Expected behavior After installing Docker for Mac installer I would want to see the ip address $ docker-machine ip 192.168.64.8 I would want to install dns server inside docker and use et in my host machine /etc/resolver/test. To do this I would need the ip address of: Docker for Mac to resolve all.test domains into the xhyve virtual machine. When the Docker Desktop application starts, it copies the /.docker/certs.d folder on your Mac to the /etc/docker/certs.d directory on Moby (the Docker Desktop xhyve virtual machine). You need to restart Docker Desktop after making any changes to the keychain or to the /.docker/certs.d directory in order for the changes to take effect.
In Docker Tip #35 I wrote about connecting to your Docker host from inside of a container but a lot of things have changed since then. Here’s a more updated version.
As of Docker v18.03+ you can use the host.docker.internal
hostname to connect to your Docker host.
This could come in handy if you wanted to connect to a database that’s running on your host but isn’t running inside of a container.
I often see this use case come up when people are beginning to move their stack over into using Docker. If that’s the case you would just use host.docker.internal
as your DB connection host.
There’s a couple of ways to do this, but the easiest way would be to connect over the IP address listed in your docker0
network adapter.
ip a
on your Docker host you might see something similar to this:Using the above output as an example, you could connect to your Docker host from inside of a container by using this IP address: 172.17.0.1
.
If you expect that IP address might change you could go the extra mile and do something like docker container run -e 'DOCKER_HOST=$(ip -4 addr show docker0 | grep -Po 'inet K[d.]+')' ...
, this way every time you run your container, it’ll have the IP address available inside the container set to the DOCKER_HOST
environment variable.
Let’s shed some light on a questions that readers often ask me in email or comments.
How do I get the IP address of a Docker container?
This is a tricky point, because the solution itself is short and simple, but in real life you don’t use the IP address of a Docker container unless you want to test or try something on an exceptional basis.
For the above reason, I think it’s useful to read the whole post, but in case you don’t have the time, here you have the one-liner to solve the issue.
With a specific example to check the IP of a container called boring_noyce
on the default bridge network the command looks like this:
Let’s come back to the main point now; why and when you might want to use the IP address of a Docker container?
When you work with Docker in real projects, you may work on various levels, namely:
The idea behind containerization is that your containers are meant to be ephemeral by design. What does this mean?
The meaning of empheral is something short-lived, the Docker documentation explains it like this:
“By “ephemeral”, we mean that the container can be stopped and destroyed, then rebuilt and replaced with an absolute minimum set up and configuration.”
You can read about this in the Docker docs or in my in my Dockerfile best practices tutorial.
The real meaning of this is that your containers are just temporary workers that can be destroyed and recreated as you need them.
The mechanism to construct a complex application with containers that you can throw away and replace any time is built into Docker. You use user defined networks, Compose and Swarm configuration to drive your application stack.
On the abstract orchestration levels of Compose and Swarm, you don’t work with IP addresses directly. You rather work with your definition of the desired state of your entire stack.
This is why I said in the beginning that you are supposed to work with IP adrersses directly on an exceptional basis only; like tracking down a bug or testing out something new while you are building your configuration.
It’s important that you build your production system with the Compose file to be used with Compose or Swarm, or deployment descriptors for other orhestrators like Kubernetes rather than relying on container IPs.
Having said all this, let’s see how to get the IP address of a Docker container.
The IP address of a container only makes sense in the context of the network your container is connected to.
When you start out with Docker, you probably use one of the default networks of Docker. These are the default networks:
These networks are created by the Docker engine when it starts up on the host machine.
The meaning of these networks is the following:
In order to create a good design for your application, you usually create user defined networks. You use these networks to isolate parts of your application architecture and you define contianers that serve as gateways between these networks. This implies that some of your containers are connected to one user defined network, while other containers are connected to two networks, or even more depending on your design.
So it’s important to understand the network context of your application before going after the IP address.
You use the docker network
commands or the Compose file to define your networks. Please refer to the Compose tutorial, the Swarm tutorial for more details, or get the book for an in-depth learning experience.
Please note that Swarm mode adds further networks to the list. If you create a service in Swarm mode, requests are routed to the right node and right container by the default overlay network. You can, of course create user defined overlay networks.
Let’s create a few containers to experiment with. I created 3 Nginx containers running the below commands.
Now these containers are connected to the default bridge network. If you use use docker-compose
to start containers from a Compose file, you can use the same methods that I desribe here.
Let’s examine the bridge network now.
As you can see the bridge
network (I mean the network called bridge
) has three containers connected now. If you want to casually see the IP address of the containers on a network, you can always inpect the network and see the IPs.
You can get the IP address of a single container inspecting the container itself and using GO templates to filter the results with the -f
(filter) flag.
This one-liner may look elegant, but I think it’s impractical, because it’s too long and you need to enter the network name (bridge
) in the middle manually.
You may think now that the one-liner is better, because you can use it in scripts. Please remember that you are not supposed to do that. If you need the IP address in production scripting, your should probably improve your network design.
Let’s add a user defined network to the picture and see what happens.
Now our container called boring_noyce
is connected to mynet
, too. Let’s inspect the container’s network settings.
We can try again to find out the IP address of this container on the various networks.
The main point I’m trying to make with this post is to learn the art of architecture design and spend time on your networks definition rather than hacking with IPs. Nevertheless you have the tools here to find out your container IPs.
Having said this, I think we can get a bit more funky with this command. We can, for example, list the IPs of all containers on the bridge network.
The same command on the user defined network gives only one IP, because only one of the containers is connected.
If you are in Swarm mode, you work with services directly. You are not supposed to touch containers. If you need to work with a container (on an exceptional basis) to check something, your best option is to ssh
into one of the nodes in the Swarm and use docker container ls
and the commands I showed you in this post.