Docker Networks

Predix Edge provides a common predix-edge-broker_net Docker network that all containers can connect to. Additionally, containers within an application can share separate Docker networks privately. For example, one can create a business logic container that would privately interact with a Postgres network on a separate network. That business logic container could also be exposed to predix-edge-broker_net to pull data from the Predix Edge Broker. This design would provide some measure of network segmentation.

Hostnames

Containers see other containers as hosts, as if they were separate computers with a unique hostname. The docker-compose format allows a given app to join the common predix-edge-broker_net network (or private networks) and will put those containers on the same network. These containers can then refer to other containers by their hostname. For example, HTTPS APIs are available to other containers.

You can add this entry to the docker-compose.yml for each container: 
hostname: “my-container-hostname”

It is possible to create more elaborate network scenarios where you can expose some Hosts or Ports externally and some internally.

Ports

Application architecture should consider ports exposed to other containers or to external systems in the design.
  • Port 443 is already used by PETC to expose itself outside of the device. Applications with HTTPS URLs should use another port.
  • Edge Data Broker exposes port 1883 internally to the predix-edge-broker_net network.
  • Configure external ports in the docker-compose.yml service definitions to avoid port conflicts.
  • Work with your IT or Network administrator to ensure access to ports or through firewalls is properly configured for your application.
  • All ports are available on all network interfaces except for 443 which is restricted to the LAN interface on the Predix Edge Gateway.

Docker Compose Structure

This example docker-compose-local.yml file below shows a one-container application that has mounted the /config and /data directories relative to the current folder on the computer the application is being launched from.
Note: As mentioned above, the /data and /config directories are created on behalf of the app when your app is deployed to Predix Edge. This .local configuration is purely for writing and testing apps outside of Predix Edge in Linux or on a Mac.

Network settings allow the container to access the Edge Broker to publish or subscribe to MQTT messages.

Finally, it is exposing the internal port 1880 as 1880 externally. 

version:
“3.0”
	#This file combines all the edge services and our services so that it can be deployed as a unit
	services:
	  my-container:
	    image: "myorg/my-container-name:1.0.0"
	    volumes:
	      - ./config:/config
	      - ./data:/data
	    networks:
	      - predix-edge-broker_net
	    ports:
	      - 1880:1880
	networks:
	  predix-edge-broker_net:
	    external: true