-
Notifications
You must be signed in to change notification settings - Fork 7.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updates for moby 28.0 networking #21612
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Rob Murray <rob.murray@docker.com>
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great, only nitpicks from me
For example, a frontend container may be connected to a bridge network | ||
with external access, and a `--internal` network to communicate with | ||
containers running backend services that do not need external network | ||
access. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is --internal
, why is it written like a CLI flag?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point - how about I make it a link to https://docs.docker.com/reference/cli/docker/network/create/#internal ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes that works! I didn't recall this flag when reading 😅
The default gateway is selected by docker, and may change each time a | ||
container's network connections change. | ||
To make docker choose a specific default gateway when creating the container |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The default gateway is selected by docker, and may change each time a | |
container's network connections change. | |
To make docker choose a specific default gateway when creating the container | |
The default gateway is selected by Docker, and may change whenever a | |
container's network connections change. | |
To make Docker choose a specific default gateway when creating the container |
in [docker run](/reference/cli/docker/container/run.md) and | ||
[docker network connect](/reference/cli/docker/network/connect.md). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in [docker run](/reference/cli/docker/container/run.md) and | |
[docker network connect](/reference/cli/docker/network/connect.md). | |
for the [`docker run`](/reference/cli/docker/container/run.md) and | |
[`docker network connect`](/reference/cli/docker/network/connect.md) commands. |
- Option `bip6` is optional, it specifies the address of the default bridge, which | ||
will be used as the default gateway by containers. It also specifies the subnet | ||
for the bridge network. | ||
- Option `fixed-cidr-v6` is optional, it specifies the address range docker may |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Option `fixed-cidr-v6` is optional, it specifies the address range docker may | |
- Option `fixed-cidr-v6` is optional, it specifies the address range Docker may |
@@ -229,6 +229,20 @@ When you create your network, you can specify the `--ipv6` flag to enable IPv6. | |||
$ docker network create --ipv6 --subnet 2001:db8:1234::/64 my-net | |||
``` | |||
|
|||
If you do not provide a `--subnet` option, a unique-local address (ULA) prefix |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you do not provide a `--subnet` option, a unique-local address (ULA) prefix | |
If you do not provide a `--subnet` option, a Unique Local Address (ULA) prefix |
Within a local layer-2 network, any remote host can set up a static route | ||
to a container network via the docker host's address on the local network. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Within a local layer-2 network, any remote host can set up a static route | |
to a container network via the docker host's address on the local network. | |
Within a local layer 2 network, remote hosts can set up static routes | |
to a container network using the Docker daemon host's address on the local network. |
So, those local remote hosts can access containers directly. Remote hosts | ||
outside the local network will only have direct access to containers if | ||
routers are configured to enable it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, those local remote hosts can access containers directly. Remote hosts | |
outside the local network will only have direct access to containers if | |
routers are configured to enable it. | |
This allows local remote hosts to access containers directly. For remote | |
hosts outside the local network, direct access to containers requires | |
router configuration to enable the necessary routing. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, reading this again, "local remote hosts" are a bit weird!
How about I change it to ...
Within a local layer 2 network, remote hosts can set up static routes
to a container network using the Docker daemon host's address on the local
network. Those hosts can access containers directly. For remote
hosts outside the local network, direct access to containers requires
router configuration to enable the necessary routing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds good to me!
Signed-off-by: Rob Murray <rob.murray@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
Thank you @dvdksn ... I've pushed those updates. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 👍🏻 These changes will make our style linter happy.
Signed-off-by: Rob Murray <rob.murray@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
Description
Updates for moby 28.0 networking.
Related issues or tickets
Series of commits ...
Reviews