dd-trace-rb icon indicating copy to clipboard operation
dd-trace-rb copied to clipboard

Published 20 hours ago verified publisher icon DataDog

Put all docker-compose services on an internal network.

Open p-datadog opened this issue 1 year ago • 1 comments
trafficstars

What does this PR do?

Instead of exposing ports to the host via port:, expose them all only to the internal network and arrange for all services to be on this network.

Motivation:

This permits running docker-compose when the host machine also is running datadog-agent, mysql server, etc. The docker-compose services should now be completely isolated from the host services.

Additional Notes:

This PR should not change behavior for any operations performed inside docker. However, if any users run the docker-compose command and then access the component services from the host machine for some reason, this will no longer work.

Also, there may be cached docker state that could cause docker-compose to fail to start the environment if you already started it previously to applying this PR. I fixed this by either renaming the directory with the checked out dd-trace-rb tree (which creates a new namespace for the containers and also networks) or by rm -rfing the entire /var/lib/docker/*.

How to test the change?

  1. Install datadog agent or mysql server on the host machine and start them.
  2. Run docker-compose run --rm tracer-3.0 /bin/bash

For Datadog employees:

  • [ ] If this PR touches code that signs or publishes builds or packages, or handles credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
  • [ ] This PR doesn't touch any of that.

Unsure? Have a question? Request a review!

p-datadog avatar Jan 30 '24 21:01 p-datadog

This PR should not change behavior for any operations performed inside docker. However, if any users run the docker-compose command and then access the component services from the host machine for some reason, this will no longer work.

I depend on this for my workflow, I'll give this PR a try and see if I can still access docker-compose services (like elastic-search) from the host somehow.

marcotc avatar Jan 30 '24 22:01 marcotc

Should we make a decision on this PR? E.g. either explicitly merge it or close it?

ivoanjo avatar Mar 27 '24 16:03 ivoanjo

I will close this for now since I don't actively need the proposed functionality at the moment.

p-datadog avatar May 07 '24 14:05 p-datadog