Container-to-container communication

In this scenario, we would focus on the communications between containers within single Pod:

  1. Let's create two containers in one Pod: a nginx web application and a CentOS, which checks port 80 on localhost:
// configuration file of creating two containers within a pod
$ cat two-container-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: two-container
spec:
  containers:
    - name: web
      image: nginx
      ports:
        - containerPort: 80
          hostPort: 80
    - name: centos
      image: centos
      command: ["/bin/sh", "-c", "while : ;do curl http://localhost:80/; sleep 30; done"]

// create the pod
$ kubectl create -f two-container-pod.yaml
pod "two-container" created
// check the status of the newly-created Pod
$ kubectl get pod two-container
NAME            READY     STATUS    RESTARTS   AGE
two-container   2/2       Running   0          5s

We see the count in the READY column becomes 2/2, since there are two containers inside this Pod.

  1. Using the kubectl describe command, we may see the details of the Pod:
$ kubectl describe pod two-container
Name:         two-container
Namespace:    default
Node:         ubuntu02/192.168.122.102
Start Time:   Sat, 05 May 2018 18:28:22 -0400
Labels:       <none>
Annotations:  <none>
Status:       Running
IP:           192.168.79.198
Containers:
  web:
    Container ID:   docker://e832d294f176f643d604445096439d485d94780faf60eab7ae5d3849cbf15d75
...
  centos:
    Container ID:  docker://9e35275934c1acdcfac4017963dc046f9517a8c1fc972df56ca37e69d7389a72
...

We can see that the Pod is run on node ubuntu02 and that its IP is 192.168.79.198.

  1. Also, we may find that the Centos container can access the nginx on localhost:
$ kubectl logs two-container centos | grep "title"
<title>Welcome to nginx!</title>
...
  1. Let's log in to node ubuntu02 to check the network setting of these two containers:
// list containers of the Pod
$ docker ps | grep "two-container"
9e35275934c1        centos                                      "/bin/sh -c 'while..."   11 hours ago        Up 11 hours                             k8s_centos_two-container_default_113e727f-f440-11e7-ac3f-525400a9d353_0
e832d294f176        nginx                                       "nginx -g 'daemon ..."   11 hours ago        Up 11 hours                             k8s_web_two-container_default_113e727f-f440-11e7-ac3f-525400a9d353_0
9b3e9caf5149        gcr.io/google_containers/pause-amd64:3.1    "/pause"                 11 hours ago        Up 11 hours                             k8s_POD_two-container_default_113e727f-f440-11e7-ac3f-525400a9d353_0

Now, we know that the two containers created are 9e35275934c1 and e832d294f176. On the other hand, there is another container, 9b3e9caf5149, that is created by Kubernetes with the Docker image gcr.io/google_containers/pause-amd64. We will introduce it later. Thereafter, we may get a detailed inspection of the containers with the command docker inspect, and by adding the command jq (https://stedolan.github.io/jq/) as a pipeline, we can parse the output information to show network settings only.

  1. Taking a look at both containers covered in the same Pod:
// inspect the nginx container, and use jq to parse it
$ docker inspect e832d294f176 | jq '.[]| {NetworkMode: .HostConfig.NetworkMode, NetworkSettings: .NetworkSettings}'
{
  "NetworkMode": "container:9b3e9caf5149ffb0ec14c1ffc36f94b2dd55b223d0d20e4d48c4e33228103723",
  "NetworkSettings": {
    "Bridge": "",
    "SandboxID": "",
    "HairpinMode": false,
    "LinkLocalIPv6Address": "",
    "LinkLocalIPv6PrefixLen": 0,
    "Ports": {},
    "SandboxKey": "",
    "SecondaryIPAddresses": null,
    "SecondaryIPv6Addresses": null,
    "EndpointID": "",
    "Gateway": "",
    "GlobalIPv6Address": "",
    "GlobalIPv6PrefixLen": 0,
    "IPAddress": "",
    "IPPrefixLen": 0,
    "IPv6Gateway": "",
    "MacAddress": "",
    "Networks": {}
  }
}
// then inspect the centos one
$ docker inspect 9e35275934c1 | jq '.[]| {NetworkMode: .HostConfig.NetworkMode, NetworkSettings: .NetworkSettings}'
{
  "NetworkMode": "container:9b3e9caf5149ffb0ec14c1ffc36f94b2dd55b223d0d20e4d48c4e33228103723",
...

We can see that both containers have identical network settings; the network mode is set to mapped container mode, leaving the other configurations cleaned. The network bridge container is container:9b3e9caf5149ffb0ec14c1ffc36f94b2dd55b223d0d20e4d48c4e33228103723. What is this container? It is the one created by Kubernetes, container ID 9b3e9caf5149, with the image gcr.io/google_containers/pause-amd64.

What does the container "pause" do?
Just as its name suggests, this container does nothing but "pause". However, it preserves the network settings, and the Linux network namespace, for the Pod. Anytime the container shutdowns and restarts, the network configuration will still be the same and not need to be recreated, because the "pause" container holds it. You can check its code and Dockerfile at https://github.com/kubernetes/kubernetes/tree/master/build/pause for more information.

The "pause" container is a network container, which is created when a Pod 

is created and used to handle the route of the Pod network. Then, two containers will share the network namespace with pause; that's why they see each other as localhost.

Create a network container in Docker
In Docker, you can easily make a container into a network container, sharing its network namespace with another container. Use the command line: $ docker run --network=container:<CONTAINER_ID or CONTAINER_NAME> [other options]. Then, you will be able to start a container which uses the network namespace of the assigned container.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset