Diffcult to find documentation about how network_mode: "service:<service_name>" works

General
1

Hi to everyone!
I apologize in advance for my doubts, which may sound quite dumb, but I’m writing there since I am having trouble in finding how exactly works network_mode: "service:<service_name>.
Suppose that service1 is using network_mode: "service:<service2>.
The only reference I am finding in the documentation is here.
My doubts concerns the handling of the network. From the sentence in the doc, saying that this

gives the containers access to the specified service only

I deduce that (correct me if I am wrong):

  1. service1 cannot directly connect to the internet, but needs to “go through” service2.
  2. If for whatever reason service2 has no access to the internet, also service1 cannot reach the internet (and this would be ok)
  3. If for whatever reason service2 is down, service1 will not reach the internet (and also this would be ok)

But this leaves me some questions:

  1. How will the network will be managed? Is all left up to the service2, or is somehow mediated by the network_mode?
  2. I am asking it because I would need to hide a docker container behind a VPN, and I ended up finding gluetun, and I was wandering why wouldn’t be possible to simply setup a custom network, and use a vpn container as gateway.

Thanks for everyone in advance! Moreover, if you found other documentation to that, feel free to link it down below!

2

In your scenario service1 will not have it’s own network namespace, it will be hooked into the network namespace of service2. So however the network configuration for service2 looks like is what service1 will be using as well. Even localhost will be the same localhost on both containers.

The network namespace will be owned and managed by service2. If you plan to publish ports for service1, they need to be published on service2. The same is true if other containers should join other container networks, all of this must happen on service2.

In this scenrio people use the vpn container as main service and configure every service that should use the vpn connections with network_mode: service:{service name of the vpn service}.

1 Like
3

This was super clear, thanks a lot!