docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding docker0 and docker_gwbridge information UCP plan-installation section

This commit is contained in:
Aaron Rueth 2019-08-05 08:41:53 -07:00
parent 02183c805f
commit 0dd95b0bce
1 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
ee/ucp/admin/install/plan-installation.md
View File

@ -42,11 +42,56 @@ this.
## Avoid IP range conflicts ## Avoid IP range conflicts
### Engine
There are two IP ranges used by the engine for the `docker0` and `docker_gwbridge` interface:
#### docker0
By default, the Docker creates and configures the host system with a network interface called `docker0`, which is an ethernet bridge device. If you dont specify a different network when starting a container, the container is connected to the bridge and all traffic coming from and going to the container flows over the bridge to the Docker engine, which handles routing on behalf of the container.
Docker configures `docker0` with a configurable IP range. Containers which are connected to the default bridge are allocated IP addresses within this range. Certain default settings apply to `docker` unless you specify otherwise. The default subnet for `docker0` is `172.17.0.0/16` and the default maximum transmission unit (`MTU`) is `1500` bytes.
The recommended way configure the `docker0` settings is to use the `daemon.json` file. You can specify one or more of the following settings to configure the `docker0` network:
```
{
"bip": "172.17.0.1/16",
"fixed-cidr": "172.17.0.0/16",
"mtu": 1500
}
```
`bip`: Supply a specific bridge IP range for the `docker0` interface, using standard CIDR notation. Default is `172.17.0.1/16`.
`fixed-cidr`: Restrict the IP range for `docker0`, using standard CIDR notation. Default is `172.17.0.0/16`.
This range must be an IPv4 range for fixed IPs, and must be a subset of the bridge IP range (`bip` in `daemon.json`). For example, with `172.17.0.0/17`, IPs for your containers will be chosen from the first half of addresses(`172.17.0.1` - `172.17.127.254`) included in the `bip`(`172.17.0.0/16`) subnet.
`mtu`: Set the maximum packet size in bytes for `docker0`.
#### docker_gwbridge
The `docker_gwbridge` is a virtual bridge that connects the overlay networks (including the `ingress` network) to an individual Docker engine's physical network. Docker creates it automatically when you initialize a swarm or join a Docker host to a swarm, but it is not a Docker device. It exists in the kernel of the Docker host. The default subnet for `docker_gwbridge` is `172.18.0.0/16`.
If you need to customize its settings, you must do so before joining the Docker host to the swarm, or after temporarily removing the host from the swarm. The recommended way to configure the `docker_gwbridge` settings is to use the `daemon.json` file. You can specify one or more of the following settings to configure the network:
```
{
"default-address-pools": [
{"base":"172.18.0.0/16","size":16}
]
}
```
`default-address-pools`: Set the default address pools for local node networks.
### Swarm
Swarm uses a default address pool of `10.0.0.0/8` for its overlay networks. If this conflicts with your current network implementation, please use a custom IP address pool. To specify a custom IP address pool, use the `--default-address-pool` command line option during [Swarm initialization](../../../../engine/swarm/swarm-mode.md). Swarm uses a default address pool of `10.0.0.0/8` for its overlay networks. If this conflicts with your current network implementation, please use a custom IP address pool. To specify a custom IP address pool, use the `--default-address-pool` command line option during [Swarm initialization](../../../../engine/swarm/swarm-mode.md).
> **Note**: Currently, the UCP installation process does not support this flag. To deploy with a custom IP pool, Swarm must first be installed using this flag and UCP must be installed on top of it. > **Note**: Currently, the UCP installation process does not support this flag. To deploy with a custom IP pool, Swarm must first be installed using this flag and UCP must be installed on top of it.
### Kubernetes IP Range Conflicts ### Kubernetes
There are 2 internal IP ranges used within Kubernetes that may overlap and There are 2 internal IP ranges used within Kubernetes that may overlap and
conflict with the underlying infrastructure: conflict with the underlying infrastructure:
@ -54,7 +99,7 @@ conflict with the underlying infrastructure:
- The Pod Network - Each Pod in Kubernetes is given an IP address from either - The Pod Network - Each Pod in Kubernetes is given an IP address from either
the Calico or Azure IPAM services. In a default installation Pods are given the Calico or Azure IPAM services. In a default installation Pods are given
IP addresses on the `192.168.0.0/16` range. This can be customised at install IP addresses on the `192.168.0.0/16` range. This can be customised at install
time using the `--pod-cidr` flag. time using the `--pod-cidr` flag.
- The Services Network - When a user exposes a Service in Kubernetes it is - The Services Network - When a user exposes a Service in Kubernetes it is
accesible via a VIP, this VIP comes from a Cluster IP Range. By default on UCP accesible via a VIP, this VIP comes from a Cluster IP Range. By default on UCP