6

I'm using Docker Desktop for Windows, running a couple of linux containers using docker-compose.

These containers communicate with each other inside their own Docker network. One of the containers is set to push some data to the cloud.

I need some easy way to test the behavior of the cluster losing internet connectivity.

I do not want to disconnect my whole computer, just the Docker containers (without stopping them).

I tried restricting access of docker-compose in Windows Firewall, but that didn't work.

How can I achieve this?

Is there any Linux command I can run inside the running container to go offline?

EDIT

@vaibhand's answer disconnect a single container from the cluster network. Making it unreachable by other containers in the cluster. I need to disconnect the cluster from internet (simulating a real world internet connection outage), while keeping the internal cluster network alive so that they can still take to each other.

empz
  • 11,509
  • 16
  • 65
  • 106
  • Supposing you use Ubuntu `sudo apt-get install net-tools` `sudo ifconfig down` – Max Nov 19 '20 at 15:13
  • I'm using the Python docker official images. I don't think they have an ubuntu based one. They are mostly alpine or slim-buster. – empz Nov 19 '20 at 15:28
  • 2
    Use "docker network ls" to list available networks and then docker network disconnect – vaibhavnd Nov 19 '20 at 15:41
  • [Debian eth0](https://manpages.debian.org/testing/ifupdown/ifup.8.en.html) – Max Nov 19 '20 at 15:42
  • Ok, so I was able to install `net-tools` using the `3.9-buster` tag. But when I run `ifconfig down` (root access is disabled by the base image) I get `down: error fetching interface information: Device not found`. Any ideas? – empz Nov 19 '20 at 15:42
  • @vaibhavnd This is exactly what I was looking for, thanks. Post it as an answer and I mark it :) – empz Nov 19 '20 at 15:45
  • Why don't you block the resources (IPs) your applications connect to (I mean in Windows Firewall)? Don't block docker-compose. I believe docker-compose process itself does not attempt to go to outer Internet. – Alexey R. Nov 19 '20 at 19:55

1 Answers1

9

Use docker network ls to list available networks and then docker network disconnect <NETWORK> <CONTAINER>

empz
  • 11,509
  • 16
  • 65
  • 106
vaibhavnd
  • 281
  • 1
  • 5
  • 1
    I'm sorry but this disconnects the container from the network, making it unreachable by other containers in the cluster. I just need to disconnect from the internet while leaving the internal cluster network available for them to talk to each other. – empz Nov 19 '20 at 18:26
  • 1
    theoretically, you can attach different containers to different docker network and to solve your problem one of them will not have connectivity to internet , see the steps here https://stackoverflow.com/questions/54720587/how-to-change-the-network-of-a-running-docker-container . .However unknown part for me is how to create a network which doesn't have connectivity to the internet .. this link may help https://docs.docker.com/network/ – vaibhavnd Nov 20 '20 at 04:02
  • Thank you! Just an update, to be able to attach the container back to the network you can use `docker network connect ` – Max Feb 20 '23 at 05:16