Resolve containers using consul DNS on host

10
votes

Aim: Get a docker container to use the DNS provided by the host machine, which is a consul agent running in another container, to access services available via traefik reverse proxy.

Setup Host machine: Ubuntu 16.04.2 LTS

Registrator registers new containers to the consul agent, traefik is the reverse proxy to load balance the services and make them available. There is a general node app which returns "Hello World" when you hit the '/' path

Container 1.

docker run -d --net=host consul agent -dev

Container 2.

docker run -d  --name=registrator --net=host --volume=/var/run/docker.sock:/tmp/docker.sock gliderlabs/registrator:latest consul://localhost:8500

Container 3.

docker run -d --net=host -p 8089:8080 -p 80:80 --name=traefik -v ~/projects/traefix/docker.toml:/etc/traefik/traefik.toml traefik

Container 4.

docker run -P -d meep/node-web-app

Host machine using Network Manager

The host machine is setup so any lookups for the consul TLD it will resolve to the consul docker container

/etc/NetworkManager/dnsmasq.d/10-consul
server=/consul/127.0.0.1#8600

I have /etc/NetworkManager/dnsmasq.d/docker-bridge.conf with the following config which means it will listen for DNS requests on the docker network interface.

listen-address=172.17.0.1

Currently on my host machine I can do the following

  1. dig node-web-app.service.consul returns the ip address of 127.0.0.1
  2. curl http://node-web-app.service.consul/ returns 'Hello World'

So far so good everything working on the host.

I boot up a container like

docker run --dns=172.17.0.1 -it joffotron/docker-net-tools

and run dig node-web-app.service.consul it returns 127.0.0.1, well at least the dns is partly working. Clearly if I now run curl http://node-web-app.service.consul/ it will break as the dns lookup is pointing to 127.0.0.1, when it should point to 172.17.0.1

Forgive me, I've not really work with docker + service discovery So what can I do so the containers DNS correctly point to 172.17.0.1 ?

1
dockerdnsconsul
The general flaw with this approach is, what is the reachable IP for your host machine? If your machine has no network connected, then there is no network to reach it on, until unless your code runs in the same network as your host. Being able to return 127.0.0.1 for a dig response is bad as not having a DNS at all. Now when you connect to a LAN or a WAN, you have a IP which the container can reach on, but this IP is not fixed and will change when the network updates and using it for the DNS masq will not make sense. You either need to get a static IP which is reachable or use docker itself. - Tarun Lalwani
See this thread as well stackoverflow.com/questions/45898458/… - Tarun Lalwani

1 Answers

-1
votes

The container 4 is not using the same network as the other ones (the --net=host) so your DNS can't work in all cases.

Either:

  • You are on the physical machine network and you have to address the node-web-app using it's container IP
  • You are inside a docker network and you have to get the routable IP of your machine.

The fact that dig returns 127.0.0.1 is completely normal, because that's what you told him, but your node-web-app is not accessible at 127.0.0.1 (Which is, in this case, the local IP of this particular docker container) from the dig container.