Paging Docker Network. This is localhost. Do you copy?

Hello? Docker Network? Are you there?

In a past life, all of my development was done from my (or a series of) Fedora machines. Those were the days.

But these days. I just have to be honest. I’ve sold my soul to Apple. I plug things in and they just work. I know! I’ve grown soft in my old age. We’re all still just sitting here waiting (very) patiently for the year of Linux on the desktop and in the meantime, I turn my headphones on and they just connect! No wizardry required.

But I digress. I say all of this to admit there are some things that I miss in this exchange. One of the most important being the native(ish) way that things could just run on my linux machines before.

Before I’m flooded with an unnecessary amount of

Remote Development Is The Only Way

Trust me. I know. I love it. Great stuff. Big believer.

With that being said, I’m sure I’m not alone in the fact that there are times when that remote environment just isn’t available to me. Also, sometimes I’m just feeling lazy and want to run a stupid experiment and it would be really cool to do that fast and locally. It’s in these situations where I find myself working on my MacBook and trying to do something as simple as ping a container running on my machine and get this very sad response:

PING 172.18.0.2 (172.18.0.2): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3

First off. How dare you. Second, what happened to my sweet, sweet pings.

Well, this is where I’m once again reminded of this pain point. Docker isn’t actually running on my machine. It’s running in a machine, inside of my machine.

Whether it’s Docker Desktop or Colima, what’s actually happening is that the docker daemon is running inside of a virtual machine on my host. And that means that the docker network isn’t actually being made available on my localhost. If I want to access that network directly, I’ve got to SSH into that VM.

Gross.

While I’ve mucked around with a number of workarounds in the past, the one that I’ve come across most recently is actually one I like the most. The docker-mac-net-connect is a really cool project that utilizes Wireguard to make the docker network from inside your VM available to your localhost.

Now before talking a bit about how great this is. Some notes. It does currently only work with Docker Desktop. However, there is an open PR enabling this to work with Colima. So this _should_ work nicely for a number of setups here in the near future. But for now, we’ll assume that you’re treading down the Docker Desktop path. Otherwise, your mileage may vary.

Alright, now back to the cool stuff. As we saw before, without this running we saw heartbreak. Dropping pings as far as the eye can see. However, after getting this setup, what we can expect: All your hopes and dreams. Slinging pings to your docker network like it’s actually running on your machine. But how do we get there? Well, let’s dive in.

The first thing we need to do? Installation. Since this is just a Go application, you can go ahead and just pull it down and build from source if you’d like. However, we’ll take the nice and easy approach here. This project publishes everything to Homebrew. So if you’ve got it installed on your machine, installation is easy as:

# Install via Homebrew
$ brew install chipmk/tap/docker-mac-net-connect

# Run the service and register it to launch at boot
$ sudo brew services start chipmk/tap/docker-mac-net-connect

With these two commands, we’ve got everything installed and ready to go. With the service up and running, we can run our ping test again.

PING 172.18.0.2 (172.18.0.2): 56 data bytes
64 bytes from 172.18.0.2: icmp_seq=0 ttl=107 time=17.485 ms
64 bytes from 172.18.0.2: icmp_seq=1 ttl=107 time=20.892 ms
64 bytes from 172.18.0.2: icmp_seq=2 ttl=107 time=21.390 ms

That’s it. It works. End of story. Thanks for coming out.

Seriously though. That’s all you need to do to make your docker network available directly from your machine. HOW IS IT THIS EASY?! Why have we suffered with this problem this long if that’s all we had to do. What is actually going on behind the scenes to make this happen?

Well luckily, this project has a very nice diagram to help us visualize this:

docker-mac-net-connect/assets/connection-diagram.png at main · chipmk/docker-mac-net-connect

Summarizing from this projects README, this works by creating a tunnel between your local machine and the Docker Desktop virtual machine via Wireguard. The docker-mac-net-connect binary acts as the local wireguard server and on initial creation, creates a temporary container that configures the VM appropriately. From there it monitors the docker networks on the VM and adds the subnets to the OSX routing table via the utuninterface.

So now, armed with a nice utility and a TLDR; level understanding of what’s going on in your machine: GO FORTH. ACCESS YOUR CONTAINERS LIKE YOU’RE LIVING YOUR BEST LINUX-Y LIFE.