Container kill switch behavior clarification

[ViroHeresy]

When this container starts, but before its completed establishing a connection to nordvpn's network, is it possible for other containers inheriting from this one to make external calls?

Or does this act more as a killswitch preventing any communication until its successfully connected?

I hope this isn't a dumb question, as I didn't see any others on this. I just spent a lot of time trying to setup a docker healthcheck before realizing it might not be possible for other containers to utilize the network before its finished establishing a connection.

[ViroHeresy]

Alright, I think I have sufficiently answered my own question. In case anyone is stuck or concerned like I was here's some information.

Within my stack, I have the following defined on each of the secondary services.

network_mode: service:vpn
depends_on:
- vpn

Using the other containers in the stack I used the exec cmd
curl -f urlhere

While the VPN service is starting, this returns an error. Once the VPN is fully initialized it returns a proper response. So my conclusion is that any calls made through the VPN container before its established a connection will fail until its finished.

Quick aside, depends_on does not prevent the other containers from starting until the first is completed. Instead it starts in that order. So if you have a service that needs the connection ready before it starts you would need to add a healthcheck of some sort. There might be a way to utilize https://nordvpn.com/wp-admin/admin-ajax.php?action=get_user_info_data I believe when status returns true its successfully connected. I'm just not familiar enough with curl and other native options to make this work. Since nothing I'm running will fail at an unsuccessful network call I've opted to skip this.

Hope this is helpful to someone!