Docs
/
Docker Kubernetes
Chapter 4
04 — Docker Networking
Network Types
| Driver | Use Case | Container Discovery |
|---|---|---|
| bridge (default) | Containers on same host | By container name (user-defined) |
| host | Container shares host network | N/A (same as host) |
| none | No networking | N/A |
| overlay | Multi-host (Swarm/K8s) | Across hosts |
Bridge Network (Default)
# Default bridge — containers can communicate by IP only
docker run -d --name web nginx
docker run -d --name api my-app
# api can reach web by IP, but NOT by name
# User-defined bridge — containers communicate by NAME (DNS)
docker network create my-network
docker run -d --name web --network my-network nginx
docker run -d --name api --network my-network my-app
# api can reach web at http://web:80 ✅
User-defined bridge:
┌─────────────────────────────┐
│ my-network (bridge) │
│ │
│ ┌─────┐ ┌─────┐ │
│ │ web │ ←──→ │ api │ │ (communicate by name)
│ │:80 │ │:3000│ │
│ └─────┘ └─────┘ │
└─────────────────────────────┘
Network Commands
# List networks
docker network ls
# Create network
docker network create my-network
docker network create --driver bridge --subnet 172.20.0.0/16 my-network
# Connect/disconnect running container
docker network connect my-network <container>
docker network disconnect my-network <container>
# Inspect
docker network inspect my-network
# Remove
docker network rm my-network
docker network prune # Remove unused networks
Port Mapping
# Map host port to container port
docker run -p 8080:80 nginx # host:8080 → container:80
docker run -p 3000:3000 my-app # same port
docker run -p 127.0.0.1:3000:3000 my-app # bind to localhost only
# Map multiple ports
docker run -p 80:80 -p 443:443 nginx
# Random host port
docker run -P nginx # maps EXPOSE ports to random host ports
docker port <container> # show port mappings
Container-to-Container Communication
# Same user-defined network — use container name as hostname
docker network create app-net
docker run -d --name db --network app-net \
-e POSTGRES_PASSWORD=secret postgres:16
docker run -d --name api --network app-net \
-e DATABASE_URL=postgres://postgres:secret@db:5432/postgres \
my-api
# api connects to db using hostname "db" ✅
Host Network
Container shares the host's network stack. No port mapping needed.
docker run --network host nginx
# Nginx listens on host port 80 directly (no -p needed)
Pros: No NAT overhead, best performance. Cons: Port conflicts with host, less isolation. Linux only.
DNS Resolution
User-defined bridge networks provide automatic DNS:
Container "api" → resolves "db" → 172.20.0.3
Container "api" → resolves "redis" → 172.20.0.4
Docker's embedded DNS server handles resolution.
Only works on user-defined networks (NOT the default bridge).
Key Takeaways
- Always use user-defined bridge networks (not default bridge) — enables DNS by container name
- Containers on the same network communicate by name (e.g.,
http://db:5432) -p host:containermaps ports;-Pmaps all EXPOSE ports to random ports- Host network gives best performance but sacrifices isolation
- Use
docker network createto isolate groups of containers - Containers on different networks can't communicate unless explicitly connected