Differences between revisions 1 and 2
Revision 1 as of 2023-04-06 15:11:55
Size: 2337
Editor: DominicRicottone
Comment:
Revision 2 as of 2023-04-06 15:21:54
Size: 1889
Editor: DominicRicottone
Comment:
Deletions are marked like this. Additions are marked like this.
Line 49: Line 49:
And to destroy a network, try: To destroy a network, try:
Line 55: Line 55:
----
Line 57: Line 58:
=== Communication ===
== Communication ==



=== From Host To Container ===
Line 66: Line 72:


=== Between Containers ===
Line 71: Line 81:

Beyond this singular case, communication between any two containers would require discovering the ephemeral port numbers and establishing `iptables` routing rules between them.
Line 78: Line 90:
To facilitate communication between containers without exposing them to the full capabilities and insecurities of a network, `podman(1)` introduces the concept of '''pods'''.

Within a pod, containers act like they are running on the same machine. They can communicate to each other through `localhost` and conventional [[Linux]] networking.

{{{
$ podman run --detach --name my-nginx \
    --pod new:my-pod \
    nginx:latest
$ podman run --interactive --tty --name my-alpine \
    --pod my-pod \
    alpine:latest
# apk add curl
[ ... ]
# curl http://localhost
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
[ ... ]
}}}

Note that containers within a pod must avoid already-bound ports.
 See [[Podman/Pods|here]].

Podman Networking

podman(1) has different approaches to networking depending on whether the containers are run by root.

Contents

  1. Podman Networking
    1. Networks
      1. Custom Networks
    2. Communication
      1. From Host To Container
      2. Between Containers
    3. Pods

Networks

The default networking behavior of podman(1) is configured by /usr/share/containers/libpod.conf and /etc/containers/libpod.conf. Local configurations should be made to the latter only.

All networks, including the default network, are installed to /etc/cni/net.d/.

Non-root containers always use the default network and never have their own IP address.

Custom Networks

To create a new network, try: 

sudo podman network create my-net

A container can be created on a custom network by specifying the --network option. 

sudo podman run --detach --name my-nginx \
  --network=my-net \
  nginx:latest

A running container can be attached to a custom network like: 

sudo podman network connect my-net my-nginx

To list the currently-configured networks, try: 

sudo podman network ls

To destroy a network, try: 

sudo podman network rm my-net

Communication

From Host To Container

Containers listen on an ephemeral host port. To discover the the port number, try: 

sudo podman port my-container
sudo podman port --all

Between Containers

Within a network, root containers can communicate with one another using their LAN IP addresses. To discover the IP of a container, try: 

sudo podman inspect --format "{{.NetworkSettings.IPAddress}}" my-container

Beyond this singular case, communication between any two containers would require discovering the ephemeral port numbers and establishing iptables routing rules between them.

Pods

See here.

CategoryRicottone

Podman/Networking (last edited 2023-04-06 15:21:54 by DominicRicottone)