feat: adds IP address configuration for default bridge network

[swagatbora90]

Adds an option in nerdctl.toml to configure the the default bridge network IP

Fixes: #3625

[apostasie]

Docker CI failure (unrelated): #3652

[Zheaoli]

Just for note, I'm not sure if --bridge-ip is equal with bip in Docker daemon or not. If two flag is equal, I think we need change the network create behavior at the same time.

[swagatbora90]

Just for note, I'm not sure if --bridge-ip is equal with bip in Docker daemon or not. If two flag is equal, I think we need change the network create behavior at the same time.

Can you please elaborate? I don't think network create has a --bridge-ip option. You provide --subnet, --ip-range and --gateway. bip is defined in the daemon level.

[Zheaoli]

For me, when I want to change the default bridge IP, I will use the bip option for the daemon config. FYI https://docs.docker.com/reference/cli/dockerd/

This option in docker will have an implicit behavior, it will change the network start range. For example, for the the same command docker network create abc. The abc IP range will be 172.18.0.0/24(for example) and will be 10.11.1.0/24 if we set the bip to 10.11.0.0/24

For the nerdctl, we have the default 10.4.0.0/24 for bridge CIDR and 10.4.1.0/24 for network create IP range. FYI https://github.com/containerd/nerdctl/blob/main/pkg/netutil/netutil_unix.go#L45-L52

So IMHO, if we can update the default CIDR for bridge, we need to change network StartingCIDR at the same time

cc @AkihiroSuda WDYT

[swagatbora90]

This option in docker will have an implicit behavior, it will change the network start range. For example, for the the same command docker network create abc. The abc IP range will be 172.18.0.0/24(for example) and will be 10.11.1.0/24 if we set the bip to 10.11.0.0/24

I tried to reproduce this behavior in my local testing but could not (let me know if I am doing something wrong here):

% sudo cat /etc/docker/daemon.json
{
  "bip": "240.10.0.1/24",
  "data-root": "/local/docker",
  "dns": ["10.4.4.10"]
}

dev-dsk-sbora-2c-4ee7e306 % docker network inspect bridge | jq '.[0].IPAM.Config'
[
  {
    "Subnet": "240.10.0.0/24",
    "Gateway": "240.10.0.1"
  }
]

% docker network create -d bridge test-net
10e34d98783d9562f27f4248f970745d53357e9fd2d0c0488422258c2243a586

% docker network inspect test-net | jq '.[0].IPAM.Config'
[
  {
    "Subnet": "172.18.0.0/16",
    "Gateway": "172.18.0.1"
  }
]

For new bridge network (without a subnet range specified), docker still picks the 172.18/16 range. I found these ranges are defined here https://github.com/moby/moby/blob/master/libnetwork/ipamutils/utils.go#L12-L25, so this is still from a predefined range of non-conflicting network ranges and not implicitly set from bip.

Docker actually provides a daemon level option default-address-pools to specify custom network ranges for user defined networks. But that can be a follow up feature if needed, since have the option to pass --subnet with network create to do exactly that.

[Zheaoli]

}
]

For new bridge network (without a subnet range specified), docker still picks the 172.18/16 range. I found these ranges are defined here https://github.com/moby/moby/blob/master/libnetwork/ipamutils/utils.go#L12-L25, so this is still from a predefined range of non-conflicting network ranges and not implicitly set from bip.

Docker actually provides a daemon level option default-address-pools to specify custom network ranges for user defined networks. But that can be a follow up feature if needed, since have the option to pass --subnet with network create to do exactly that.

You are right. I mix bip and default-address-pools together

[Zheaoli]

LGTM on CI green.

Maybe you just need update the code in main branch and rerun the CI

[Zheaoli]

LGTM, All CI green

[AkihiroSuda]

Thanks