docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

network: use "console" for shell examples 

This allows for easier copying of the commands, without selecting the
prompt.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn 2021-08-06 17:04:33 +02:00
parent 7b2f0e92bc
commit 4068208b74
No known key found for this signature in database
GPG Key ID: 76698F39D527CE8C
9 changed files with 101 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
network/bridge.md
View File

@ -104,7 +104,7 @@ flag.
Use the `docker network create` command to create a user-defined bridge
network.
```bash
```console
$ docker network create my-net
```
@ -118,7 +118,7 @@ network. If containers are currently connected to the network,
[disconnect them](#disconnect-a-container-from-a-user-defined-bridge)
first.
```bash
```console
$ docker network rm my-net
```
@ -139,7 +139,7 @@ publishes port 80 in the container to port 8080 on the Docker host, so external
clients can access that port. Any other container connected to the `my-net`
network has access to all ports on the `my-nginx` container, and vice versa.
```bash
```console
$ docker create --name my-nginx \
--network my-net \
--publish 8080:80 \
@ -150,7 +150,7 @@ To connect a **running** container to an existing user-defined bridge, use the
`docker network connect` command. The following command connects an already-running
`my-nginx` container to an already-existing `my-net` network:
```bash
```console
$ docker network connect my-net my-nginx
```
@ -160,7 +160,7 @@ To disconnect a running container from a user-defined bridge, use the `docker
network disconnect` command. The following command disconnects the `my-nginx`
container from the `my-net` network.
```bash
```console
$ docker network disconnect my-net my-nginx
```
@ -183,14 +183,14 @@ kernel.
1. Configure the Linux kernel to allow IP forwarding.
```bash
```console
$ sysctl net.ipv4.conf.all.forwarding=1
```
2. Change the policy for the `iptables` `FORWARD` policy from `DROP` to
`ACCEPT`.
```bash
```console
$ sudo iptables -P FORWARD ACCEPT
```

10
network/iptables.md
View File

@ -40,7 +40,7 @@ To allow only a specific IP or network to access the containers, insert a
negated rule at the top of the `DOCKER-USER` filter chain. For example, the
following rule restricts external access from all IP addresses except `192.168.1.1`:
```bash
```console
$ iptables -I DOCKER-USER -i ext_if ! -s 192.168.1.1 -j DROP
```
@ -48,14 +48,14 @@ Please note that you will need to change `ext_if` to correspond with your
host's actual external interface. You could instead allow connections from a
source subnet. The following rule only allows access from the subnet `192.168.1.0/24`:
```bash
```console
$ iptables -I DOCKER-USER -i ext_if ! -s 192.168.1.0/24 -j DROP
```
Finally, you can specify a range of IP addresses to accept using `--src-range`
(Remember to also add `-m iprange` when using `--src-range` or `--dst-range`):
```bash
```console
$ iptables -I DOCKER-USER -m iprange -i ext_if ! --src-range 192.168.1.1-192.168.1.3 -j DROP
```
@ -76,7 +76,7 @@ any traffic anymore. If you want your system to continue functioning as a
router, you can add explicit `ACCEPT` rules to the `DOCKER-USER` chain to
allow it:
```bash
```console
$ iptables -I DOCKER-USER -i src_if -o dst_if -j ACCEPT
```
@ -100,7 +100,7 @@ If you are running Docker version 20.10.0 or higher with [firewalld](https://fir
Consider running the following `firewalld` command to remove the docker interface from the zone.
```bash
```console
# Please substitute the appropriate zone and docker interface
$ firewall-cmd --zone=trusted --remove-interface=docker0 --permanent
$ firewall-cmd --reload

10
network/macvlan.md
View File

@ -46,7 +46,7 @@ interface, use `--driver macvlan` with the `docker network create` command. You
also need to specify the `parent`, which is the interface the traffic will
physically go through on the Docker host.
```bash
```console
$ docker network create -d macvlan \
--subnet=172.16.86.0/24 \
--gateway=172.16.86.1 \
@ -56,7 +56,7 @@ $ docker network create -d macvlan \
If you need to exclude IP addresses from being used in the `macvlan` network, such
as when a given IP address is already in use, use `--aux-addresses`:
```bash
```console
$ docker network create -d macvlan \
--subnet=192.168.32.0/24 \
--ip-range=192.168.32.128/25 \
@ -71,7 +71,7 @@ If you specify a `parent` interface name with a dot included, such as `eth0.50`,
Docker interprets that as a sub-interface of `eth0` and creates the sub-interface
automatically.
```bash
```console
$ docker network create -d macvlan \
--subnet=192.168.50.0/24 \
--gateway=192.168.50.1 \
@ -83,7 +83,7 @@ $ docker network create -d macvlan \
In the above example, you are still using a L3 bridge. You can use `ipvlan`
instead, and get an L2 bridge. Specify `-o ipvlan_mode=l2`.
```bash
```console
$ docker network create -d ipvlan \
--subnet=192.168.210.0/24 \
--subnet=192.168.212.0/24 \
@ -97,7 +97,7 @@ $ docker network create -d ipvlan \
If you have [configured the Docker daemon to allow IPv6](../config/daemon/ipv6.md),
you can use dual-stack IPv4/IPv6 `macvlan` networks.
```bash
```console
$ docker network create -d macvlan \
--subnet=192.168.216.0/24 --subnet=192.168.218.0/24 \
--gateway=192.168.216.1 --gateway=192.168.218.1 \

12
network/network-tutorial-host.md
View File

@ -30,8 +30,8 @@ host.
1. Create and start the container as a detached process. The `--rm` option means to remove the container once it exits/stops. The `-d` flag means to start the container detached (in the background).
```bash
docker run --rm -d --network host --name my_nginx nginx
```console
$ docker run --rm -d --network host --name my_nginx nginx
```
2. Access Nginx by browsing to
@ -41,16 +41,16 @@ host.
- Examine all network interfaces and verify that a new one was not created.
```bash
ip addr show
```console
$ ip addr show
```
- Verify which process is bound to port 80, using the `netstat` command. You
need to use `sudo` because the process is owned by the Docker daemon user
and you otherwise won't be able to see its name or PID.
```bash
sudo netstat -tulpn | grep :80
```console
$ sudo netstat -tulpn | grep :80
```
4. Stop the container. It will be removed automatically as it was started using the `--rm` option.

20
network/network-tutorial-macvlan.md
View File

@ -39,7 +39,7 @@ on your network, your container appears to be physically attached to the network
1. Create a `macvlan` network called `my-macvlan-net`. Modify the `subnet`, `gateway`,
and `parent` values to values that make sense in your environment.
```bash
```console
$ docker network create -d macvlan \
--subnet=172.16.86.0/24 \
--gateway=172.16.86.1 \
@ -54,7 +54,7 @@ on your network, your container appears to be physically attached to the network
`-dit` flags start the container in the background but allow you to attach
to it. The `--rm` flag means the container is removed when it is stopped.
```bash
```console
$ docker run --rm -dit \
--network my-macvlan-net \
--name my-macvlan-alpine \
@ -94,7 +94,7 @@ on your network, your container appears to be physically attached to the network
4. Check out how the container sees its own network interfaces by running a
couple of `docker exec` commands.
```bash
```console
$ docker exec my-macvlan-alpine ip addr show eth0
9: eth0@tunl0: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
@ -103,7 +103,7 @@ on your network, your container appears to be physically attached to the network
valid_lft forever preferred_lft forever
```
```bash
```console
$ docker exec my-macvlan-alpine ip route
default via 172.16.86.1 dev eth0
@ -113,7 +113,7 @@ on your network, your container appears to be physically attached to the network
5. Stop the container (Docker removes it because of the `--rm` flag), and remove
the network.
```bash
```console
$ docker container stop my-macvlan-alpine
$ docker network rm my-macvlan-net
@ -130,7 +130,7 @@ be physically attached to the network.
`subnet`, `gateway`, and `parent` values to values that make sense in your
environment.
```bash
```console
$ docker network create -d macvlan \
--subnet=172.16.86.0/24 \
--gateway=172.16.86.1 \
@ -148,7 +148,7 @@ be physically attached to the network.
you to attach to it. The `--rm` flag means the container is removed when it
is stopped.
```bash
```console
$ docker run --rm -itd \
--network my-8021q-macvlan-net \
--name my-second-macvlan-alpine \
@ -188,7 +188,7 @@ be physically attached to the network.
4. Check out how the container sees its own network interfaces by running a
couple of `docker exec` commands.
```bash
```console
$ docker exec my-second-macvlan-alpine ip addr show eth0
11: eth0@if10: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
@ -197,7 +197,7 @@ be physically attached to the network.
valid_lft forever preferred_lft forever
```
```bash
```console
$ docker exec my-second-macvlan-alpine ip route
default via 172.16.86.1 dev eth0
@ -207,7 +207,7 @@ be physically attached to the network.
5. Stop the container (Docker removes it because of the `--rm` flag), and remove
the network.
```bash
```console
$ docker container stop my-second-macvlan-alpine
$ docker network rm my-8021q-macvlan-net

70
network/network-tutorial-overlay.md
View File

@ -74,7 +74,7 @@ and will be connected together using an overlay network called `ingress`.
1. On `manager`. initialize the swarm. If the host only has one network
interface, the `--advertise-addr` flag is optional.
```bash
```console
$ docker swarm init --advertise-addr=<IP-ADDRESS-OF-MANAGER>
```
@ -85,7 +85,7 @@ and will be connected together using an overlay network called `ingress`.
2. On `worker-1`, join the swarm. If the host only has one network interface,
the `--advertise-addr` flag is optional.
```bash
```console
$ docker swarm join --token <TOKEN> \
--advertise-addr <IP-ADDRESS-OF-WORKER-1> \
<IP-ADDRESS-OF-MANAGER>:2377
@ -94,7 +94,7 @@ and will be connected together using an overlay network called `ingress`.
3. On `worker-2`, join the swarm. If the host only has one network interface,
the `--advertise-addr` flag is optional.
```bash
```console
$ docker swarm join --token <TOKEN> \
--advertise-addr <IP-ADDRESS-OF-WORKER-2> \
<IP-ADDRESS-OF-MANAGER>:2377
@ -103,7 +103,7 @@ and will be connected together using an overlay network called `ingress`.
4. On `manager`, list all the nodes. This command can only be done from a
manager.
```bash
```console
$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
@ -114,7 +114,7 @@ and will be connected together using an overlay network called `ingress`.
You can also use the `--filter` flag to filter by role:
```bash
```console
$ docker node ls --filter role=manager
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS
@ -132,7 +132,7 @@ and will be connected together using an overlay network called `ingress`.
network called `docker_gwbridge`. Only the listing for `manager` is shown
here:
```bash
```console
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
@ -155,7 +155,7 @@ connect a service to each of them.
1. On `manager`, create a new overlay network called `nginx-net`:
```bash
```console
$ docker network create -d overlay nginx-net
```
@ -169,7 +169,7 @@ connect a service to each of them.
> **Note**: Services can only be created on a manager.
```bash
```console
$ docker service create \
--name my-nginx \
--publish target=80,published=80 \
@ -204,11 +204,11 @@ connect a service to each of them.
6. Create a new network `nginx-net-2`, then update the service to use this
network instead of `nginx-net`:
```bash
```console
$ docker network create -d overlay nginx-net-2
```
```bash
```console
$ docker service update \
--network-add nginx-net-2 \
--network-rm nginx-net \
@ -228,7 +228,7 @@ connect a service to each of them.
commands. The manager will direct the workers to remove the networks
automatically.
```bash
```console
$ docker service rm my-nginx
$ docker network rm nginx-net nginx-net-2
```
@ -243,14 +243,14 @@ This tutorial assumes the swarm is already set up and you are on a manager.
1. Create the user-defined overlay network.
```bash
```console
$ docker network create -d overlay my-overlay
```
2. Start a service using the overlay network and publishing port 80 to port
8080 on the Docker host.
```bash
```console
$ docker service create \
--name my-nginx \
--network my-overlay \
@ -264,7 +264,7 @@ This tutorial assumes the swarm is already set up and you are on a manager.
4. Remove the service and the network.
```bash
```console
$ docker service rm my-nginx
$ docker network rm my-overlay
@ -311,7 +311,7 @@ example also uses Linux hosts, but the same commands work on Windows.
hosts in the swarm, for instance, the private IP address on AWS):
```bash
```console
$ docker swarm init
Swarm initialized: current node (vz1mm9am11qcmo979tlrlox42) is now a manager.
@ -324,7 +324,7 @@ example also uses Linux hosts, but the same commands work on Windows.
b. On `host2`, join the swarm as instructed above:
```bash
```console
$ docker swarm join --token <your_token> <your_ip_address>:2377
This node joined a swarm as a worker.
```
@ -335,7 +335,7 @@ example also uses Linux hosts, but the same commands work on Windows.
2. On `host1`, create an attachable overlay network called `test-net`:
```bash
```console
$ docker network create --driver=overlay --attachable test-net
uqsof8phj3ak0rq9k86zta6ht
```
@ -344,14 +344,14 @@ example also uses Linux hosts, but the same commands work on Windows.
3. On `host1`, start an interactive (`-it`) container (`alpine1`) that connects to `test-net`:
```bash
```console
$ docker run -it --name alpine1 --network test-net alpine
/ #
```
4. On `host2`, list the available networks -- notice that `test-net` does not yet exist:
```bash
```console
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
ec299350b504 bridge bridge local
@ -363,7 +363,7 @@ example also uses Linux hosts, but the same commands work on Windows.
5. On `host2`, start a detached (`-d`) and interactive (`-it`) container (`alpine2`) that connects to `test-net`:
```bash
```console
$ docker run -dit --name alpine2 --network test-net alpine
fb635f5ece59563e7b8b99556f816d24e6949a5f6a5b1fbd92ca244db17a4342
```
@ -372,7 +372,7 @@ example also uses Linux hosts, but the same commands work on Windows.
6. On `host2`, verify that `test-net` was created (and has the same NETWORK ID as `test-net` on `host1`):
```bash
```console
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
...
@ -381,7 +381,7 @@ example also uses Linux hosts, but the same commands work on Windows.
7. On `host1`, ping `alpine2` within the interactive terminal of `alpine1`:
```bash
```console
/ # ping -c 2 alpine2
PING alpine2 (10.0.0.5): 56 data bytes
64 bytes from 10.0.0.5: seq=0 ttl=64 time=0.600 ms
@ -405,7 +405,7 @@ example also uses Linux hosts, but the same commands work on Windows.
8. On `host1`, close the `alpine1` session (which also stops the container):
```bash
```console
/ # exit
```
@ -418,7 +418,7 @@ example also uses Linux hosts, but the same commands work on Windows.
a. On `host2`, stop `alpine2`, check that `test-net` was removed, then remove `alpine2`:
```bash
```console
$ docker container stop alpine2
$ docker network ls
$ docker container rm alpine2
@ -426,7 +426,7 @@ example also uses Linux hosts, but the same commands work on Windows.
a. On `host1`, remove `alpine1` and `test-net`:
```bash
```console
$ docker container rm alpine1
$ docker network rm test-net
```
@ -442,7 +442,7 @@ need to have Docker installed and running.
swarm on this Docker daemon. You may see different networks, but you should
at least see these (the network IDs will be different):
```bash
```console
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
@ -465,7 +465,7 @@ need to have Docker installed and running.
container's ID will be printed. Because you have not specified any
`--network` flags, the containers connect to the default `bridge` network.
```bash
```console
$ docker run -dit --name alpine1 alpine ash
$ docker run -dit --name alpine2 alpine ash
@ -473,7 +473,7 @@ need to have Docker installed and running.
Check that both containers are actually started:
```bash
```console
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
@ -483,7 +483,7 @@ need to have Docker installed and running.
3. Inspect the `bridge` network to see what containers are connected to it.
```bash
```console
$ docker network inspect bridge
[
@ -544,7 +544,7 @@ need to have Docker installed and running.
4. The containers are running in the background. Use the `docker attach`
command to connect to `alpine1`.
```bash
```console
$ docker attach alpine1
/ #
@ -554,7 +554,7 @@ need to have Docker installed and running.
the container. Use the `ip addr show` command to show the network interfaces
for `alpine1` as they look from within the container:
```bash
```console
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
@ -579,7 +579,7 @@ need to have Docker installed and running.
pinging `google.com`. The `-c 2` flag limits the command two two `ping`
attempts.
```bash
```console
# ping -c 2 google.com
PING google.com (172.217.3.174): 56 data bytes
@ -594,7 +594,7 @@ need to have Docker installed and running.
6. Now try to ping the second container. First, ping it by its IP address,
`172.17.0.3`:
```bash
```console
# ping -c 2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
@ -609,7 +609,7 @@ need to have Docker installed and running.
This succeeds. Next, try pinging the `alpine2` container by container
name. This will fail.
```bash
```console
# ping -c 2 alpine2
ping: bad address 'alpine2'
@ -622,7 +622,7 @@ need to have Docker installed and running.
8. Stop and remove both containers.
```bash
```console
$ docker container stop alpine1 alpine2
$ docker container rm alpine1 alpine2
```

44
network/network-tutorial-standalone.md
View File

@ -37,7 +37,7 @@ need to have Docker installed and running.
swarm on this Docker daemon. You may see different networks, but you should
at least see these (the network IDs will be different):
```bash
```console
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
@ -60,7 +60,7 @@ need to have Docker installed and running.
container's ID will be printed. Because you have not specified any
`--network` flags, the containers connect to the default `bridge` network.
```bash
```console
$ docker run -dit --name alpine1 alpine ash
$ docker run -dit --name alpine2 alpine ash
@ -68,7 +68,7 @@ need to have Docker installed and running.
Check that both containers are actually started:
```bash
```console
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
@ -78,7 +78,7 @@ need to have Docker installed and running.
3. Inspect the `bridge` network to see what containers are connected to it.
```bash
```console
$ docker network inspect bridge
[
@ -139,7 +139,7 @@ need to have Docker installed and running.
4. The containers are running in the background. Use the `docker attach`
command to connect to `alpine1`.
```bash
```console
$ docker attach alpine1
/ #
@ -149,7 +149,7 @@ need to have Docker installed and running.
the container. Use the `ip addr show` command to show the network interfaces
for `alpine1` as they look from within the container:
```bash
```console
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
@ -174,7 +174,7 @@ need to have Docker installed and running.
pinging `google.com`. The `-c 2` flag limits the command to two `ping`
attempts.
```bash
```console
# ping -c 2 google.com
PING google.com (172.217.3.174): 56 data bytes
@ -189,7 +189,7 @@ need to have Docker installed and running.
6. Now try to ping the second container. First, ping it by its IP address,
`172.17.0.3`:
```bash
```console
# ping -c 2 172.17.0.3
PING 172.17.0.3 (172.17.0.3): 56 data bytes
@ -204,7 +204,7 @@ need to have Docker installed and running.
This succeeds. Next, try pinging the `alpine2` container by container
name. This will fail.
```bash
```console
# ping -c 2 alpine2
ping: bad address 'alpine2'
@ -217,7 +217,7 @@ need to have Docker installed and running.
8. Stop and remove both containers.
```bash
```console
$ docker container stop alpine1 alpine2
$ docker container rm alpine1 alpine2
```
@ -238,13 +238,13 @@ connected to both networks.
1. Create the `alpine-net` network. You do not need the `--driver bridge` flag
since it's the default, but this example shows how to specify it.
```bash
```console
$ docker network create --driver bridge alpine-net
```
2. List Docker's networks:
```bash
```console
$ docker network ls
NETWORK ID NAME DRIVER SCOPE
@ -257,7 +257,7 @@ connected to both networks.
Inspect the `alpine-net` network. This shows you its IP address and the fact
that no containers are connected to it:
```bash
```console
$ docker network inspect alpine-net
[
@ -296,7 +296,7 @@ connected to both networks.
`docker network connect` afterward to connect `alpine4` to the `bridge`
network as well.
```bash
```console
$ docker run -dit --name alpine1 --network alpine-net alpine ash
$ docker run -dit --name alpine2 --network alpine-net alpine ash
@ -310,7 +310,7 @@ connected to both networks.
Verify that all containers are running:
```bash
```console
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
@ -322,7 +322,7 @@ connected to both networks.
4. Inspect the `bridge` network and the `alpine-net` network again:
```bash
```console
$ docker network inspect bridge
[
@ -376,7 +376,7 @@ connected to both networks.
Containers `alpine3` and `alpine4` are connected to the `bridge` network.
```bash
```console
$ docker network inspect alpine-net
[
@ -437,7 +437,7 @@ connected to both networks.
connect to `alpine1` and test this out. `alpine1` should be able to resolve
`alpine2` and `alpine4` (and `alpine1`, itself) to IP addresses.
```bash
```console
$ docker container attach alpine1
# ping -c 2 alpine2
@ -474,7 +474,7 @@ connected to both networks.
6. From `alpine1`, you should not be able to connect to `alpine3` at all, since
it is not on the `alpine-net` network.
```bash
```console
# ping -c 2 alpine3
ping: bad address 'alpine3'
@ -485,7 +485,7 @@ connected to both networks.
`bridge` network and find `alpine3`'s IP address: `172.17.0.2` Try to ping
it.
```bash
```console
# ping -c 2 172.17.0.2
PING 172.17.0.2 (172.17.0.2): 56 data bytes
@ -502,7 +502,7 @@ connected to both networks.
However, you will need to address `alpine3` by its IP address. Attach to it
and run the tests.
```bash
```console
$ docker container attach alpine4
# ping -c 2 alpine1
@ -556,7 +556,7 @@ connected to both networks.
connect to `alpine1` (which is only connected to the `alpine-net` network)
and try again.
```bash
```console
# ping -c 2 google.com
PING google.com (172.217.3.174): 56 data bytes

8
network/none.md
View File

@ -10,7 +10,7 @@ only the loopback device is created. The following example illustrates this.
1. Create the container.
```bash
```console
$ docker run --rm -dit \
--network none \
--name no-net-alpine \
@ -21,7 +21,7 @@ only the loopback device is created. The following example illustrates this.
2. Check the container's network stack, by executing some common networking
commands within the container. Notice that no `eth0` was created.
```bash
```console
$ docker exec no-net-alpine ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
@ -32,7 +32,7 @@ only the loopback device is created. The following example illustrates this.
link/tunnel6 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 brd 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
```
```bash
```console
$ docker exec no-net-alpine ip route
```
@ -41,7 +41,7 @@ only the loopback device is created. The following example illustrates this.
3. Stop the container. It is removed automatically because it was created with
the `--rm` flag.
```bash
```console
$ docker stop no-net-alpine
```

14
network/overlay.md
View File

@ -61,7 +61,7 @@ apply to overlay networks used by standalone containers.
To create an overlay network for use with swarm services, use a command like
the following:
```bash
```console
$ docker network create -d overlay my-overlay
```
@ -69,7 +69,7 @@ To create an overlay network which can be used by swarm services **or**
standalone containers to communicate with other standalone containers running on
other Docker daemons, add the `--attachable` flag:
```bash
```console
$ docker network create -d overlay --attachable my-attachable-overlay
```
@ -105,7 +105,7 @@ automatically rotate the keys every 12 hours.
You can use the overlay network feature with both `--opt encrypted --attachable`
and attach unmanaged containers to that network:
```bash
```console
$ docker network create --opt encrypted --driver overlay --attachable my-attachable-multi-host-network
```
@ -133,7 +133,7 @@ services which publish ports, such as a WordPress service which publishes port
2. Remove the existing `ingress` network:
```bash
```console
$ docker network rm ingress
WARNING! Before removing the routing-mesh network, make sure all the nodes
@ -147,7 +147,7 @@ services which publish ports, such as a WordPress service which publishes port
custom options you want to set. This example sets the MTU to 1200, sets
the subnet to `10.11.0.0/16`, and sets the gateway to `10.11.0.2`.
```bash
```console
$ docker network create \
--driver overlay \
--ingress \
@ -177,7 +177,7 @@ from the swarm.
2. Delete the existing `docker_gwbridge` interface.
```bash
```console
$ sudo ip link set docker_gwbridge down
$ sudo ip link del dev docker_gwbridge
@ -190,7 +190,7 @@ from the swarm.
This example uses the subnet `10.11.0.0/16`. For a full list of customizable
options, see [Bridge driver options](../engine/reference/commandline/network_create.md#bridge-driver-options).
```bash
```console
$ docker network create \
--subnet 10.11.0.0/16 \
--opt com.docker.network.bridge.name=docker_gwbridge \