diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
index 059accd4..a890d4a8 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
@@ -107,13 +107,19 @@ public class DeploymentExecutor {
 
             // === CREATE NETWORKS ===
             updateStage(deployment.id(), DeployStage.CREATE_NETWORK);
+            // Primary network: use configured CAMELEER_DOCKER_NETWORK (tenant-isolated in SaaS mode)
             String primaryNetwork = dockerNetwork;
             String envNet = null;
+            List<String> additionalNets = new ArrayList<>();
             if (networkManager != null) {
-                primaryNetwork = DockerNetworkManager.TRAEFIK_NETWORK;
                 networkManager.ensureNetwork(primaryNetwork);
+                // Traefik network for routing (apps need to be reachable by Traefik)
+                networkManager.ensureNetwork(DockerNetworkManager.TRAEFIK_NETWORK);
+                additionalNets.add(DockerNetworkManager.TRAEFIK_NETWORK);
+                // Per-environment network for intra-environment service discovery
                 envNet = DockerNetworkManager.envNetworkName(env.slug());
                 networkManager.ensureNetwork(envNet);
+                additionalNets.add(envNet);
             }
 
             // === START REPLICAS ===
@@ -133,7 +139,7 @@ public class DeploymentExecutor {
                         containerName, baseImage, jarPath,
                         volumeName, jarStoragePath,
                         primaryNetwork,
-                        envNet != null ? List.of(envNet) : List.of(),
+                        additionalNets,
                         baseEnvVars, labels,
                         config.memoryLimitBytes(), config.memoryReserveBytes(),
                         config.dockerCpuShares(), config.dockerCpuQuota(),
@@ -144,9 +150,11 @@ public class DeploymentExecutor {
                 String containerId = orchestrator.startContainer(request);
                 newContainerIds.add(containerId);
 
-                // Connect to environment network after container is started
-                if (networkManager != null && envNet != null) {
-                    networkManager.connectContainer(containerId, envNet);
+                // Connect to additional networks after container is started
+                for (String net : additionalNets) {
+                    if (networkManager != null) {
+                        networkManager.connectContainer(containerId, net);
+                    }
                 }
 
                 replicaStates.add(Map.of(