修改docker默认网段
daemon.json配置文件参考:https://docs.docker.com/engine/reference/commandline/dockerd/
docker默认网桥网段是172.17.0.0/16网段的,docker-compose创建的默认网络也是172这个网段的,有些情况下会和主机的网段发生冲突,需要修改。下面是几种常见的情况:
设置默认桥接网络为none
docker在安装好之后,默认有三种网络:
- bridge:所有容器网络桥接到虚拟网卡docker0上
- host:直接使用宿主机的网卡
- none:完全隔离的网络,容器里面只有个lo网卡
默认创建的容器都是使用bridge网络的,如果想要容器默认的网络为none,修改daemon.json
{
"bridge": "none"
}
修改bridge网络的网段:bip
bip,也就是bridge ip,bridge网络也指的就是docker0虚拟网卡,默认是172.17.0.0/16网段的,我们可以将其修改为其他网段
[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"bip": "10.200.0.1/16"
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
[root@docker ~]# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 10.200.0.1 netmask 255.255.0.0 broadcast 10.200.255.255
ether 02:42:46:04:3b:3c txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
但是要注意,这个操作,不会影响docker-compose创建的网络ip,手动创建一个网络一测便知
[root@docker ~]# docker network create test
[root@docker ~]# docker network inspect -f {{.IPAM}} test
{default map[] [{172.17.0.0/16 172.17.0.1 map[]}]}
修改docker-compose自定义网络的网段
上面使用bip选项可以修改bridge网络的网段,下面使用default-address-pools来修改docker-compose自定义网络的网段
[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"bip": "10.200.0.1/16",
"default-address-pools" : [
{
"base" : "10.210.0.0/16",
"size" : 24
}
]
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
[root@docker ~]# docker network create test2
[root@docker ~]# docker network inspect -f {{.IPAM}} test2
{default map[] [{10.210.0.0/24 10.210.0.1 map[]}]}
[root@docker ~]# docker network inspect -f {{.IPAM}} bridge
{default map[] [{10.200.0.0/16 10.200.0.1 map[]}]}
看上面配置,也就是说bip和default-address-pools这两个配置是可以同时存在的,docker0的网络和自定义的网络是隔离的,互不相通的。
其实可以不写bip配置,只写default-address-pools配置也是可以的
[root@docker ~]# cat /etc/docker/daemon.json
{
"registry-mirrors": ["https://7f28zkr3.mirror.aliyuncs.com"],
"default-address-pools" : [
{
"base" : "10.210.0.0/16",
"size" : 24
}
]
}
[root@docker ~]# systemctl daemon-reload
[root@docker ~]# systemctl restart docker
[root@docker ~]# docker network create test3
[root@docker ~]# docker network create test4
[root@docker ~]# docker network inspect -f {{.IPAM}} test3
{default map[] [{10.210.0.0/24 10.210.0.1 map[]}]}
[root@docker ~]# docker network inspect -f {{.IPAM}} test4
{default map[] [{10.210.2.0/24 10.210.2.1 map[]}]}
[root@docker ~]# docker network inspect -f {{.IPAM}} bridge
{default map[] [{10.210.1.0/24 map[]}]}
单独指定docker-compose自定义网络的网段
这个可以可以的,官方也是提供了办法的:
[root@docker ~]# cat docker-compose.yml
version: '3'
services:
nginx:
container_name: nginx-test
image: nginx:alpine
networks:
- frontend
networks:
frontend:
name: frontend
driver: bridge
ipam:
driver: default
config:
- subnet: 10.220.0.0/16
[root@docker ~]# docker-compose up -d
Creating network "frontend" with driver "bridge"
Creating nginx-test ... done
[root@docker ~]# docker network inspect -f {{.IPAM}} frontend
{default map[] [{10.220.0.0/16 map[]}]}
[root@docker ~]# docker exec -it nginx-test ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
27: eth0@if28: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:0a:dc:00:02 brd ff:ff:ff:ff:ff:ff
inet 10.220.0.2/16 brd 10.220.255.255 scope global eth0
valid_lft forever preferred_lft forever