feat(bootstrap): restore per-gateway Docker bridge networks#303
Merged
Conversation
PR #281 removed the shared openshell-cluster Docker network in favor of the default bridge. This restores custom bridge networking but makes each gateway use its own isolated network named openshell-cluster-{name}, matching the existing container/volume naming convention. Changes: - Add network_name() to constants.rs for per-gateway network naming - Add ensure_network() with retry/backoff and force_remove_network() parameterized by network name instead of a global constant - Attach containers to their per-gateway network via network_mode - Disconnect and remove the network during gateway destroy - Wire ensure_network() into the deploy flow before ensure_volume() - Update architecture docs to reflect per-gateway network isolation
drew
added a commit
that referenced
this pull request
Mar 16, 2026
PR #281 removed the shared openshell-cluster Docker network in favor of the default bridge. This restores custom bridge networking but makes each gateway use its own isolated network named openshell-cluster-{name}, matching the existing container/volume naming convention. Changes: - Add network_name() to constants.rs for per-gateway network naming - Add ensure_network() with retry/backoff and force_remove_network() parameterized by network name instead of a global constant - Attach containers to their per-gateway network via network_mode - Disconnect and remove the network during gateway destroy - Wire ensure_network() into the deploy flow before ensure_volume() - Update architecture docs to reflect per-gateway network isolation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
openshell-clusternetworkopenshell-cluster-{name}, matching the existing container/volume naming conventionnetwork_mode, and torn down during destroyContext
PR #281 removed the shared
openshell-clusterDocker bridge network. This left gateways running on Docker's default bridge, which means multiple gateways share the same network namespace and can't be properly isolated.This PR restores dedicated bridge networking with a key improvement: instead of a single global network, each gateway gets its own
openshell-cluster-{name}network. This ensures multiple gateways on the same Docker daemon don't interfere with each other's networking.Changes
crates/openshell-bootstrap/src/constants.rsnetwork_name(name)functioncrates/openshell-bootstrap/src/docker.rsensure_network()with retry/backoff,force_remove_network(),network_modeon container, network disconnect+removal in destroycrates/openshell-bootstrap/src/lib.rsensure_network()into deploy flow beforeensure_volume()architecture/gateway-single-node.mdTest Plan
cargo check -p openshell-bootstrappassescargo check --workspacepasses (full workspace)cargo fmt --all -- --checkpasses