Docker containers communication without exposing ports

1
votes

I have the following docker-compose file:

version: '2'
services:
# Define a Telegraf service
telegraf:
    build: Services/Telegraf
    image: jit-systems/telegraf
environment:
  HOST_PROC: /rootfs/proc
  HOST_SYS: /rootfs/sys
  HOST_ETC: /rootfs/etc
volumes:
    #- ./etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro
  - /var/run/docker.sock:/var/run/docker.sock:ro
  - /sys:/rootfs/sys:ro
  - /proc:/rootfs/proc:ro
  - /etc:/rootfs/etc:ro
  - /var/log/telegraf:/var/log/telegraf
links:
  - influxdb
logging:
  driver: json-file
  options: 
    max-size: "100m"
    max-file: "3"
networks:
  - influx
  - default
depends_on:
  - influxdb
restart: always
# Define an InfluxDB service
influxdb:
    image: influxdb:1.2.0
    volumes:
      #- ./data/influxdb:/var/lib/influxdb
      - influxdb:/var/lib/influxdb
networks:
  - influx
  - default
#this port should not be exposed
ports:
  - "8086:8086"
logging:
  driver: json-file
  options: 
    max-size: "100m"
    max-file: "3"
restart: always
# Define a Kapacitor service
kapacitor:
    image: kapacitor:1.2.0
    environment:
      KAPACITOR_HOSTNAME: kapacitor
      KAPACITOR_INFLUXDB_0_URLS_0: http://influxdb:8086
    volumes:
      - influxdb:/home/docker_containers/kapacitor/volume
      - influxdb:/var/lib/kapacitor
      - /var/log/kapacitor:/var/log/kapacitor 
    links:
      - influxdb
    logging:
      driver: json-file
      options: 
        max-size: "100m"
        max-file: "3"
    networks:
      - influx
      - default
    depends_on:
  - influxdb
restart: always

grafana:
    image: grafana/grafana
    ports:
      - 3000:3000
    volumes:
      - grafana:/var/lib/grafana
    env_file:
      - config.monitoring
    links:
      - influxdb
    logging:
      driver: json-file
      options: 
        max-size: "100m"
        max-file: "3"
    restart: always

volumes:
  influxdb:

  portainer:

  grafana:

networks:
  influx:

All containers are build successfuly. Telegraf is inserting data in Influx. No errors are thrown. This happens only if the port 8086 is exposed. If I close the port 8086 no data is inserted but the database is visible from Grafana - datasource panel. When I'm saving the connection a message is displayed that the connection was successful. Is there a way to get data from Influxdb container without exposing port 8086 public?

1
dockerdocker-composeinfluxdbgrafanatelegraf

1 Answers

2
votes

I'm not sure whether this is available in docker-compose version 2 but:

You can use networks to enable all containers within the networks to reach each others ports without publishing the port to the public.

One service would acces another one via service name and port. Here an example:

    version: "3.1"

## To ensure optimal performance and data persistence elk stack will only run on a node with a label added in the following way: docker node update --label-add app_role=elasticsearch nodeID

networks:
  logging:

volumes:
    logging_data:

services:

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:5.3.1
    logging:
      driver: "json-file"
    networks:
      - logging
    volumes:
      - logging_data:/usr/share/elasticsearch/data
    environment:
      xpack.security.enabled: "false"
    deploy:
      placement:
        constraints: [node.labels.app_role == elasticsearch]

  logstash:
    image: docker.elastic.co/logstash/logstash:5.3.1
    logging:
      driver: "json-file"
    networks:
      - logging
    ports:
      - "127.0.0.1:12201:12201/udp"
    entrypoint: logstash -e 'input { gelf { } }
                        output { stdout{ } elasticsearch { hosts => ["http://elasticsearch:9200"] } }'
# Add to date{}  add_field => { "ElkDebug" => "timestamp matched and was overwritten"} when in doubt about time filter

The logstash output uses elastic searches address.