accessing the containers from other computers on the network

[vmiyoshi]

This works perfectly for reaching containers (or kubernetes pods) on the computer running docker or kubernetes cluster (running in docker), however I'm unable to access on other computers on the same network. If I spin up a kubernetes instance using docker-desktops built in kubnernetes, I have no problems accessing the pods from other computers on the same network.

[gregnr]

Hey @vmiyoshi, docker-mac-net-connect works by creating entries in the macOS host's routing table to send L3 packets through the local WireGuard tunnel. Containers wouldn't be accessible to the rest of the LAN unless you set up special IP forwarding rules on your router & macOS host.

When you say Kubernetes pods are accessible to the rest of the LAN, do you mean by their individual IPs (L3), or just through your macOS IP with a port-forward or LoadBalancer service?

[vmiyoshi]

Greg; Thank you for your response. This is something I'm starting to understand, I don't think my ISP provided router allows for forwarding (I combed over it's configuration all day yesterday). To answer your question - I can access the containers on the localhost with this setup regardless if I'm just spinning them up in docker or if I'm deploying them using something like a "KinD/Kubernetes cluster setup" which will also makes use of Docker.

or just through your macOS IP with a port-forward or LoadBalancer service? = "Yes, this is pretty much what I'm talking about"

However again I could only get to the app's running with in the pod/containers on that local computer, and not from other machines on my local network. BUT if I'm using the built in Kubernetes in Docker-Deskop, Rancher-Desktop, or even Colima this works. Meaning I can access the app from services like LoadBalancer, or NodePort. I don't know what "magic" they are using but it works, and I can't seem to duplicate it...lol What I noticed last night was when I deployed a simple nginx app/LoadBalancer svc, and did a "get svc -A -o wide," in the built in Kubernetes (Docker-Desktop). For one I didn't have to deploy a separate LoadBalancer solution like I would if I was using KinD. What I found is it worked "out-of-the-box" and instead of it being "external IP = X.X.X.X," it was "localhost" and I didn't see new routes in MacOS's routing table, and I could access the app from my iPad by just putting the IP address of the Mac (running the docker-desktop/kubernetes cluster) in the browser so again Magic...lol. Again thank you for response, I'm stuck trying to make this work as I intend it (Docker-desktop/KinD multi-node kubernetes), I may have to buy a new router...lol. You have a good weekend!

[gregnr]

Yeah many stock routers don't let you modify the routing tables - you might have better luck finding a router that you can install OpenWRT on or buy one with it pre-installed (eg. GL.iNet).

However it sounds like you might not actually care about connecting to containers by individual IP (what this tool does) and instead are okay with just connecting to your mac's IP and binding a port from your macOS host to a port on the container. If this is correct, there's nothing more you need to do. This is built into Docker:

docker run -d -p 8080:80 nginx

This is the default way to connect to containers from your host (or from other machines on the LAN, since the port is bound to your macOS host, then forwarded to the container). This is similar to what Docker Desktop Kubernetes would be doing. No routes would need to be created in your routing table.