Docker still can see open ports with and without –link flag set

I’ve been following these two tutorials to understand a bit about Docker networking:

  • https://docs.docker.com/engine/examples/running_redis_service/
  • https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks

The first tutorial says that the container is not exposing ports by not using -p or -P flags.

  • pcregrep with multiple capturing groups
  • Kubernetes application running on master - DaemonSet
  • docker : can't mount some directory from host
  • Run GUI Applications with Docker for Mac and X11 Binding
  • Unable to connect to tomcat running in Docker (Connection refused)
  • chown docker volumes on host (possibly through docker-compose)
  • $ docker run --name redis-server -d <your username>/redis
    

    And when running another container it uses the –link flag to “redis” container:

    $ docker run --name redis-client --link redis:db -i -t ubuntu:14.04 /bin/bash
    

    And that way I can connect from redis-client container to redis-server container because they are linked. But while experimenting with other configurations, I run another container, let’s call it redis-client-2 — just after I stoped and removed redis-client container — that doesn’t use the –link flag:

    $ docker run --name redis-client-2 -i -t ubuntu:14.04 /bin/bash
    

    And I noticed that even without the –link flag set I can connect to redis-server container’s redis server from redis-client-2

    My question is, am I misunderstanding the concept of –link and exposed ports on Docker? Why can I still connect to redis-server container with or without the –link flag?

    Thanks in advance

  • How to run Docker on Ubuntu 15.04?
  • Automating install of Docker and image pull using python or bash
  • LXC/docker.io & kernel updates
  • Mongodb in Docker: numactl --interleave=all explanation
  • Unrecognized argument format hosting.ini
  • splitting docker stdout and stderr with fluentd fluent-plugin-rewrite-tag-filter plugin
  • One Solution collect form web for “Docker still can see open ports with and without –link flag set”

    Docker containers on the same Docker network (if none is setup, default) as each other can communicate with each other freely. --link is a vestigial feature from before the days of first-class Docker networking.

    The -p & -P options only relate to exposing ports outside of the Docker network (i.e. to the host) and has no bearing on container-to-container communication.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.