I worked for a large Silicon Valley company as a foreign national (Canadian) and I flew down at least once a quarter. When I said I was going for “unpaid business”, I was questioned enough that it led me to ask my employer to get me the proper visa so I could legally work because it felt like I could get denied entry on the whim of the immigration agent. It felt uncertain and was kind of stressful.
My advice is, don’t risk it. Get the visa to allow you to work for at least the time you are there. I ended up getting a full TN visa but I believe there are short-term work visas for this circumstance as well.
I believe even with the visa it’s still up to the immigration agent. I came close to trouble once when asked for my H1B visa petition document (not the visa in the passport). I had a photocopy and was told that wasn’t enough and although they’d let me in this time they expected to see the original in future. I also travelled with a letter from my employer explaining where I worked, job title etc as extra documentation just in case to derisk further.
What I want to do when running a Docker container on Mac is to be able to have the container have an IP address separate from the Mac's IP address that applications on the Mac see. No port mapping: if the container has a web server on port 80 I want to access it at container_ip:80, not 127.0.0.1:2000 or something that gets mapped to container port 80.
On Linux I'd just used Docker bridged networking and I believe that would work, but on Mac that just bridges to the Linux VM running under the hypervisor rather than to the Mac.
Is there some officially recommended and supported way to do this?
For a while I did it by running WireGuard on the Linux VM to tunnel between that and the Mac, with forwarding enabled on the Linux VM [1]. That worked great for quite a while, but then stopped and I could not figure out why. Then it worked again. Then it stopped.
I then switched to this [2] which also uses WireGuard but in a much more automated fashion. It worked for quite a while, but also then had some problems with Docker updates sometimes breaking it.
It would be great if Docker on Mac came with something like this built in.
[1] https://news.ycombinator.com/item?id=33665178
[2] https://github.com/chipmk/docker-mac-net-connect
BTW are you trying to avoid port mapping because ports are dynamic and not known in advance? If so you could try running the container with --net=host and in Docker Desktop Settings navigate to Resources / Network and Enable Host Networking. This will automatically set up tunnels when applications listen on a port in the container.
Thanks for the links, I'll dig into those!