How to run docker containers in their network with an external gateway?

debugcn 投稿 Dev

David

I have some images that I'm managing with docker-compose and I need to run them in a different network than that of the host machine (which is running Ubuntu 16).

Host machine has IP 10.0.1.19/24 and gateway 10.0.1.1.

This is my docker-compose.yml:

version: '2'
services:
  db:
    ...
    networks:
      ab-net:
        ipv4_address: 10.1.2.250
    ...

  app:
    ...
    networks:
      ab-net:
        ipv4_address: 10.1.2.11
    ...

networks:
  ab-net:
    driver: bridge
    ipam:
      driver: default
      config:
        - subnet: 10.1.2.0/23
          gateway: 10.1.2.1

The firewall (which is out of my control and can't be changed) allows direct incoming connections to 10.1.2.0/23 via containers' gateway 10.1.2.1 (which is the firewall itself) and not to the host.

Running the container with that configuration, docker configures a br-interface on the host with IP 10.1.2.1; thus on the network there are two machines with the same IP: the host and the firewall/gateway.

Containers have access to the internet, they see each others and from the host machine I can connect to the containers.

How can I have that scenario working? At this stage I would prefer not to use any orchestration tool, if possible.

David

I found out that the only option to do that is using the (currently) experimental feature "Ipvlan Network".

The Linux implementations are extremely lightweight because rather than using the traditional Linux bridge for isolation, they are simply associated to a Linux Ethernet interface or sub-interface to enforce separation between networks and connectivity to the physical network.

The documentation is quite large and can't be copied here, however those are the commands I had to run to achieve that:

echo 8021q >> /etc/modules
modprobe 8021q
apt-get install vlan
edit /etc/network/interfaces

auto eth1.2320
iface eth1.2320 inet manual
    vlan-raw-device eth1

auto eth1.2321
iface eth1.2321 inet manual
    vlan-raw-device eth1

auto eth1.2322
iface eth1.2322 inet manual
    vlan-raw-device eth1

auto eth1.2323
iface eth1.2323 inet manual
    vlan-raw-device eth1

auto eth1.2324
iface eth1.2324 inet manual
    vlan-raw-device eth1

/etc/init.d/networking restart

この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。

侵害の場合は、連絡してください[email protected]

編集2021-05-29

コメントを追加

サインイン

分類Dev

Related 関連記事

記事

How to run docker containers in their network with an external gateway?

How to run docker containers in their network with an external gateway?

How to run a cron job inside a docker container?

How to assign domain names to containers in Docker?

How to run 2 commands with docker exec

How to list containers in Docker

How to run external process in Scala and get both exit code and output?

AWS API Gateway with external authentication

How to run symfony via docker-composer

How to use local docker containers with Kubernetes

How to run Tensorboard and jupyter concurrently with docker?

What does it mean that `docker run --network=container:CONTAINERID`?

Traefik > "Bad gateway" (error 502) for some containers

How does docker network work?

Django how to run external module as Daemon

How to run an external library into different nodes?[MPI]

how to start postgres prior to run docker

Docker and Gitlab - how to modify the docker run

How to add a docker container to an existing docker network

Building Docker Containers in VSTS

How to schedule a docker run on google cloud

How to access service running docker with network_mode: "host" from external IP

How to cleanup docker containers and images on linux machines

How can I run Thanos on Docker?

how to actually install mediawiki and run with docker?

How to run command on connect to network

Docker Not Linking Containers

Linking Docker Containers

Log management of various docker containers

How to get Shared file system for docker containers running on different hosts?

How would one specify which containers to start and not to start in docker-compose? (docker run vs docker create)