-1

In production, host mode networking is recommended over bridge mode to avoid packet forwarding overhead.

$ docker container run --help | grep "network"
      --network network                Connect a container to a network
      --network-alias list             Add network-scoped alias for the container

Cloudformation resource type AWS::ECS::TaskDefinition option(NetworkMode) internally use decides the network mode to launch docker containers, where it says:

If the network mode is host, you cannot run multiple instantiations of the same task on a single container instance when port mappings are used.

Using AWS::ECS::TaskDefinition,

Am launching single instance of master jenkins(docker container) with port mapping of 8080:8080. EC2 port 8080 mapping with container port 8080.

What does it mean to say? cannot run multiple instantiations of the same task on a single container instance when port mappings are used....

overexchange
  • 15,768
  • 30
  • 152
  • 347

1 Answers1

3

When you are using network mode as host, the container shares the host’s networking namespace as described here and hence port mapping does not take effect. This means that you cannot map the container's port 8080 to host's port 80 because when the container exposes port 8080, it will be available directly at port 8080 in the host machine.

cannot run multiple instantiations of the same task on a single container instance when port mappings are used....

Container instance is basically a special type of EC2 instance as described here. That means if you are running more than 1 instantiations of the same task in the same host machine (container instance), they will expose the same port (e.g. 8080) which in turn maps directly to the same port on the host machine and hence leads to conflict.

Nguyen Lam Phuc
  • 1,411
  • 1
  • 7
  • 12