If you have been under a rock (like I was for a while!), Docker is a container technology and containers are very cool. Containers sparked my interest in the same way that virtualization did the first time I saw it. I really regret not getting into it sooner but better late than never. Seriously if you haven’t played with containers at all try it on a local system, VM, or use this really nifty site http://training.play-with-docker.com/
I considered trying to write a series for this but it became too fuzzy in my head about what would come first, second, etc. So instead I just decided to write some articles about some aspects of Docker networking. These will probably dovetail into more articles about containers and management in general but for now I wanted to address networking as this was confusing for me. This is a hefty one so I broke it into multiple pages vs the separate posts with links like normal.
Container networking is interesting in that if you aren’t a serious linux dude or dudette, it is likely that the underworkings will be pretty baffling to you. And simultaneously, it is likely that it will “just work,” although you may not fully understand how it is working and the extent of the connectivity. Contrarywise, if you are a serious linux dude or dudette and have your own secure configurations, you will probably understand it but it may break some of your configs. Like most things for me that “just work” I want to get at them from the bottom and see it working up to the top.
In this post we are going to do something very simple. I’m going to spin up a CentOS container on a VM and then examine some aspects of the network after I do that. I’m not going to be serving up any web or DB traffic as I want to start small. Believe me when I say there is a lot to digest even in this straightforward config.
As a reference, I’m running CentOS 7.3, selinux in permissive mode, firewalld disabled. All I’ve done on my base VM here is install vim, bridge-utils, and docker-ce (17.06.0-ce). Docker is enabled (systemctl enable docker) and started (systemctl start docker) without any additional configuration or modification from defaults. Again, as straightforward as it gets.
First we’ll check out the state of networking without running any containers.