Docker

Docker Networking

Docker provides several networking modes to enable communication between containers and the outside world. Understanding these modes is crucial for setting up and managing containerized applications.

1. Bridge Network (Default)

• Description: The default networking mode where containers communicate with each other using their IP addresses on an isolated bridge network.
• Use Case: Ideal for simple, single-host deployments where containers need to communicate internally.
• Example: When you start a container without specifying a network, it automatically connects to the default bridge network.

2. Host Network

• Description: The container shares the host’s network stack, meaning it has direct access to the host’s network interfaces.
• Use Case: Useful for performance-sensitive applications where minimizing network latency is critical.
• Example: bash docker run --network host mycontainer

3. Overlay Network

• Description: Allows containers running on different Docker hosts to communicate securely. Typically used in multi-host Docker Swarm or Kubernetes setups.
• Use Case: Essential for distributed applications that require communication across multiple hosts.
• Example: Docker Swarm creates an overlay network automatically for services.

4. Macvlan Network

• Description: Assigns a MAC address to each container, making them appear as physical devices on the network.
• Use Case: Useful when you need containers to be treated as real devices on the physical network.
• Example: bash docker network create -d macvlan --subnet=192.168.1.0/24 mymacvlan

5. None Network

• Description: The container has no network interfaces, effectively isolating it from any network.
• Use Case: Security-focused scenarios where network isolation is required.
• Example: bash docker run --network none mycontainer

Important Note: When using Docker Swarm, you may encounter the "network not manually attachable" error when running a one-off command. This occurs because Swarm’s overlay networks are not manually attachable unless explicitly configured during creation. More details can be found in this StackOverflow discussion.

---

CMD vs ENTRYPOINT in Docker

Docker provides two main instructions for defining the command that runs when a container starts: CMD and ENTRYPOINT. While they appear similar, they serve distinct purposes.

1. CMD

• Description: Specifies the default command to execute when the container starts. It can be overridden by passing a different command when running the container.
• Use Case: Best used for providing default arguments to an entrypoint or for simple commands that might change at runtime.
• Example: bash docker run myimage [command] [args] This command overrides the default CMD defined in the Dockerfile.

2. ENTRYPOINT

• Description: Defines the command that will always run within the container. Unlike CMD, it cannot be overridden without the --entrypoint flag.
• Use Case: Useful when you need to ensure a specific command always runs, regardless of what command is provided at runtime.
• Example: bash docker run --entrypoint [my_entrypoint] myimage This command overrides the ENTRYPOINT defined in the Dockerfile.

Key Difference: ENTRYPOINT is designed to ensure a specific command always runs, while CMD is more flexible and can be overridden. For a deeper dive, check out this Habr article.

---

Multi-Architecture Docker Images with Buildx

Docker Buildx is an advanced tool that allows you to build Docker images for multiple architectures (such as ARM and x86) from a single Dockerfile.

1. Enabling Experimental Features

• Description: To use Buildx, Docker’s experimental features must be enabled.
• Use Case: Necessary for enabling advanced Docker capabilities like multi-architecture builds.
• Example: Instructions for enabling experimental features can be found here.

2. Setting Up Buildx

• Description: Buildx extends Docker with the ability to build multi-platform images.
• Use Case: Essential for developing applications that need to run on different CPU architectures.
• Example: bash docker buildx create --use docker buildx build --platform linux/amd64,linux/arm64 -t yourimage:latest --push .

3. Building Multi-Architecture Images

• Description: Use Buildx to build and push Docker images for multiple architectures from a single Dockerfile.
• Use Case: Useful for deploying containers across various hardware platforms.
• Example: bash docker buildx build --platform linux/amd64,linux/arm64 -t yourimage:latest --push .

Resources:

• Getting Started with Docker for ARM on Linux
• Building Multi-Architecture Docker Images with Buildx
• Docker ARM Support with Buildx and Emulator

---

This guide provides a comprehensive overview of Docker networking, the differences between CMD and ENTRYPOINT, and how to work with multi-architecture Docker images using Buildx. Whether you’re deploying simple containers or complex multi-architecture applications, these tools and techniques will help you get the most out of Docker.