My docker host is part of the local network 192.168.178.0/24.
Is there a way to run a container that becomes a part of the host network, but does not share the same ip as the host? So for example if the host has the ip 192.168.178.5 i'd like to provide 192.168.178.8 to the container without interfering with the docker host's network configuration.
since a docker container is by nature bound to use the networking stack of it's host, it also has to share the hosts IP to communicate with the network. For a one-container setup, the only solution should be to add a second NIC to the host and use that second NIC and the provided IP exclusively for your docker... But apart from that I don't see any solution that does not deeply mutilate the OSI model of your host's network stack and thus include some major side-effects :-/
Related
I'm using Docker to network together two containers and one of the containers needs to be able to access the host network for service discovery. I cannot use -net=host because that makes the other container inaccessible.
What I am looking for is essentially a way to add the host network as a "secondary" network to the docker container so it can access other containers, as well as the host network.
Hopefully that makes sense. Docker is still very new to me so I apologize if my explanation is lacking.
EDIT: To elaborate more on the kind of discovery I need, basically I am running Plex media server inside a container and PlexConnect inside another container. In order for PlexConnect to be able to detect the right IP for Plex, it needs to be able to access the 192.168 local network of the host since it serves as the DNS for an AppleTV outside the Docker network.
So containers are as follows:
Plex (bridge mode and binds to the host port 192.168.1.100:32400)
PlexConnect (separate subnet of bridge mode, needs to be able to access 192.168.1.100:32400)
tl;dr I need what BMitch suggested below but the docker-compose version.
I want to assign IP addresses to my docker containers, at the same level as the physical host. i.e. if the IP adress of the host is 192.168.1.101 I would like to give the docker containers IP addresses of 192.168.1.102,103,104 etc.
Essentially I am looking for a functionality similar to bridged networking in VMWare/Virtualbox etc.
Any ideas how we can go about doing this?
Docker's default bridge network allows you to NAT your containers into the physical network.
To achieve what you want, use Pipework or, if you are cutting edge, you can try the docker macvlan driver which is, for now, experimental.
To quote docker docs:
The host network adds a container on the hosts network stack. You’ll
find the network configuration inside the container is identical to
the host.
When starting the container just say --net=host. Check this link. You can't actually assign a static IP when starting with that parameter, but you can give the container a hostname with --hostname, which is at the very least equally useful as knowing the IP. Also you can add more entries to /etc/hosts with --add-host.
We have a set of docker containers spread across the several hosts. Some containers are part of the same logical group, i.e. network so containers should be able to talk directly, accessing each other IP and Port (which is randomized by docker).
The situation is similar to when you use networks in Docker 1.10 and docker-compose 1.6x on one host, but spread on many hosts.
I know swarm with etcd/zookeeper can manage and connect the cluster of dockers, but I don't know how my app in one container would know about the IP address and port of the other part in other container on the other host.
Your app doesn't need to know the IP address of the container. You can use the service name or some other alias as the hostname. The embedded DNS server will resolve it to the correct IP address.
With this setup you don't need host ports at all, so you'll already know the port because it's a static value.
Multi-host networking for Docker is covered in this tutorial: https://docs.docker.com/engine/userguide/networking/get-started-overlay/
I have a use-case where my Docker container's second interface needs to share the interface of the host's second network interface. Is this possible using docker network connect? If so, how would it be done?
May not be the answer, but a bit too long to explain in a comment
If I were you I would:
Start the container with --net=host
Start up the container by sharing the host stack IP:
user#host:~$ docker run --name=c0 --net=host docker-image
Plug it in into the network
With the command
user#host:~$ docker network connect mynet c0
But I just tried it and here is the error message:
Error response from daemon: Container sharing network namespace with another container or host cannot be connected to any other network
As this is not working I guess it is not (yet?) possible. I suggest you to work around your need of the host stack IP (which must be consider as insecure btw).
Why do you need the host stack IP?
Im curious to know what the best method would be to access containers on a Docker overlay network, from the host machine that's running the daemon.
I previously used Weave, and would expose a weave IP to the host machine, so that utilities running on the host machine can access containers on the Weave IP address space.
Id like to be able to address containers using their overlay assigned IP address, from the host machine (not from within the containers themselves).
One way would be to expose ports on the containers themselves, but Id like to access them via paths that the container expects when running in its production network.
new:
I figured out that I can access containers over the docker_gwbridge, who's IP is 172.18.0.1. So if the container overlay network IP is 10.0.0.10 then it can be accessed from host on the IP 172.18.0.10
Is this the best way to address containers?
helpful:
Different Docker 1.9 networks talk to each other?