0. Avoid IP conflicts
This blog came from a real scenario:
One project's docker-compose.yml created a default bridge with IP range 172.24.0.1/16. At the same time, a developer user tried to login this server from his own PC with 172.24.65.116/24. Without any doubt, he failed to connect this server.
To resolve this issue, the bridge's IP must be reconfigured to avoid conflict with users' devices.
Docker's official document suggests not to use the default bridge (docker0) for production apps. Absolutely, docker-compose comply with this rule and creates its own bridge for each project.
To make this blog complete, I also included steps to change docker0 here.
1. Steps to change Docker's default bridge (docker0)
When docker service is being started, it checks if a default bridge exists. If not, docker will create one and configure it by /etc/docker/daemon.json. The default IP range is 172.17.0.1/16.
But stopping the docker service does NOT automatically remove/delete the default bridge.
1.1 modify /etc/docker/daemon.json
$ cat /etc/docker/daemon.json
{
"bip": "192.168.44.1/24"
}
1.2 Restart docker service
$ sudo systemctl restart docker
2. Steps to change docker-compose's default bridge
When running "docker-comple up", it creates a default bridge with name as ${project_name}_default. The default IP range is 172.18.0.1/16. But next time it may change to 172.19.0.1/16, and next next time with 172.20.0.1/16,....
When running "docker-compose down", it deletes the default bridge automatically.
To make it use fixed IP range, docker-compose.yml has to be changed.
2.1 modify $project_name/docker-compose.yml
$ cat docker-compose.yml
version: '3'
services:
web:
build: .
ports:
- "5000:5000"
redis:
image: "redis:alpine"
networks:
default:
ipam:
config:
- subnet: 192.168.88.0/24
2.2 restart docker-compose
$ cd $project_name
$ docker-compose down
$ docker-compose up
No comments:
Post a Comment