Rename socket_proxy to zsocket_proxy #230
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
docker-compose v2 had network priority, unfortunately docker-compose v3 does not have this functionality (yet?). See docker/cli#1372 Networks are assigned to containers using alphabetical order, in this case it means that "socket_proxy" is always ordered before "t2_proxy", this in turn means that the default gateway in containers is always the "socket_proxy" gateway and therefore the outgoing IP address to other containers. I believe this is wrong and the outgoing containers' IPs should always be the default networks gateway and respective IP as well as the traefik containers' IP - never the socket-proxy IP. I recently ran into this problem due to Authelia refusing oauth requests from container-to-container since I didn't allow the socket-proxy network to communicate via Authelia (because why should it, it should always just be container <-> docker sock). Taking the traefik container as an example: ### Before the change ```shell $ docker exec traefik route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.91.1 0.0.0.0 UG 0 0 0 eth0 192.168.90.0 * 255.255.255.0 U 0 0 0 eth1 192.168.91.0 * 255.255.255.0 U 0 0 0 eth0 ``` ### After the change (note the assignment of eth0/eth1) ```shell $ docker exec traefik route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.90.1 0.0.0.0 UG 0 0 0 eth0 192.168.90.0 * 255.255.255.0 U 0 0 0 eth0 192.168.91.0 * 255.255.255.0 U 0 0 0 eth1 ``` This could have been changed in docker-compose v2 with the `priority` attribute (assigning e.g. `priority: 10` to traefik), but this just doesn't work with docker-compose v3. 😐
| Sorry for the delay. The reason i havent' merged this yet is because i will have to modify a whole bunch of documentation to reflect this. |
| Looks like this is finally going to be addressed. This issue was brought up on the docker/compose github: docker/compose#12170 According to the Moby issue, the fix should be part of the Moby v28 release (currently v27 at time of posting). Hard to tell how long until Moby v28 is released and from that point how long until Docker Compose adopts it. |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Add this suggestion to a batch that can be applied as a single commit. This suggestion is invalid because no changes were made to the code. Suggestions cannot be applied while the pull request is closed. Suggestions cannot be applied while viewing a subset of changes. Only one suggestion per line can be applied in a batch. Add this suggestion to a batch that can be applied as a single commit. Applying suggestions on deleted lines is not supported. You must change the existing code in this line in order to create a valid suggestion. Outdated suggestions cannot be applied. This suggestion has been applied or marked resolved. Suggestions cannot be applied from pending reviews. Suggestions cannot be applied on multi-line comments. Suggestions cannot be applied while the pull request is queued to merge. Suggestion cannot be applied right now. Please check back later.
docker-compose v2 had network priority, unfortunately docker-compose v3 does not have this functionality (yet?). See docker/cli#1372
Networks are assigned to containers using alphabetical order, in this case it means that "socket_proxy" is always ordered before "t2_proxy", this in turn means that the default gateway in containers is always the "socket_proxy" gateway and therefore the outgoing IP address to other containers. I believe this is wrong and the outgoing containers' IPs should always be the default networks gateway and respective IP as well as the traefik containers' IP - never the socket-proxy IP.
I recently ran into this problem due to Authelia refusing oauth requests from container-to-container since I didn't allow the socket-proxy network to communicate via Authelia (because why should it, it should always just be container <-> docker sock).
Taking the traefik container as an example:
Before the change
After the change
(note the assignment of eth0/eth1)
This could have been changed in docker-compose v2 with the
priorityattribute (assigning e.g.priority: 10to the traefik proxy network), but this just doesn't work with docker-compose v3. 😐