9

I’m newbie to Docker, but i’d like to know: is it possible to connect one container from another container on Linux machine (any) with UNIX sockets? For example i have one container for application core and second containers which covers database things. Second example is two containers with application code, and first container can trigger some events in second.

Performance really matters for me in both cases. If it’s impossible to do this way, is there is any solution for these problems?

Thanks!

user2890234
  • 332
  • 1
  • 2
  • 10

1 Answers1

12

Yes. You can mount a socket into a container using a volume mount. And multiple containers can mount the same volume, whether that's a named volume or a host mount, to share the socket between the containers. You see this frequently with containers that mount the docker socket today, e.g.

docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock busybox

will run a container with the docker socket mounted.

Notes on the docker.sock itself:

  1. The above is an example of mounting a socket, replace the docker.sock with the name of your own application's socket.
  2. Yes, the above gives the container access to manage docker, effectively root on the host. You see this with tools to manage docker packaged as containers. You are implicitly trusting them with root access on the server, not unlike trusting code downloaded with apt or rpm on the host. Be selective on what you give this access to.
BMitch
  • 231,797
  • 42
  • 475
  • 450
  • 1
    Is not mounting a docker.sock within the container a major security issue? – Greg0ry Feb 19 '18 at 22:08
  • @Greg0ry depends on what's running in the container. If it's a container that needs to have access to docker, then you implicitly have to trust that container, just like you do with anything outside of a container with access to the socket. – BMitch Feb 19 '18 at 22:28
  • I'm new to docker, just started migrating my systems to docker containers. I have no trust to stuff I run in my containers, even if it's "my" stuff... I like this video about docker, maybe you will like it too: https://www.youtube.com/watch?v=uQigvjSXMLw – Greg0ry Feb 19 '18 at 22:44
  • @Greg0ry things you'd need the socket for include tools like rancher, ucp, dynamically reconfiguring reverse proxies (traefik, nginx-proxy). It's a question of whether you manage and ship tools to manage docker as containers or not. – BMitch Feb 19 '18 at 22:50