Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 9. Managing a container network
Manage container networking to control communication between containers and external systems. With Podman, you can create, inspect, and manage networks to isolate traffic and help maintain security.
Container networking is managed by configuring and controlling how containers communicate with each other and external systems. Tools such as Podman enable the creation and operation of lightweight, isolated containers.
9.1. Listing container networks
View available container networks by using the podman network ls command. This displays the network names, drivers, and other configuration details for both root and rootless environments.
Podman works with two network behaviors - rootless and rootful:
- Rootless networking - the network is setup automatically, the container does not have an IP address.
- Rootful networking - the container has an IP address.
Prerequisites
The container-tools meta-package is installed.
Procedure
List all networks as a root user:
# podman network ls NETWORK ID NAME VERSION PLUGINS 2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning- By default, Podman provides a bridged network.
List of networks for a rootless user is the same as for a rootful user.
For more information, see the
podman-network-ls(1)man page on your system.
9.2. Inspecting a network
View detailed configuration of a specific network by using the podman network inspect command. This reveals settings like subnets, gateways, and enabled plugins.
Prerequisites
-
The
container-toolsmeta-package is installed.
Procedure
Inspect the default
podmannetwork:$ podman network inspect podman [ { "cniVersion": "0.4.0", "name": "podman", "plugins": [ { "bridge": "cni-podman0", "hairpinMode": true, "ipMasq": true, "ipam": { "ranges": [ [ { "gateway": "10.88.0.1", "subnet": "10.88.0.0/16" } ] ], "routes": [ { "dst": "0.0.0.0/0" } ], "type": "host-local" }, "isGateway": true, "type": "bridge" }, { "capabilities": { "portMappings": true }, "type": "portmap" }, { "type": "firewall" }, { "type": "tuning" } ] } ]You can see the IP range, enabled plugins, type of network, and other network settings.
For more information, see the
podman-network-inspect(1)man page on your system.
9.3. Creating a network
Create custom networks for your containers by using the podman network create command. You can configure external access or create isolated internal networks for secure container communication.
By default, Podman creates an external network. You can create an internal network in which containers can communicate with other containers on the host, but cannot connect to the network outside the host nor be reached from it.
Prerequisites
-
The
container-toolsmeta-package is installed.
Procedure
Create the external network named
mynet:# podman network create mynet /etc/cni/net.d/mynet.conflist
Verification
List all networks:
# podman network ls NETWORK ID NAME VERSION PLUGINS 2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning 11c844f95e28 mynet 0.4.0 bridge,portmap,firewall,tuning,dnsnameYou can see the created
mynetnetwork and defaultpodmannetwork.
Beginning with Podman 4.0, the DNS plugin is enabled by default if you create a new external network by using the podman network create command.
Refer to podman-network-create(1) man page on your system for more information.
9.4. Connecting a container to a network
Attach a running container to an additional network by using the podman network connect command. This allows the container to communicate on multiple networks simultaneously.
Prerequisites
-
The
container-toolsmeta-package is installed. -
A network has been created by using the
podman network createcommand. - A container has been created.
Procedure
Connect a container named
mycontainerto a network namedmynet:# podman network connect mynet mycontainer
Verification
Verify that the
mycontaineris connected to themynetnetwork:# podman inspect --format='{{.NetworkSettings.Networks}}' mycontainer map[podman:0xc00042ab40 mynet:0xc00042ac60]You can see that
mycontaineris connected tomynetandpodmannetworks.
9.5. Disconnecting a container from a network
Detach a container from a specific network by using the podman network disconnect command. This stops the container from communicating on that network without stopping the container itself.
Prerequisites
-
The
container-toolsmeta-package is installed. -
A network has been created by using the
podman network createcommand. - A container is connected to a network.
Procedure
Disconnect the container named
mycontainerfrom the network namedmynet:# podman network disconnect mynet mycontainer
Verification
Verify that the
mycontaineris disconnected from themynetnetwork:# podman inspect --format='{{.NetworkSettings.Networks}}' mycontainer map[podman:0xc000537440]You can see that
mycontaineris disconnected from themynetnetwork,mycontaineris only connected to the defaultpodmannetwork.Refer to
podman-network-disconnect(1)man page on your system for more information.
9.6. Removing a network
Delete unused networks by using the podman network rm command. Note that you cannot remove a network if it is currently in use by any containers.
Prerequisites
-
The
container-toolsmeta-package is installed.
Procedure
List all networks:
# podman network ls NETWORK ID NAME VERSION PLUGINS 2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuning 11c844f95e28 mynet 0.4.0 bridge,portmap,firewall,tuning,dnsnameRemove the
mynetnetwork:# podman network rm mynet mynetNoteIf the removed network has associated containers with it, you have to use the
podman network rm -fcommand to delete containers and pods.
Verification
Check if
mynetnetwork was removed:# podman network ls NETWORK ID NAME VERSION PLUGINS 2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuningFor more information, see
podman-network-rm(1)man page on your system.
9.7. Removing all unused networks
Use the podman network prune to remove all unused networks. An unused network is a network which has no containers connected to it. The podman network prune command does not remove the default podman network.
Prerequisites
-
The
container-toolsmeta-package is installed.
Procedure
Remove all unused networks:
# podman network prune WARNING! This will remove all networks not used by at least one container. Are you sure you want to continue? [y/N] y
Verification
Verify that all networks were removed:
# podman network ls NETWORK ID NAME VERSION PLUGINS 2f259bab93aa podman 0.4.0 bridge,portmap,firewall,tuningFor more information, see the
podman-network-prune(1)man page on your system.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}