Create network per build to link containers together
Overview
Right now when a user defines a services we are using the legacy Docker --link which can be removed any time. Apart from us depending on deprecated function, it's very limiting as well since the connection is only 1 way.
Scenarios it would solve
- Service containers can communicate with one another
- The service can communicate with the build container is it desires
- It will unblock work for Windows Docker executor to support services
- Possibly solves this ~bug #2699 (closed)
- security issues like #4430 (closed)
Proposal
We can solve all the above problem if we create a network per build, where every service and build container can talk to one another. The lifetime of the network is duration on the build and cleaned up after the build finishes. We have a community contribution that already gets us 90% of the way !1041 (closed), the contribution said that they will not work anymore on this we GitLab has to pick up from where they left of.
The flow would look something like this:
- Create a network
- Start services inside of that network
- Start build container inside of that network
- Build finishes
- Network removed
Things to keep in mind
- With workspaces we are planning to keep the environment after the build is done we have to keep in mind if that works as expected.
- This might conflict with
network_modeand might result in a breaking change. We have to be careful about how this would work and to handle it properly.
Original proposal
Hi,
I recently run into an issue when running build using gitlab runner with docker images. I want to test my web app (one container) with selenium (second container). The problem is that the selenium container is a service and it does not know the IP of the main (web) container.
The solution is very simple - create a network
docker network create CI_BUILD_ID
And then run a simple command for each container:
docker network connect CI_BUILD_ID CONTAINER_ID
It can be also achieved by adding a network and then adding --net=NETWORK_ID to docker run commands.
After all build containers are in the same network - they can see each other.