Network aliases in multicontainer setting

docker-compose

#1

Good day,

I am trying to setup a custom network infrastructure, as in the future we will want to have containers that are restricted in their connection to other containers.

I tried it basically as depicted in the docker compose in this thread:

Here is a part of my docker compose as an example

version: '2.1'

networks:
  x: {}
  y: {}

services:

  a:
    build: './a'
    privileged: 'true'
    restart: 'always'
    cpu_quota: '400000'
    cpuset: '2,3'
    mem_limit: '1024m'
    hostname: 'a'
    networks:
      x:
    expose:
      - '6379'

  b:
    build: './b'
    privileged: 'true'
    restart: 'always'
    cpu_quota: '100000'
    cpuset: '0,1'
    mem_limit: '256m'
    hostname: 'b'
    networks:
      x:
    expose:
      - '6379'
      - '6380'

Is what I tried, when running “balena inspect <numberStuff>_a” I can see in the bottom most section, that the network x has an alias entry of what seems to be a sha hash but no alias “a” as it has when using the default network. I can “ping a” from the container a itself, but not from another container, like b.

This is more than I got with what I would’ve expected to work in the first place, which is:

version: '2.1'

networks:
  x: {}
  y: {}

services:

  a:
    build: './a'
    privileged: 'true'
    restart: 'always'
    cpu_quota: '400000'
    cpuset: '2,3'
    mem_limit: '1024m'
    networks:
      x:
        aliases:
          - 'a'
    expose:
      - '6379'

  b:
    build: './b'
    privileged: 'true'
    restart: 'always'
    cpu_quota: '100000'
    cpuset: '0,1'
    mem_limit: '256m'
    networks:
      x:
        aliases:
          - 'b'
    expose:
      - '6379'
      - '6380'

In which case I can not even “ping a” from a itself. Pinging the SHA hash does work, but is of no use, as it changes frequently (on rebuild i presume)

Is this behaviour a bug? Should the aliases be added or should at least the containername be added as an alias per default, like in the case of the default network? Is there a way for me to work around this?

EDIT:
Also as additional info, when I push a version, that just adds the aliases to the networks in the docker compose, the containers do not restart, but instead just show as being on the new commit immediately.
In case this might give anyone a hint or something.
I just tried both hostname and aliases in the same dockerfile, but it results in the same behaviour as just using the hostname. Seems like the aliases don’t have any effect at all.

EDIT:
Self suggested workaround would be to parse the IP of each container from “ifconfig”'s eth0 interface and put it in a designated file on a shared volume, from which other containers can read it and connect to it, if they are on the same network. I would love a more elegant solution, remaining in the docker compose, though, if possible.

Thanks for your help and greetings,
Tarek


#4

Did no one try docker networking in multi container applications yet?


#5

Hi @Tschebbischeff, it looks like aliases in the network field are not yet supported, but checking with the team about that.


#6

@pcarranzav @CameronDiver do I read the supervisor code correctly, that the network aliases are not yet supported, i.e. this kind of compose file:

services:
  some-service:
    networks:
      some-network:
        aliases:
         - alias1
         - alias3
      other-network:
        aliases:
         - alias2

From the compose docs: https://docs.docker.com/compose/compose-file/compose-file-v2/#aliases

Looking at the source code, seems those might be covered by this TODO marking?


#7

Alright, at least I know what’s going on then, thanks :ok_hand:


States only names are supported for the “networks” field, but I thought the top-level networks field was meant by that.

Maybe if it is easier to implement in a future version of the supervisor the name of the container could be a default alias, like it is for the default network?

As I read from the official docker docs, this should be the default behaviour anyway?

“Aliases (alternative hostnames) for this service on the network. Other containers on the same network can use either the service name or this alias to connect to one of the service’s containers.”