Docker info pertaining to Windows

docker-for-windows.md

docker container port container_name

• Shows what port is exposed to the container

docker container inspect --format

• Shows the IP address of the container which by default is different from the host IP
• Using Windows shell you need to replace the single quotes with double quotes
  • i.e.
    • "{{.NetworkSettings.IPAddress}}"
• docker container inspect --format "{{.NetworkSettings.IPAddress}}" container_name

-p or Publish flag for exposing ports

• Publishing ports is always in HOST:CONTAINER format
• i.e.
  • docker container run -p 80:80 (exposes host port 80 to container port 80)

Container Networking

• docker network --help
  • Shows command options for docker network
• Can't listen on more than one port for multiple containers on the host network
  • i.e. Can't have 2 containers listening on port 80 at the host level
• -p flag exposes ports on the host to the physical network and then connects those ports to the docker container ports
• bridge or docker0 is the default Docker virtual network which is NAT'ed behind the Host IP address
  • --network bridge
• --network host
  • Gains performance by skipping virtual networks but sacrifices security of container model
  • Attaches container directly to the host interface
• --network none
  • Removes eth0 and only leaves you with localhost interface in container
• network driver
  • Built-in or 3rd party extensions that give you virtual network features
• When creating custom networks the default driver is bridge which can be changed

Docker Networks: CLI Management

• Show networks: docker network ls
• Inspect a network: docker network inspect
• Create a network: docker network create --driver
  • --driver is an optional driver that can be specified to create a new virtual network with built-in or third party drivers
• Attach a network to container: docker network connect
  • Dynamically creates a NIC in a container on an existing virtual network
  • docker network connect new_network_id existing_container_id
• Detach a network from container: docker network disconnect
  • docker network disconnect new_network_id existing_container_id

Docker Networks: Default Security

• Create apps so frontend/backend sit on same Docker network
• Their inter-communication never leaves host
• All externally exposed ports closed by default
• You must manually expose via -p, which is better default security

Docker Networks: DNS

• DNS Naming
  • Crucial to container/virtual network communications
  • Forget IP'S
    • Static IP's and using IP's for talking to containers is an anti-pattern. Do your best to avoid it.
  • Docker DNS
    • Docker daemon has a built-in DNS server that containers use by default
    • Docker uses container names as the equivalent of a host name for container communications between each other
  • DNS Default Names
    • Docker defaults the hostname to the container's name, but you can also set aliases
  • Container IP addresses can change but Container names stay the same
  • Bridge network drive does not have DNS server built-in by default
    • Use --link when creating a new container to link to another container with DNS running
    • But it is easier to create a new network that is using DNS by default
  • Recommended to always create custom networks
    • Docker Compose makes networking easier

DNS Round Robin

• Can have 2 different hosts with DNS aliases that respond to the same DNS name
• Multiple IP addreses and DNS records behind the name you are using on the internet
  • Companies like google use this technique to make sure the site is always up
• With the latest Docker Engine we can have multiple containers on a created network respond to the same DNS address