Over a course of few last years I've quite often run into a lot of inconveniences caused by lack of host to container access on macOS (compared to linux where you can ping container ip address right away). Usually it is a problems in a setups where some services of a distributed app run on host and some in a containers, so service should know whether it is running on host on in container to select a proper addresses (direct ones or localhost ones).
There are few crutches/workarounds with different level of invasiveness:
use docker.host.internal access between containers and put 127.0.0.1 docker.host.internal into /etc/hosts on a host. That gives uniform connectivity but requires you to edit /etc/hosts.
keep two set adresses (internal and public) and select between them based on some env variable like INSIDE_DOCKER=true
use internal addresses and manually set up ip aliases and pf routing rules on a host system. That work well with static containers but won't work when your app can dynamically create a container.
use vpn into one of the containers and route traffic through it. That solves all of the problems but requires extra containers and services.
Recently @petuhovskiy brought to my attention https://github.com/chipmk/docker-mac-net-connect That is wireguard-based solution that tunnels traffic from tun interface on the host to the docker vm wireguard. Also it has a service to listen for a docker events to automatically manage routing table on a host.
Any possibility to adopt that approach in a docker for mac? Any possibility that PR on that matter will be reviewed and potentially merged? It seems to be minimalist and robust, without any new services (if merged). So far docker mac networking page (https://docs.docker.com/desktop/mac/networking/) states right away that Docker Desktop for Mac can’t route traffic to containers. and such approach can solve that problem in a nice way.
Hey!
Over a course of few last years I've quite often run into a lot of inconveniences caused by lack of host to container access on macOS (compared to linux where you can ping container ip address right away). Usually it is a problems in a setups where some services of a distributed app run on host and some in a containers, so service should know whether it is running on host on in container to select a proper addresses (direct ones or localhost ones).
There are few crutches/workarounds with different level of invasiveness:
docker.host.internalaccess between containers and put127.0.0.1 docker.host.internalinto/etc/hostson a host. That gives uniform connectivity but requires you to edit/etc/hosts.INSIDE_DOCKER=trueRecently @petuhovskiy brought to my attention https://github.com/chipmk/docker-mac-net-connect That is wireguard-based solution that tunnels traffic from tun interface on the host to the docker vm wireguard. Also it has a service to listen for a docker events to automatically manage routing table on a host.
Any possibility to adopt that approach in a docker for mac? Any possibility that PR on that matter will be reviewed and potentially merged? It seems to be minimalist and robust, without any new services (if merged). So far docker mac networking page (https://docs.docker.com/desktop/mac/networking/) states right away that
Docker Desktop for Mac can’t route traffic to containers.and such approach can solve that problem in a nice way.cc @stephen-turner @gregnr @djs55