在以--network host模式运行时，为什么不能从容器主机访问我的服务？

Question

I have an application running as a container with an endpoint of http://localhost:8080/metrics .

If I start my container with the following command, I can access the service from my container host:

docker run -p 8080:8080 prometheus/golang-example-random

However, in other containers on the same machine I have target endpoints of localhost:8080 , which doesn't work with this setup. So instead, I tried running with --network host . However, when I run with this configuration:

docker run --network host prometheus/golang-example-random

I can no longer access the service from my container host. Am I missing something trivial here?

Answer 1

If you want your containers to be on the same network and be able to talk to each other, the best options is to create a docker network for them and then have them all join the same network.

So you can run:

$ docker network create -d bridge [name]

Then instead of --network host you can pass --network [name] to your docker run command. You'd also need --name which is what you can then use to talk to that container from other containers on the same network:

$ docker run --name goexample --network [name] -p 8080:8080 prometheus/golang-example-random

Now if you were to create another new container on that new custom docker network, you'd be able to talk to the above container using its name as a hostname, ie goexample:8080/metrics .

Because we're still also binding the golang-example's 8080 port to the host's 8080, you'd still be able to access localhost:8080/metrics from the host.

However when you're running multiple containers, keep in mind that you can't bind them to the same host port . Similarly if you are running all containers on the host network, then the services themselves can't all use 8080, for the same reason. In your case that is likely to be the problem.