currently if no network is specified each container automatically joins the default network.
it makes container isolation impossible!
https://github.com/apocas/dockerode-compose/blob/main/lib/services.js#L173-L182
if (service.networks !== undefined) {
servicesTools.buildNetworks(projectName, serviceName, service.networks, networksToAttach, opts, recipe.networks);
} else {
opts.HostConfig.NetworkMode = projectName + '_default';
opts.NetworkingConfig.EndpointsConfig[projectName + '_default'] = {
IPAMConfig: null,
Links: null,
Aliases: [serviceName],
};
}on possible solution would be to:
services:
container1:
image: <some image>
networks:
default: {}
networks:
default:
external: true
name: nonewe make sure "service.networks" is not undefined and to add some speacial rule to "buildNetworks()", so if we overwrite the default the container and it will join the "none" network and would be isolated!
unfortunately i dont know if "--icc=false" is accessible via the api!?
currently if no network is specified each container automatically joins the default network.
it makes container isolation impossible!
https://github.com/apocas/dockerode-compose/blob/main/lib/services.js#L173-L182
on possible solution would be to:
we make sure "service.networks" is not undefined and to add some speacial rule to "buildNetworks()", so if we overwrite the default the container and it will join the "none" network and would be isolated!
unfortunately i dont know if "--icc=false" is accessible via the api!?