I want to control communication between containers.
Imagine I have some container with app that listens on multiple ports. I want another container to be able to talk to a specific port of that app.
The way I tried doing it.
I can create a user defined bridge network for accessing a specific port of that app, and then add all other containers that I want to be able o talk to that port. But by default, all ports are exposed via bridge network. When connecting network to container, I can’t find a way I can expose only certain ports.
Also, there is a reverse situation. For example, a reverse-proxy routes it traffic through a custom bridge network. And all other containers can expose http ports only to that network.
Also, there is problem when 2 bridge networks exist between 2 containers. Since it’s unclear to which network will dns name resolve.
What are my options if I want to control not only which containers communicate with each other, but also control ports they are using.
You need a firewall software like ufw to restrict access to specific ports.
I am not sure I understand. Do you have an example?
You don’t need to use the default hostnames. If you call your container “server” and you have two networks like “br1” and “br2”, you can add an alias to your container on br1, let’s say “server_br1” and an other alias on br2, let’s say “server_br2” and use these domain names.
@rimelek already covered the network alias, which is the solution for “same container (names) in different networks” .
In docker all containers connected to a network can communicate freely with every port of each container connected to this network. Docker networks do not provide a portfilter of any sorts. Docker does not have a concept like kubernetes has with network policies.