Communicate different pods using Podman

Question

I am deploying several Pods using podman-compose. To do so, each pod has its own definition in a podman-compose.yaml file that I execute in rootless mode (so all containers in a Pod coexist in the same host/IP). However, I would like to make able a container in a Pod to reach a service exposed by a container in another pod.

I know Kubernetes has the Service object that let pods communicate between them. But I don't want to use K8S...

So my question is: Is there any 'equivalent' or workaround I could use to reach such a communication between pods? Not only in the Podman ecosystem, but in the Linux's one.

Ideally, I would like to use a DNS that lets containers resolve the IP of other containers in other pods. Should I use my machine (where all pods are running) DNS to proxy requests between pods? And more importantly, is this a good practice?

Sorry if the answer is pretty obvios, I am new in the IT world.

Anyway, thank you all in advance!

score 2 · Accepted Answer · edited Dec 31 '22 at 10:24

Create a network and have all the pods use that network on start. Then if you use --name to name the pods, be able to use that name as the DNS entry from others.

Eg

podman network create $NETWORK_NAME

podman pod create --name $POD1 --network $NETWORK_NAME

podman pod create --name $POD2 --network $NETWORK_NAME

podman run -it --detach --pod $POD1 --name $CONTAINER1 --network $NETWORK_NAME image_name

podman run -it --detach --pod $POD2 --name $CONTAINER2 --network $NETWORK_NAME image_name

now if you were curling from CONTAINER2, you could use curl http://$POD1 and it would resolve to the IP (private ip on the network created) for that POD.

If you dont want to use pods, just remove all pod create and --pod flags to podman run, and instead use $CONTAINER1 or $CONTAINER2 to talk to the other containers in the same network.

With this, you dont need to expose a load of ports, and have your containers communicate to the host and back to the exposed port. Just reference them by pod / container name.

In my experience, it only works when also specifying `--hostname $SOMENAME` when creating a pod. This is also possible directly with e.g. `podman run --detach --pod new:$POD1 --name $CONTAINER1 --hostname $POD1 --network $NETWORK_NAME image_name`. — fc7, Dec 29 '22 at 10:09

score 1 · Answer 2 · answered Feb 21 '22 at 07:46

1

Finally, I found out in the containers organization the Podman's dnsname plugin that makes possible the pod to pod resolution by using its DNS gateway.

answered Feb 21 '22 at 07:46

Hèctor M.C.

95
1
6

score 0 · Answer 3 · answered Feb 19 '22 at 13:09

So my question is: Is there any 'equivalent' or workaround I could use to reach such a communication between pods? Not only in the Podman ecosystem, but in the Linux's one.

There is no analog to a Kubernetes Service object. In podman (and docker), service discovery is name-based: containers can refer to other containers by name, and there are no restrictions on what ports they can access. So if you have:

version: "3"

services:
  app1:
    image: docker.io/alpinelinux/darkhttpd:latest

  app2:
    image: docker.io/alpinelinux/darkhttpd:latest

Then an application running in the app1 container can access services in the app2 container. That is, if you podman exec into app1, you can run:

wget -O- http://app2:8080

This is the default behavior; there's nothing special you need to set up.

Absolutely, communication between container in a same pod does not need special setups. Nonetheless, if what I want is to communicate containers from different pods (for example, from two podman-compose files in different projects) I found out that the only possible way is by using this plugin in podman: https://github.com/containers/dnsname In a nutshell, it lets you create shared networks between namespaces, so you can resolve containers in other pods by using its specific dns gateway. — Hèctor M.C., Feb 21 '22 at 07:42

Communicate different pods using Podman

3 Answers3

Linked