Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider adopting chipmk/docker-mac-net-connect strategy to provide host to container access #564

Open
kelvich opened this issue Mar 17, 2022 · 0 comments
Open

Consider adopting chipmk/docker-mac-net-connect strategy to provide host to container access #564

kelvich opened this issue Mar 17, 2022 · 0 comments

Comments

@kelvich
Copy link

kelvich commented Mar 17, 2022
edited

Hey!

Over a course of few last years I've quite often run into a lot of inconveniences caused by lack of host to container access on macOS (compared to linux where you can ping container ip address right away). Usually it is a problems in a setups where some services of a distributed app run on host and some in a containers, so service should know whether it is running on host on in container to select a proper addresses (direct ones or localhost ones).

There are few crutches/workarounds with different level of invasiveness:

  • use docker.host.internal access between containers and put 127.0.0.1 docker.host.internal into /etc/hosts on a host. That gives uniform connectivity but requires you to edit /etc/hosts.
  • keep two set adresses (internal and public) and select between them based on some env variable like INSIDE_DOCKER=true
  • use internal addresses and manually set up ip aliases and pf routing rules on a host system. That work well with static containers but won't work when your app can dynamically create a container.
  • use vpn into one of the containers and route traffic through it. That solves all of the problems but requires extra containers and services.

Recently @petuhovskiy brought to my attention https://github.com/chipmk/docker-mac-net-connect That is wireguard-based solution that tunnels traffic from tun interface on the host to the docker vm wireguard. Also it has a service to listen for a docker events to automatically manage routing table on a host.

Any possibility to adopt that approach in a docker for mac? Any possibility that PR on that matter will be reviewed and potentially merged? It seems to be minimalist and robust, without any new services (if merged). So far docker mac networking page (https://docs.docker.com/desktop/mac/networking/) states right away that Docker Desktop for Mac can’t route traffic to containers. and such approach can solve that problem in a nice way.

cc @stephen-turner @gregnr @djs55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kelvich