Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 10. Communicating among containers


Learn about establishing communication between containers, applications, and host systems leveraging port mapping, DNS resolution, or orchestrating communication within pods.

10.1. The network modes and layers

There are several different network modes in Podman:

  • bridge - creates another network on the default bridge network
  • container:<id> - uses the same network as the container with <id> id
  • host - uses the host network stack
  • network-id - uses a user-defined network created by the podman network create command
  • private - creates a new network for the container
  • slirp4nets - creates a user network stack with slirp4netns, the default option for rootless containers
  • pasta - high performance replacement for slirp4netns. You can use pasta beginning with Podman v4.4.1.
  • none - create a network namespace for the container but do not configure network interfaces for it. The container has no network connectivity.
  • ns:<path> - path to a network namespace to join
Note

The host mode gives the container full access to local system services such as D-bus, a system for interprocess communication (IPC), and is therefore considered insecure.

10.2. Differences between slirp4netns and pasta

Notable differences of pasta network mode compared to slirp4netns include:

  • pasta supports IPv6 port forwarding.
  • pasta is more efficient than slirp4netns.
  • pasta copies IP addresses from the host, while slirp4netns uses a predefined IPv4 address.
  • pasta uses an interface name from the host, while slirp4netns uses tap0 as interface name.
  • pasta uses the gateway address from the host, while slirp4netns defines its own gateway address and uses NAT.
Note

The default network mode for rootless containers is slirp4netns.

10.3. Setting the network mode

You can use the podman run command with the --network option to select the network mode.

Prerequisites

  • The container-tools module is installed.

Procedure

  1. Optional: If you want to use the pasta network mode, install the passt package:

    $ {PackageManager} install passt
    Copy to Clipboard Toggle word wrap
  2. Run the container based on the registry.access.redhat.com/ubi10/ubi image:

    $ podman run --network=<netwok_mode> -d --name=myubi registry.access.redhat.com/ubi9/ubi
    Copy to Clipboard Toggle word wrap

    The <netwok_mode> is the required network mode. Alternatively, you can use the default_rootless_network_cmd option in the containers.conf file to switch the default network mode.

Note

The default network mode for rootless containers is slirp4netns.

Verification

  • Verify the setting of the network mode:

    $ podman inspect --format {{.HostConfig.NetworkMode}} myubi
    <netwok_mode>
    Copy to Clipboard Toggle word wrap

10.4. Inspecting a network settings of a container

Use the podman inspect command with the --format option to display individual items from the podman inspect output.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Display the IP address of a container:

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' <containerName>
    Copy to Clipboard Toggle word wrap
  2. Display all networks to which container is connected:

    # podman inspect --format='{{.NetworkSettings.Networks}}' <containerName>
    Copy to Clipboard Toggle word wrap
  3. Display port mappings:

    # podman inspect --format='{{.NetworkSettings.Ports}}' <containerName>
    Copy to Clipboard Toggle word wrap

10.5. Communicating between a container and an application

You can communicate between a container and an application. An application ports are in either listening or open state. These ports are automatically exposed to the container network, therefore, you can reach those containers using these networks. By default, the web server listens on port 80. Using this procedure, the myubi container communicates with the web-container application.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Start the container named web-container:

    # podman run -dt --name=web-container docker.io/library/httpd
    Copy to Clipboard Toggle word wrap
  2. List all containers:

    # podman ps -a
    
    CONTAINER ID  IMAGE                           COMMAND           CREATED        STATUS            PORTS       NAMES
    b8c057333513  docker.io/library/httpd:latest  httpd-foreground  4 seconds ago  Up 5 seconds ago              web-container
    Copy to Clipboard Toggle word wrap
  3. Inspect the container and display the IP address:

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' web-container
    
    10.88.0.2
    Copy to Clipboard Toggle word wrap
  4. Run the myubi container and verify that web server is running:

    # podman run -it --name=myubi ubi10/ubi curl 10.88.0.2:80
    
    <html><body><h1>It works!</h1></body></html>
    Copy to Clipboard Toggle word wrap

10.6. Communicating between a container and a host

By default, the podman network is a bridge network. It means that a network device is bridging a container network to your host network.

Prerequisites

Procedure

  1. Verify that the bridge is configured:

    # podman network inspect podman | grep bridge
    
        "type": "bridge"
    Copy to Clipboard Toggle word wrap
  2. Display the host network configuration:

    # ip addr show cni-podman0
    
    6: podman0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
        link/ether 62:af:a1:0a:ca:2e brd ff:ff:ff:ff:ff:ff
        inet 10.88.0.1/16 brd 10.88.255.255 scope global podman0
           valid_lft forever preferred_lft forever
        inet6 fe80::60af:a1ff:fe0a:ca2e/64 scope link
           valid_lft forever preferred_lft forever
    Copy to Clipboard Toggle word wrap

    You can see that the web-container has an IP of the podman0 subnet and the network is bridged to the host.

  3. Inspect the web-container and display its IP address:

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' web-container
    
    10.88.0.2
    Copy to Clipboard Toggle word wrap
  4. Access the web-container directly from the host:

    $ curl 10.88.0.2:80
    
    <html><body><h1>It works!</h1></body></html>
    Copy to Clipboard Toggle word wrap

10.7. Communicating between containers using port mapping

The most convenient way to communicate between two containers is to use published ports. Ports can be published in two ways: automatically or manually.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Run the unpublished container:

    # podman run -dt --name=web1 ubi10/httpd-24
    Copy to Clipboard Toggle word wrap
  2. Run the automatically published container:

    # podman run -dt --name=web2 -P ubi10/httpd-24
    Copy to Clipboard Toggle word wrap
  3. Run the manually published container and publish container port 8080:

    # podman run -dt --name=web3 -p 8888:8080 ubi10/httpd-24
    Copy to Clipboard Toggle word wrap
  4. List all containers:

    # podman ps
    
    CONTAINER ID  IMAGE                                            COMMAND               CREATED         STATUS         PORTS                                             NAMES
    db23e8dabc74  registry.access.redhat.com/ubi9/httpd-24:latest  /usr/bin/run-http...  23 seconds ago  Up 23 seconds  8080/tcp, 8443/tcp                                web1
    1824b8f0a64b  registry.access.redhat.com/ubi9/httpd-24:latest  /usr/bin/run-http...  18 seconds ago  Up 18 seconds  0.0.0.0:33127->8080/tcp, 0.0.0.0:37679->8443/tcp  web2
    39de784d917a  registry.access.redhat.com/ubi9/httpd-24:latest  /usr/bin/run-http...  5 seconds ago  Up 5 seconds  0.0.0.0:8888->8080/tcp, 8443/tcp                  web3
    Copy to Clipboard Toggle word wrap

    You can see that:

    • Container web1 has no published ports and can be reached only by container network or a bridge.
    • Container web2 has automatically mapped ports 43595 and 42423 to publish the application ports 8080 and 8443, respectively.

      Note

      The automatic port mapping is possible because the registry.access.redhat.com/10/httpd-24 image has the EXPOSE 8080 and EXPOSE 8443 commands in the Containerfile.

    • Container web3 has a manually published port. The host port 8888 is mapped to the container port 8080.
  5. Display the IP addresses of web1 and web3 containers:

    # podman inspect --format='{{.NetworkSettings.IPAddress}}' web1
    # podman inspect --format='{{.NetworkSettings.IPAddress}}' web3
    Copy to Clipboard Toggle word wrap
  6. Reach web1 container using <IP>:<port> notation:

    # curl 10.88.0.2:8080
    ...
    <title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>
    ...
    Copy to Clipboard Toggle word wrap
  7. Reach web2 container using localhost:<port> notation:

    # curl localhost:43595
    ...
    <title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>
    ...
    Copy to Clipboard Toggle word wrap
  8. Reach web3 container using <IP>:<port> notation:

    # curl 10.88.0.4:8080
    ...
    <title>Test Page for the HTTP Server on Red Hat Enterprise Linux</title>
    ...
    Copy to Clipboard Toggle word wrap

10.8. Communicating between containers using DNS

When a DNS plugin is enabled, use a container name to address containers.

Prerequisites

  • The container-tools meta-package is installed.
  • A network with the enabled DNS plugin has been created by using the podman network create command.

Procedure

  1. Run a receiver container attached to the mynet network:

    # podman run -d --net mynet --name receiver ubi9 sleep 3000
    Copy to Clipboard Toggle word wrap
  2. Run a sender container and reach the receiver container by its name:

    # podman run -it --rm --net mynet --name sender alpine ping receiver
    
    PING rcv01 (10.89.0.2): 56 data bytes
    64 bytes from 10.89.0.2: seq=0 ttl=42 time=0.041 ms
    64 bytes from 10.89.0.2: seq=1 ttl=42 time=0.125 ms
    64 bytes from 10.89.0.2: seq=2 ttl=42 time=0.109 ms
    Copy to Clipboard Toggle word wrap

    Exit using the CTRL+C.

You can see that the sender container can ping the receiver container using its name.

10.9. Communicating between two containers in a pod

All containers in the same pod share the IP addresses, MAC addresses and port mappings. You can communicate between containers in the same pod using localhost:port notation.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Create a pod named web-pod:

    $ podman pod create --name=web-pod
    Copy to Clipboard Toggle word wrap
  2. Run the web container named web-container in the pod:

    $ podman container run -d --pod web-pod --name=web-container docker.io/library/httpd
    Copy to Clipboard Toggle word wrap
  3. List all pods and containers associated with them:

    $ podman ps --pod
    
    CONTAINER ID  IMAGE                           COMMAND           CREATED        STATUS            PORTS       NAMES               POD ID        PODNAME
    58653cf0cf09  k8s.gcr.io/pause:3.5                              4 minutes ago  Up 3 minutes ago              4e61a300c194-infra  4e61a300c194  web-pod
    b3f4255afdb3  docker.io/library/httpd:latest  httpd-foreground  3 minutes ago  Up 3 minutes ago              web-container  4e61a300c194  web-pod
    Copy to Clipboard Toggle word wrap
  4. Run the container in the web-pod based on the docker.io/library/fedora image:

    $ podman container run -it --rm --pod web-pod docker.io/library/fedora curl localhost
    
    <html><body><h1>It works!</h1></body></html>
    Copy to Clipboard Toggle word wrap

    You can see that the container can reach the web-container.

10.10. Communicating in a pod

You must publish the ports for the container in a pod when a pod is created.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Create a pod named web-pod:

    # podman pod create --name=web-pod-publish -p 80:80
    Copy to Clipboard Toggle word wrap
  2. List all pods:

    # podman pod ls
    
    POD ID        NAME         STATUS   CREATED        INFRA ID      # OF CONTAINERS
    26fe5de43ab3  publish-pod  Created  5 seconds ago  7de09076d2b3  1
    Copy to Clipboard Toggle word wrap
  3. Run the web container named web-container inside the web-pod:

    # podman container run -d --pod web-pod-publish --name=web-container docker.io/library/httpd
    Copy to Clipboard Toggle word wrap
  4. List containers

    # podman ps
    
    CONTAINER ID  IMAGE                    COMMAND           CREATED             STATUS             PORTS               NAMES
    7de09076d2b3  k8s.gcr.io/pause:3.5                       About a minute ago  Up 23 seconds ago  0.0.0.0:80->80/tcp  26fe5de43ab3-infra
    088befb90e59  docker.io/library/httpd  httpd-foreground  23 seconds ago      Up 23 seconds ago  0.0.0.0:80->80/tcp  web-container
    Copy to Clipboard Toggle word wrap
  5. Verify that the web-container can be reached:

    $ curl localhost:80
    
    <html><body><h1>It works!</h1></body></html>
    Copy to Clipboard Toggle word wrap

10.11. Attaching a pod to the container network

Attach containers in pod to the network during the pod creation.

Prerequisites

  • The container-tools meta-package is installed.

Procedure

  1. Create a network named pod-net:

    # podman network create pod-net
    
    /etc/cni/net.d/pod-net.conflist
    Copy to Clipboard Toggle word wrap
  2. Create a pod web-pod:

    # podman pod create --net pod-net --name web-pod
    Copy to Clipboard Toggle word wrap
  3. Run a container named web-container inside the web-pod:

    # podman run -d --pod webt-pod --name=web-container docker.io/library/httpd
    Copy to Clipboard Toggle word wrap
  4. Optional: Display the pods the containers are associated with:

    # podman ps -p
    
    CONTAINER ID  IMAGE                           COMMAND           CREATED        STATUS            PORTS       NAMES               POD ID        PODNAME
    b7d6871d018c   registry.access.redhat.com/ubi10/pause:latest                             9 minutes ago  Up 6 minutes ago              a8e7360326ba-infra  a8e7360326ba  web-pod
    645835585e24  docker.io/library/httpd:latest  httpd-foreground  6 minutes ago  Up 6 minutes ago              web-container    a8e7360326ba  web-pod
    Copy to Clipboard Toggle word wrap

Verification

  • Show all networks connected to the container:

    # podman ps --format="{{.Networks}}"
    
    pod-net
    Copy to Clipboard Toggle word wrap

10.12. Setting HTTP Proxy variables for Podman

To pull images behind a proxy server, you must set HTTP Proxy variables for Podman. Podman reads the environment variable HTTP_PROXY to ascertain the HTTP Proxy information. HTTP proxy information can be configured as an environment variable or under /etc/profile.d.

Procedure

  • Set proxy variables for Podman. For example:

    • Unauthenticated proxy:

      # cat /etc/profile.d/unauthenticated_http_proxy.sh
      export HTTP_PROXY=http://192.168.0.1:3128
      export HTTPS_PROXY=http://192.168.0.1:3128
      export NO_PROXY=example.com,172.5.0.0/16
      Copy to Clipboard Toggle word wrap
    • Authenticated proxy:

      # cat /etc/profile.d/authenticated_http_proxy.sh
      export HTTP_PROXY=http://USERNAME:PASSWORD@192.168.0.1:3128
      export HTTPS_PROXY=http://USERNAME:PASSWORD@192.168.0.1:3128
      export NO_PROXY=example.com,172.5.0.0/16
      Copy to Clipboard Toggle word wrap
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat