Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updates for moby 28.0 networking #21612

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

Updates for moby 28.0 networking #21612

wants to merge 5 commits into from

Conversation

robmry
Copy link
Contributor

@robmry robmry commented Dec 11, 2024

Description

Updates for moby 28.0 networking.

Related issues or tickets

Series of commits ...

Reviews

  • Technical review
  • Editorial review
  • Product review

Signed-off-by: Rob Murray <rob.murray@docker.com>
@github-actions github-actions bot added area/engine Issue affects Docker engine/daemon area/networking Relates to anything around networking labels Dec 11, 2024
Copy link

netlify bot commented Dec 11, 2024

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 3160618
🔍 Latest deploy log https://app.netlify.com/sites/docsdocker/deploys/67616a9913b105000726b12f
😎 Deploy Preview https://deploy-preview-21612--docsdocker.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@robmry robmry changed the title Updates for moby 28.0 Updates for moby 28.0 networking Dec 11, 2024
Copy link
Collaborator

@dvdksn dvdksn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, only nitpicks from me

Comment on lines 70 to 73
For example, a frontend container may be connected to a bridge network
with external access, and a `--internal` network to communicate with
containers running backend services that do not need external network
access.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is --internal, why is it written like a CLI flag?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point - how about I make it a link to https://docs.docker.com/reference/cli/docker/network/create/#internal ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes that works! I didn't recall this flag when reading 😅

Comment on lines 84 to 86
The default gateway is selected by docker, and may change each time a
container's network connections change.
To make docker choose a specific default gateway when creating the container
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
The default gateway is selected by docker, and may change each time a
container's network connections change.
To make docker choose a specific default gateway when creating the container
The default gateway is selected by Docker, and may change whenever a
container's network connections change.
To make Docker choose a specific default gateway when creating the container

Comment on lines 88 to 89
in [docker run](/reference/cli/docker/container/run.md) and
[docker network connect](/reference/cli/docker/network/connect.md).
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
in [docker run](/reference/cli/docker/container/run.md) and
[docker network connect](/reference/cli/docker/network/connect.md).
for the [`docker run`](/reference/cli/docker/container/run.md) and
[`docker network connect`](/reference/cli/docker/network/connect.md) commands.

- Option `bip6` is optional, it specifies the address of the default bridge, which
will be used as the default gateway by containers. It also specifies the subnet
for the bridge network.
- Option `fixed-cidr-v6` is optional, it specifies the address range docker may
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Option `fixed-cidr-v6` is optional, it specifies the address range docker may
- Option `fixed-cidr-v6` is optional, it specifies the address range Docker may

@@ -229,6 +229,20 @@ When you create your network, you can specify the `--ipv6` flag to enable IPv6.
$ docker network create --ipv6 --subnet 2001:db8:1234::/64 my-net
```

If you do not provide a `--subnet` option, a unique-local address (ULA) prefix
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If you do not provide a `--subnet` option, a unique-local address (ULA) prefix
If you do not provide a `--subnet` option, a Unique Local Address (ULA) prefix

Comment on lines 139 to 140
Within a local layer-2 network, any remote host can set up a static route
to a container network via the docker host's address on the local network.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Within a local layer-2 network, any remote host can set up a static route
to a container network via the docker host's address on the local network.
Within a local layer 2 network, remote hosts can set up static routes
to a container network using the Docker daemon host's address on the local network.

Comment on lines 141 to 143
So, those local remote hosts can access containers directly. Remote hosts
outside the local network will only have direct access to containers if
routers are configured to enable it.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
So, those local remote hosts can access containers directly. Remote hosts
outside the local network will only have direct access to containers if
routers are configured to enable it.
This allows local remote hosts to access containers directly. For remote
hosts outside the local network, direct access to containers requires
router configuration to enable the necessary routing.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, reading this again, "local remote hosts" are a bit weird!

How about I change it to ...

Within a local layer 2 network, remote hosts can set up static routes
to a container network using the Docker daemon host's address on the local
network. Those hosts can access containers directly. For remote
hosts outside the local network, direct access to containers requires
router configuration to enable the necessary routing.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good to me!

Signed-off-by: Rob Murray <rob.murray@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
@robmry
Copy link
Contributor Author

robmry commented Dec 17, 2024

Thank you @dvdksn ... I've pushed those updates.

Copy link
Collaborator

@dvdksn dvdksn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍🏻 These changes will make our style linter happy.

content/manuals/engine/network/_index.md Outdated Show resolved Hide resolved
Signed-off-by: Rob Murray <rob.murray@docker.com>
Signed-off-by: Rob Murray <rob.murray@docker.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/engine Issue affects Docker engine/daemon area/networking Relates to anything around networking
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants