Docker Compose with multiple VPN network for multiple services

Question

I have a docker-compose file like this:

version: '3'

services:

  zookeeper:
    image: wurstmeister/zookeeper
    container_name: zookeeper
    restart: always
    ports:
      - 2181:2181

  kafka:
    image: wurstmeister/kafka
    container_name: kafka
    restart: always
    ports:
      - 9092:9092
    depends_on:
      - zookeeper
    links:
      - zookeeper:zookeeper
    environment:
      KAFKA_ADVERTISED_HOST_NAME: kafka
      KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181

  consumer1:
    image: consumer:0.0.1-SNAPSHOT
    container_name: consumer1
    restart: always
    ports:
      - 8081:8081
    environment:
      SERVER_PORT: 8081
      ADMIN_URL: server
      ADMIN_CLIENT_NAME: counsumer1
    depends_on:
      - kafka
      - vpn1
    links:
      - kafka:kafka
      - server:server

  consumer2:
    image: consumer:0.0.1-SNAPSHOT
    container_name: consumer2
    restart: always
    ports:
      - 8082:8082 
    environment:
      SERVER_PORT: 8082
      ADMIN_URL: server
      ADMIN_CLIENT_NAME: counsumer2
    depends_on:
      - kafka
    links:
      - kafka:kafka
      - server:server


  producer:
    image: producer:0.0.1-SNAPSHOT
    container_name: producer
    restart: always
    ports:
      - 8080:8080
    environment:
      SERVER_PORT: 8080
    depends_on:
      - kafka
    links:
      - kafka:kafka
      

  server:
    image: server:0.0.1-SNAPSHOT
    container_name: server
    restart: always
    ports:
      - 8070:8070
    environment:
      SERVER_PORT: 8070
    depends_on:
      - kafka
    links:
      - kafka:kafka

Then I would like to setup NordVPN containers for each consumer so I will be able to set different external IP for them. How should I do this?

The NordVPN instance can be started:

docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name vpn \
           -e [email protected] -e PASS=password \
           -e RANDOM_TOP=n -e RECREATE_VPN_CRON=string \
           -e COUNTRY=country1;country2 -e GROUP=group \
           -e TECHNOLOGY=technology -d azinchen/nordvpn

Once it's up other containers can be started using it's network connection:

docker run -it --net=container:vpn -d some/docker-container

Or by docker-compose:

version: "3"
services:
  vpn:
    image: azinchen/nordvpn:latest
    cap_add:
      - net_admin
    devices:
      - /dev/net/tun
    environment:
      - [email protected]
      - PASS=password
      - COUNTRY=Spain;Hong Kong;IE;131
      - GROUP=Standard VPN servers
      - RANDOM_TOP=10
      - RECREATE_VPN_CRON=5 */3 * * *
      - NETWORK=192.168.1.0/24;192.168.2.0/24
      - OPENVPN_OPTS=--mute-replay-warnings
    ports:
      - 8080:80
    restart: unless-stopped
  
  web:
    image: nginx
    network_mode: service:vpn

I tried to add the vpn service to my docker-compose and then added network_mode: service:vpn under my consumer1 service but it said something network_mode and link was not able in combination if I do not remember wrong.

Is it possible to do what i want?

Edit: To summarize: I can get the consumers to connect to kafka service but when I try to add NordVPN it seems that I manage to connect the consumer with the NordVPN service but then I can´t manage to establish a connection between that consumer and kafka.

So basically. consumer needs to be able to talk to kafka service but should be on the network for NordVPN so my IP is changed when the consumer makes action on the web.