and verify that web server is running: 

    # podman run -it --name=myubi ubi8/ubi curl 10.88.0.2:80

<html><body><h1>It works!</h1></body></html>

11.4. Communicating between a container and a host

By default, the podman network is a bridge network. It means that a network device is bridging a container network to your host network.

Prerequisites

Procedure

  1. Verify that the bridge is configured: 

    # podman network inspect podman | grep bridge

    "bridge": "cni-podman0",
    "type": "bridge"

  2. Display the host network configuration: 

    # ip addr show cni-podman0

6: cni-podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 62:af:a1:0a:ca:2e brd ff:ff:ff:ff:ff:ff
    inet 10.88.0.1/16 brd 10.88.255.255 scope global cni-podman0
       valid_lft forever preferred_lft forever
    inet6 fe80::60af:a1ff:fe0a:ca2e/64 scope link
       valid_lft forever preferred_lft forever

    You can see that the web-container has an IP of the cni-podman0 network and the network is bridged to the host.

  3. Inspect the web-container and display its IP address: 

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' web-container

10.88.0.2

  4. Access the web-container directly from the host: 

    $ curl 10.88.0.2:80

<html><body><h1>It works!</h1></body></html>

Additional resources

  • podman-network man page

11.5. Communicating between containers using port mapping

The most convenient way to communicate between two containers is to use published ports. Ports can be published in two ways: automatically or manually.

Prerequisites

  • The container-tools module is installed.

Procedure

  1. Run the unpublished container: 

    # podman run -dt --name=web1 ubi8/httpd-24

  2. Run the automatically published container: 

    # podman run -dt --name=web2 -P ubi8/httpd-24

  3. Run the manually published container and publish container port 80: 

    # podman run -dt --name=web3 -p 9090:80 ubi8/httpd-24

  4. List all containers: 

    # podman ps

CONTAINER ID  IMAGE                                            COMMAND               CREATED         STATUS             PORTS                                             NAMES
f12fa79b8b39  registry.access.redhat.com/ubi8/httpd-24:latest  /usr/bin/run-http...  23 seconds ago  Up 24 seconds ago                                                    web1
9024d9e815e2  registry.access.redhat.com/ubi8/httpd-24:latest  /usr/bin/run-http...  13 seconds ago  Up 13 seconds ago  0.0.0.0:43595->8080/tcp, 0.0.0.0:42423->8443/tcp  web2
03bc2a019f1b  registry.access.redhat.com/ubi8/httpd-24:latest  /usr/bin/run-http...  2 seconds ago   Up 2 seconds ago   0.0.0.0:9090->80/tcp                              web3

    You can see that:

    • Container web1 has no published ports and can be reached only by container network or a bridge.

    • Container web2 has automatically mapped ports 43595 and 42423 to publish the application ports 8080 and 8443, respectively.

      Note

      The automatic port mapping is possible because the registry.access.redhat.com/8/httpd-24 image has the EXPOSE 8080 and EXPOSE 8443 commands in the Containerfile.

    • Container web3 has a manually published port. The host port 9090 is mapped to the container port 80.

  5. Display the IP addresses of web1 and web3 containers: 

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' web1
# podman inspect --format='{{.NetworkSettings.IPAddress}}' web3

  6. Reach web1 container using <IP>:<port> notation: 

    # curl 10.88.0.14:8080
...
<title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>
...

  7. Reach web2 container using localhost:<port> notation: 

    # curl localhost:43595
...
<title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>
...

  8. Reach web3 container using <IP>:<port> notation: 

    # curl 10.88.0.14:9090
...
<title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>
...

11.6. Communicating between containers using DNS

When a DNS plugin is enabled, use a container name to address containers.

Prerequisites

  • The container-tools module is installed.
  • A network with the enabled DNS plugin has been created using the podman network create command.

Procedure

  1. Run a receiver container attached to the mynet network: 

    # podman run -d --net mynet --name receiver ubi8 sleep 3000

  2. Run a sender container and reach the receiver container by its name: 

    # podman run -it --rm --net mynet --name sender alpine ping receiver

PING rcv01 (10.89.0.2): 56 data bytes
64 bytes from 10.89.0.2: seq=0 ttl=42 time=0.041 ms
64 bytes from 10.89.0.2: seq=1 ttl=42 time=0.125 ms
64 bytes from 10.89.0.2: seq=2 ttl=42 time=0.109 ms

    Exit using the CTRL+C.

You can see that the sender container can ping the receiver container using its name.

11.7. Communicating between two containers in a pod

All containers in the same pod share the IP addresses, MAC addresses and port mappings. You can communicate between containers in the same pod using localhost:port notation.

Prerequisites

  • The container-tools module is installed.

Procedure

  1. Create a pod named web-pod: 

    $ podman pod create --name=web-pod

  2. Run the web container named web-container in the pod: 

    $ podman container run -d --pod web-pod --name=web-container docker.io/library/httpd

  3. List all pods and containers associated with them: 

    $ podman ps --pod

CONTAINER ID  IMAGE                           COMMAND           CREATED        STATUS            PORTS       NAMES               POD ID        PODNAME
58653cf0cf09  k8s.gcr.io/pause:3.5                              4 minutes ago  Up 3 minutes ago              4e61a300c194-infra  4e61a300c194  web-pod
b3f4255afdb3  docker.io/library/httpd:latest  httpd-foreground  3 minutes ago  Up 3 minutes ago              web-container  4e61a300c194  web-pod

  4. Run the container in the web-pod based on the docker.io/library/fedora image: 

    $ podman container run -it --rm --pod web-pod docker.io/library/fedora curl localhost

<html><body><h1>It works!</h1></body></html>

    You can see that the container can reach the web-container.

11.8. Communicating in a pod

You must publish the ports for the container in a pod when a pod is created.

Prerequisites

  • The container-tools module is installed.

Procedure

  1. Create a pod named web-pod: 

    # podman pod create --name=web-pod-publish -p 80:80

  2. List all pods: 

    # podman pod ls

POD ID        NAME         STATUS   CREATED        INFRA ID      # OF CONTAINERS
26fe5de43ab3  publish-pod  Created  5 seconds ago  7de09076d2b3  1

  3. Run the web container named web-container inside the web-pod: 

    # podman container run -d --pod web-pod-publish --name=web-container docker.io/library/httpd

  4. List containers 

    # podman ps

CONTAINER ID  IMAGE                    COMMAND           CREATED             STATUS             PORTS               NAMES
7de09076d2b3  k8s.gcr.io/pause:3.5                       About a minute ago  Up 23 seconds ago  0.0.0.0:80->80/tcp  26fe5de43ab3-infra
088befb90e59  docker.io/library/httpd  httpd-foreground  23 seconds ago      Up 23 seconds ago  0.0.0.0:80->80/tcp  web-container

  5. Verify that the web-container can be reached: 

    $ curl localhost:80

<html><body><h1>It works!</h1></body></html>

11.9. Attaching a pod to the container network

Attach containers in pod to the network during the pod creation.

Prerequisites

  • The container-tools module is installed.

Procedure

  1. Create a network named pod-net: 

    # podman network create pod-net

/etc/cni/net.d/pod-net.conflist

  2. Create a pod web-pod: 

    # podman pod create --net pod-net --name web-pod

  3. Run a container named web-container inside the web-pod: 

    # podman run -d --pod webt-pod --name=web-container docker.io/library/httpd

  4. Optional. Display the pods the containers are associated with: 

    # podman ps -p

CONTAINER ID  IMAGE                           COMMAND           CREATED        STATUS            PORTS       NAMES               POD ID        PODNAME
b7d6871d018c   registry.access.redhat.com/ubi8/pause:latest                             9 minutes ago  Up 6 minutes ago              a8e7360326ba-infra  a8e7360326ba  web-pod
645835585e24  docker.io/library/httpd:latest  httpd-foreground  6 minutes ago  Up 6 minutes ago              web-container    a8e7360326ba  web-pod

Verification

  • Show all networks connected to the container: 

    # podman ps --format="{{.Networks}}"

pod-net