0

I am running a VM with Container-Optimized OS.

I want a container that both:

  • A. Binds to the external IP of the VM.
  • B. Contacts a sibling container, that listens on 127.0.0.1:3010.

An issue I am having is that by default "A" works and "B" does not.

If I pass --net host, "A" stops working, and "B" works.

I think COS has some hidden special config to make it appear like containers run with --net host. This allows external traffic to the VM's IP:port for each container that binds to a port.

Because of this hidden config, it means if I try to run containers on --net host, it removes the ability to reach the container from outside the VM.

How can I enable A and B?

zino
  • 1,222
  • 2
  • 17
  • 47
  • What is the actual configuration you are trying to run? Can you run the same setup successfully on a more normal Docker setup (Docker Desktop or plain Docker on a typical desktop Linux installation)? (You should not need `--net host` for this setup as you've described it and it will cause problems connecting between the two containers.) – David Maze Sep 12 '22 at 00:20
  • @David Maze `--net host` allows the two containers to talk over localhost (as they are both using the host localhost). Without `--net host` they cannot talk over localhost, but they CAN be contacted from the external IP of the VM. I want both: A: external IP contact and B: container-to-container over localhost contact. – zino Sep 12 '22 at 01:00
  • have you tried using the legacy [links](https://docs.docker.com/network/links/#connect-with-the-linking-system) feature of Docker, or you may create a user-defined networks using `docker network create` – Siegfred V. Sep 12 '22 at 02:34
  • COS runs containers with the equivalent of `--net=host`. The container ports are exposed to the public side of the instance. That means only one container can listen to a specific port number. Rewrite your question showing the configuration of the containers and the problem without trying to manipulate the network. Tip: I do not recommend COS if you need to manage container configurations. Use Compute Engine and Docker for that use case. – John Hanley Sep 12 '22 at 02:38
  • @JohnHanley I do not think it is the "equivalent of --net=host" - because if one container listens on localhost:3010, another container cannot reach localhost:3010 (this should be possible with the real --net=host, but it is not). Also `docker inspect` shows the network to be `bridge` when run on COS. I will add more details. – zino Sep 12 '22 at 02:44
  • Your edit did not provide the details requested. – John Hanley Sep 12 '22 at 03:23

0 Answers0