Access the Containers from Host like on Linux #155
Comments
|
Thanks for the feature request. We know this is a useful capability and we have discussed use cases at length. I'm curious: what prevents you from running multiple database containers and mapping each to a different port and then using a complete sockaddr (address + port rather than address alone) to refer to each? |
|
It's for a dev environment, so the Developer access databases via domains, it should totaly dynamic so i cant do a static configuration by mapping ports i resolv the dev domains for the databases (mysql.server1.local to 172.17.0.X)... But on Docker for Mac i have the issue that the 172.17.0.X IPs isn't accessible from Host |
|
This pretty much relates to #171. Our specific use-case is the same. We have setup an Previously, all we needed was to route all traffic into our VM on a specific IP range, but now it's not possible to do so, so we either have to bind to specific ports, for specific services, or we need a clever load balancer, or we need to do manual service discovery. |
|
+1, interested in the fix |
1 similar comment
|
+1, interested in the fix |
|
Any plans to resolve this issue in near future? |
|
Hi we are considering how this could be implemented, potentially via a VPN from the Mac to the Linux VM, but it is not being worked on at present. It is probably possible to implement a version by running a container with |
|
@justincormack thanks for fast response. For me and I suppose the rest of people, docker for mac is only for development purpose. So I do not think anyone will bother if this will be easy to use, like docker on linux. |
|
If you're considering VPN I assume there's no way to create network connectivity between Mac and xhyve huh? I wonder why. I think VPN is a bit of an overkill ... really should be a simple developer experience pinging the docker ip's like they would on Linux... |
|
Was the approach mentioned in this thread on the forums considered? I don't know enough to have an opinion myself, but from reading the first 3 messages, it sounded like there was a fairly simple way to getting a workable solution. Thanks. |
|
Maby i'm wrong but the only Problem is that the xhyve vm inside Docker for Mac hasn't no Network Adapter. Or routable IP like boot2docker (192.168.100.99 like that) With boot2docker and a route command its possible to Route all the Container ips to the vm Network. We need this for xhyve. Whats going on with this tuntap Plugin? |
|
Here is a abstract scenario that isn't currently working with docker for mac |
|
Any update on it ? |
|
🆙 2017 |
|
If this were possible, the use case of connecting Docker for Mac containers to overlay networks running across Linux hosts would become possible. This would be so cool for testing (e.g. imagine connecting a locally-developed container with tests to a cloud-based application). Pretty, please? :) |
|
As mentioned in the comment above, the Support tap interface for direct container access (incl. multi-host) thread on the Docker forums appears to offer a solution from @michaelhenkel, which I hope he will not mind me copying in here in the hope it moves this issue forward a little:
|
|
I've tried to run docker daemon on sierra and have got and script have been paused for a long time |
|
It appears it is possible for a standard xhyve install is able to allow access to the xhyve VM from the outside as indicated by the blog post at http://mifo.sk/post/xhyve-for-development I think this would be the first step to properly supporting --net=host in Docker for Mac Can someone from the Docker team investigate this? |
ghost
mentioned this issue
In principle a unix socket would be a more secure way of communicating as there would be no exposed port that could be hit by other machines on the same network. However, docker/for-mac#483 means it won't work on docker desktop for Mac, and as one of the primary motivators for this project is working around docker/for-mac#155 by enabling https://github.com/Mahoney-forks/docker-tuntap-osx that's a blocker.
|
The Apple M1 Tech Preview uses the new Virtualization.framework in Big Sur which resolves this issue because a bridge interface is now connected between the host and container VM using the virtio driver and a NAT is done on the host as well. Would it be possible to get the Developer Preview released for Apple M1 compiled and released on Intel as well? It would be useful so we can test. docker/roadmap#142 |
|
For anyone else still chasing this - I packaged up @AlmirKadric 's solution as a brew formula: Unfortunately there are a couple of manual sudo steps to do as well, listed in the caveats when you do the install. Works using https://github.com/Mahoney/docker-lifecycle-listener |
FYI: Warning: Calling depends_on :tuntap is deprecated! There is no replacement.
Please report this issue to the mahoney/tap tap (not Homebrew/brew or Homebrew/core):
/usr/local/Homebrew/Library/Taps/mahoney/homebrew-tap/Formula/docker-tuntap-osx.rb:10 |
|
Yes, that's unavoidable. If you want to discuss it further I'd suggest doing so here: |
|
The Authoritative Guide to Why Docker Choosing Layer 4 Proxy Sucks:
|
|
Does this work? |
I verified this works
|
|
I had to abandon this for now, the NAT out to the internet is currently broken / flakey. Hoping this improves soon! |
|
It's not super reliable, especially if you use a VPN on your mac then its You'll need to know the subnet of your docker network, which can change. E.g. if your containers are in a compose project the network will be You'll need to start a container on the same docker network that has It basically proxies all your TCP connections from your mac to that subnet through the container running sshd. It works for me when on VPN except I have to remove |
@blakebarnett that might be the same issue as #5680 Which sounds like it's fixed in the upcoming release. P.S. Except for that general issue with the new framework, that route commands works for me. It does seem that in a docker settings change or upgrade the IP address of the VM can change to another 192.*. FYI. |
|
Yeah I think it is, hopefully in 3.4 everything will be smooth for this! |
|
macOS Big Sur v11.4 and Docker Desktop v3.4.0 (65384) still has the issue, as per original request: docker-tuntap-osx is a workaround that works. |
|
Hey guys, tuntap is a workaround, but when I create a network by So let's say I have two applications: app1 with IP 192.168.211.1 and app2 with IP 192.168.213.1. tun/tap does the fix and I can access them by these IPs, but when I add any of applications to new network: none of the applications are accessible from host like they were before. The reason why I do need to add them to network, because the applications are different containers (with own databases), but I need them work via API. But due limitation of docker to make them be available to each other I have to create network, and when I do it - containers are not available from host machine. I tried to add tuntap gateway to docker network, but it didn't help: Any thoughts, gents? |
Would you mind expanding on this a little? I've checked "Use the new Virtualization framework" on 3.5.2 on an M1 iMac, but Output of |
I upgraded to the Monterey beta on my M1 and haven't tried this out again, I can report back once I do. |
|
I didn't find a way to do it in this way, but found way how to workaround this - just added app1 network to app2 docker-compose.yml, so basically app2 can connect to network of app1. Since both apps are on docker-compose and have own bridge networks, it works just fine. Btw, I don't have M1 chip on the system I experienced the issue at |
|
Can we keep the conversation focussed on the specific problem the issue is about - communicating with a container by IP address from the host. This issue is not about communicating with the host from a container. Nor is it about allowing two different containers to communicate with each other. This is about being able to do the following on a Mac: docker run --rm -d --name myservice nginx && \
MYSERVICE_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' myservice ) && \
curl "http://$MYSERVICE_IP"and seeing the If whatever you are suggesting does not make the above snippet work, it's not appropriate for this issue. |
It worked on Docker Desktop 3.3.2/3.3.3. Newer versions don't create the bridge interface. |
|
Could this be implemented via the new extension API? |
|
There is a brew package that resolves the problem https://github.com/chipmk/docker-mac-net-connect So you can access the container by IP directly. Another problem need to be solved is static access to container by its docker's name. (or have it accessible on host machine by port) So I want to achieve behavior identical to May be some DNS should work as well, please suggest any solution or workaround. Please, do not suggest using |
|
@alexandertsukanov , amazing thanks for sharing. Do you guys know any similar solution for Windows? (sorry for offtopic) |
|
Is there any update for this issue? |
|
Unfortunately docker-mac-net-connect has stopped working with Docker for Mac 4.16.1: |
and others
This is a kind of a requst
Hello there,
i have a testing development scenario build with docker containers.
on linux machines i can access them via the conatinaer IP (172.17.0.X) and intacting via the exposed Port.
But on Docker for Mac this isn't possible because i dont know the IP from the VM
with the Toolbox (Docker Machine) i can route 172.17.0.x to docker machine ip.. is there any way to do that with Docker for Mac?
I need this because i have multiple Database Containers each with the same Port... (so -p istn't the answer ;))
The text was updated successfully, but these errors were encountered: