How to change ip address range of docker swarm ingress network

Asked 22/3, 2017 at 14:7 Answered 24/7, 2023 at 20:7

Solved network-programming docker docker-swarm

I use a docker swarm 1.13.1, and when I init the docker swarm or join to docker swarm sometimes it creates a docker_gwbridge network in a "172.19.0.0/16" subnet.

But my computer subnet is in the same range, so when it initializes this network the docker swarm host machine becomes inaccessible from my computer.

So my question is: how can I change the subnet of the existing docker network.

> docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
ac1100164960        bridge              bridge              local
3838ae360f35        docker_gwbridge     bridge              local
f9a77266aa15        host                host                local
rgqnm19zbasv        ingress             overlay             swarm
04c1c6b3ade7        none                null                local

Inspect the network:

> docker network inspect 3838ae360f35
[
    {
        "Name": "docker_gwbridge",
        "Id": "3838ae360f3585f2cda8a43a939643cdd74c0db9bfb7f4f18b3b80ae07b3b9db",
        "Created": "2017-03-22T13:26:50.352865644+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Containers": {
            "ingress-sbox": {
                "Name": "gateway_ingress-sbox",
                "EndpointID": "194d965dd2997bddb52eab636950e219043215a5a1a6a60d08f34e454a0eaa56",
                "MacAddress": "02:42:ac:13:00:02",
                "IPv4Address": "172.19.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.enable_icc": "false",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.name": "docker_gwbridge"
        },
        "Labels": {}
    }
]

Fid answered 22/3, 2017 at 14:7 Comment(0)

You can create docker_gwbridge before you initialize the swarm, as explained here.

for example：

docker network rm docker_gwbridge
docker network create --subnet=172.20.0.1/16 -o com.docker.network.bridge.enable_icc=false -o com.docker.network.bridge.name=docker_gwbridge docker_gwbridge

Salmanazar answered 22/3, 2017 at 14:57 Comment(1)

It seems to be working, I use:

docker network create --subnet={Your prefered subnet } -o com.docker.network.bridge.enable_icc=false -o com.docker.network.bridge.name=docker_gwbridge docker_gwbridge

– Blackness 23/3, 2017 at 7:18

The general way to solve this, including any (non-ingress) network that gets created for you by docker or other tools like docker-compose, is to set the default address pools in your docker daemon config.

In your case, add to /etc/docker/daemon.json (or ~/.docker/daemon.json for Docker Desktop for Mac), for example:

{
  "default-address-pools": [
    {
      "base": "10.10.0.0/16",
      "size": 24
    }
  ]
}

With this, your docker bridge network will get a subnet of 10.10.0.0/24, and your docker swarm docker_gwbridge will get a subnet of 10.10.0.1/24. Any other network that gets created for you like from a docker-compose.yml file, will get the subsequent 10.10.0.2/24 subnet. And so on.

You didn't mention this as an issue, but unfortunately, this doesn't seem to apply to the ingress network.

Marquis answered 27/5, 2021 at 20:33 Comment(5)

In newer Docker versions the file is ~/.docker/daemon.json – Donnettedonni 22/9, 2021 at 13:27

@Donnettedonni How does a local user's docker daemon config affect the system docker config? – Marquis 22/9, 2021 at 15:46

not sure if any system docker config still exists - not in my case (docker for desktop on macos). When I added config to the local user's config everything works like a charm. – Donnettedonni 23/9, 2021 at 5:46

@Donnettedonni Ah ok I think that's a Docker Desktop for Mac thing, then. It appears to me, at a quick glance, that it follows the model of running docker inside a VM, and providing a docker interface to the user that makes it seem as if it's running natively. – Marquis 23/9, 2021 at 17:59

For Swarm you need: /etc/docker/daemon.json; docker swarm leave; docker network rm docker_gwbridge; docker swarm init --default-addr-pool 10.10.0.0/16 --default-addr-pool-mask-length 24 – Traject 14/9, 2022 at 16:26

We have worked it out to change the subnet of docker_gwbridge without needing to remove all running services and stopping the docker swarm as follows:

Disconnect all endpoints from the network.

docker network disconnect -f docker_gwbridge container_name

Delete the existing interface:

ip link set docker_gwbridge down
ip link del dev docker_gwbridge

Delete docker network

docker network rm docker_gwbridge

Re-create the bridge

 docker network create \
--subnet 10.11.0.0/16 \
--opt com.docker.network.bridge.name=docker_gwbridge \
--opt com.docker.network.bridge.enable_icc=false \
--opt com.docker.network.bridge.enable_ip_masquerade=true \
docker_gwbridge

Reboot the host

Feminize answered 24/7, 2023 at 20:7 Comment(0)

Recommended topics

Hot tags