Good evening,

I would like to use a docker compose to create containers.

One of my container needs to access host network interface in order to use “ip addr” command on interface (to create a VIP, virtual ip address).

After a lot of research, I have found that I have to setup container with “host” network_mode, to access host network interface.

My goal is to do not expose my container on host network, BUT being able to access host network interface.

Is there a way to get both options at the same time?

Thank you very much in advance,

BR,
Rodolphe

You might take a look at the Github sources of images that already tackled the VIP problem, for instance GitHub - NeoAssist/docker-keepalived: Dockerized keepalived to ease HA in deployments with multiple hosts. Provides failover for Virtual IPs (VIP) to be always online even if a host fails. Initially aimed to help Rancher HA deployments

Aren’t those contradicting requirements? Either you bind your container to the host network interface or you don’t…

The thing is that if I setup my container on host network, I will not be able to access other containers if they are on “bridge” network, right?
I don’t want to share ports of all my containers on host network (a database server shouldn’t be reachable on host, but only from other containers).
But the container which controls the VIP has to be able to reach database.
So the question is:
If I want to control my host network interface, I have to set ALL my containers on “HOST” network mode? (because if not, they will not be able to communicate each other anymore)

frankly, i am unclear about the effect. Though, try declaring two networks and using the same network in the containers that should interact with each other and the other one strictly for frontend communication.

But the usecase for a nginx reverse proxy running in host mode and sending traffic to containers in a backend network ist not that uncommon. Just try and see

The thing is that it is not possible to create a network which has access to host network interface…

Ah, now we are getting somewhere.

Well, one solution might be to create a macvlan network that uses a subset of your local lan, which is NOT handled by the networks DHCP Server. I am sure the search function will reveal some examples on how it’s created.

Then you declare a bridged network, which you only use for communication between containers.

First, thank you very much for your help.
Macvlan needs additional ip address on the LAN, but I am restricted to 1 address for Docker machine

[Bump] Any idea on this topic?

I have still no clue, any help?