{"id":15111,"date":"2022-09-26T07:19:26","date_gmt":"2022-09-26T07:19:26","guid":{"rendered":"https:\/\/www.insentragroup.com\/us\/?p=15111"},"modified":"2024-12-13T02:01:25","modified_gmt":"2024-12-13T02:01:25","slug":"configuring-podman-for-inter-container-communication","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/us\/insights\/geek-speak\/modern-workplace\/configuring-podman-for-inter-container-communication\/","title":{"rendered":"Configuring Podman for Inter-container Communication"},"content":{"rendered":"\n<p>Following on from my previous blog article, <a href=\"https:\/\/www.insentragroup.com\/au\/insights\/geek-speak\/modern-workplace\/deploying-xwiki-using-podman-pod\/\">Deploying Xwiki using Podman Pod,<\/a> this blog article explains how to configure Podman containers to use hostnames in inter-container communication.<br><br>Podman offers a sub-command for managing container networks, which can be do through rootfull or rootless networking. I will stick to rootfull networking for the time being, but I will go into more detail about rootless networking a bit later.<\/p>\n\n\n\n<p>Let\u2019s verify what networks are available out-of-the-box after installing Podman:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman network ls\r\nNETWORK ID    NAME        DRIVER\r\n2f259bab93aa  podman      bridge\r\n \r\n&#91;root@test system]# podman network inspect podman\r\n&#91;\r\n     {\r\n          \"name\": \"podman\",\r\n          \"id\": \"2f259bab93aaaaa2542ba43ef33eb990d0999ee1b9924b557b7be53c0b7a1bb9\",\r\n          \"driver\": \"bridge\",\r\n          \"network_interface\": \"cni-podman0\",\r\n          \"created\": \"2022-06-30T06:33:42.39196519+10:00\",\r\n          \"subnets\": &#91;\r\n               {\r\n                    \"subnet\": \"10.88.0.0\/16\",\r\n                    \"gateway\": \"10.88.0.1\"\r\n               }\r\n          ],\r\n          \"ipv6_enabled\": false,\r\n          \"internal\": false,\r\n          \"dns_enabled\": false,\r\n          \"ipam_options\": {\r\n               \"driver\": \"host-local\"\r\n          }\r\n     }\r\n]\r\n<\/code><\/pre>\n\n\n\n<p>As demonstrated in the excerpt above, the network is already in place. This example shows us this default network has a name, id, driver and subnets.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>See what happens when you create a new network:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman network create lab-test\r\nlab-test\r\n&#91;root@test system]# podman network inspect lab-test\r\n&#91;\r\n     {\r\n          \"name\": \"lab-test\",\r\n          \"id\": \"4cafce838a4754e4d444fd8b84c19ca2e5e66b8c529d53be8b9ce072f6797c82\",\r\n          \"driver\": \"bridge\",\r\n          \"network_interface\": \"cni-podman2\",\r\n          \"created\": \"2022-06-30T06:36:45.074773593+10:00\",\r\n          \"subnets\": &#91;\r\n               {\r\n                    \"subnet\": \"10.89.1.0\/24\",\r\n                    \"gateway\": \"10.89.1.1\"\r\n               }\r\n          ],\r\n          \"ipv6_enabled\": false,\r\n          \"internal\": false,\r\n          \"dns_enabled\": true,\r\n          \"ipam_options\": {\r\n               \"driver\": \"host-local\"\r\n          }\r\n     }\r\n]\r\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>The very first difference is the option \u201cdns_enabled\u201d: true &#8211; this implies the dnsname plugin which is used for external networks has been used while creating this network.<\/li><li>The &#8220;dnsname&#8221; plugin allows addressing containers in this network by their container names. The \u2014disable-dns option can be used to override this behaviour.<\/li><li>There is one crucial step to enable dnsname plugin. You need to install podman-plugins:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>dnf install podman-plugins -y<\/code><\/pre>\n\n\n\n<p>The command above will install all the necessary Podman plugins alongside the dnsmasq package.<\/p>\n\n\n\n<p>The following example will present how you can use the dnsname plugin for inter-container communication.<\/p>\n\n\n\n<p>You will create two containers. Each container will use a specific name (container name), specified by the \u2014name parameter. For the sake of this exercise, you will also set the hostname for each container so it looks pretty when you attach to it.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>First container:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman run -dti --rm --name=web.example.net -h web.example.net --network=lab-test fedora\r\n36185a9269a66045cd5870f53482c09dc7bba71135355cc05c6317b47fdc0ff1\r\n&#91;root@test system]# podman ps\r\nCONTAINER ID  IMAGE                                     COMMAND     CREATED         STATUS             PORTS       NAMES\r\n36185a9269a6  registry.fedoraproject.org\/fedora:latest  \/bin\/bash   12 seconds ago  Up 13 seconds ago              web.example.net\r<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Second container:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman run -dti --rm --name=ptr.example.net -h ptr.example.net --network=lab-test fedora\r\n36185a9269a66045cd5870f53482c09dc7bba71135355cc05c6317b47cdc0aa1\r\n&#91;root@test system]# podman ps\r\nCONTAINER ID  IMAGE                                     COMMAND     CREATED         STATUS             PORTS       NAMES\r\n36185a9269a6  registry.fedoraproject.org\/fedora:latest  \/bin\/bash   12 seconds ago  Up 13 seconds ago              web.example.net\r<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Connect to the ptr.example.net container, install ping and try to ping the web.example.net container:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman exec -it ptr.example.net \/bin\/bash\r\n&#91;root@ptr \/]# dnf install iputils -y\r<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Inspect \/etc\/resolv.conf<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ptr \/]# cat \/etc\/resolv.conf \r\nsearch dns.podman example.net\r\nnameserver 10.89.1.1\r\nnameserver 192.168.100.1\r<\/code><\/pre>\n\n\n\n<p>As you can see, an additional nameserver has been added, including \u2018search dns.podman\u2019.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>\u00a0Verify if you can communicate with your web.example.net container using the container\u2019s name:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@ptr \/]# ping web.example.net\r\nPING web.example.net (10.89.1.2) 56(84) bytes of data.\r\n64 bytes from web.example.net (10.89.1.2): icmp_seq=1 ttl=64 time=0.055 ms\r\n64 bytes from web.example.net (10.89.1.2): icmp_seq=2 ttl=64 time=0.062 ms\r\n64 bytes from web.example.net (10.89.1.2): icmp_seq=3 ttl=64 time=0.080 ms\r<\/code><\/pre>\n\n\n\n<p>As indicated above &#8211; you can.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Verify if 10.89.1.2 is definitely the IP address allocated to the web.example.net container. You will exit the ptr container to inspect the web container:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman inspect web.example.net  | grep -i IPAddress\r\n               \"IPAddress\": \"\",\r\n                         \"IPAddress\": \"10.89.1.2\",\r<\/code><\/pre>\n\n\n\n<p>This implies the name of the container has been properly resolved to the IP address. Let us remove this container and start it again to ensure a new IP address is allocated.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman inspect web.example.net | grep -i IPAddress\r\n               \"IPAddress\": \"\",\r\n                         \"IPAddress\": \"10.89.1.4\",\r<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>You can see in the excerpt above the container has been assigned a new IPAddress: 10.89.1.4. I would like to confirm the dnsname plugin can resolve the container name to this new IP address:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@test system]# podman exec -it ptr.example.net \/bin\/bash\r\n&#91;root@ptr \/]# ping web.example.net\r\nPING web.example.net (10.89.1.4) 56(84) bytes of data.\r\n64 bytes from web.example.net (10.89.1.4): icmp_seq=1 ttl=64 time=0.236 ms\r\n64 bytes from web.example.net (10.89.1.4): icmp_seq=2 ttl=64 time=0.090 ms\r\n64 bytes from web.example.net (10.89.1.4): icmp_seq=3 ttl=64 time=0.077 ms\r<\/code><\/pre>\n\n\n\n<p>And voila, it does!<\/p>\n\n\n\n<p>I hope you found this brief step-by-step guide to be helpful in enabling DNS resolution for your internal container network.<\/p>\n\n\n\n<p>You can check out our <a href=\"https:\/\/www.insentragroup.com\/us\/services\/professional-services\/\" target=\"_blank\" rel=\"noreferrer noopener\">Professional Services<\/a> for more insights on Insentra, or for an in-depth look at your internal container network by one of our expert consultants, please <a href=\"https:\/\/www.insentragroup.com\/us\/contact\/\">contact us<\/a>.<\/p>\n\n\n\n<style>\nbody .wp-block-code>code {\n    color: #000;\n    background: #ccc;\n}\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>In this blog article, Sebastian covers how you can communicate between a container and the host for inter-container communication.<\/p>\n","protected":false},"author":67,"featured_media":15114,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[19],"tags":[],"class_list":["post-15111","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-modern-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/15111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/users\/67"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/comments?post=15111"}],"version-history":[{"count":1,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/15111\/revisions"}],"predecessor-version":[{"id":15113,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/posts\/15111\/revisions\/15113"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media\/15114"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/media?parent=15111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/categories?post=15111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/us\/wp-json\/wp\/v2\/tags?post=15111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}