-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement allocating IPs from CIDR within bridge network #6101
Conversation
reping @unclejack @vieux @crosbymichael |
+1 |
+1 This is fantastic and nicely fits the Hadoop usecase. How hard would it be to extend this to specify the CIDR per bridge rather than globally (assuming #6155 is implemented)? |
@subhraveti ~ 4 hours with tests for "per-bridge" I think, it is mostly IP allocator feature. |
rebased |
I think this seems sane, since we're controlling IP address assignment, providing more control over how they get assigned is generally good, although the UI could end up getting kind of cumbersome to specify via command-line flags, but that's inevitable and a much larger discussion than what's proposed here. :) |
Also, benchmarks result:
|
@LK4D4 Looks like there are some conflicts. Can you rebase this? |
@fkautz Rebased :) I hope that this rebase will bring PR a lucky charm for review. |
Assigning this to myself so that I can review it. |
@fkautz Cool, thank you! |
We will need some input from @shykes to make sure the changes are acceptable, since they change the UI. I've asked @tianon to add it to Thursday's meeting, contingent on @shykes being online. Assuming he agrees with the UI approach, we'll also need additional documentation in docs. I have a few use cases to test out as well, I'll get back to you on how those go. |
It will be sixth meeting for this PR. I glad to see, that someone interested in this apart from me :) |
@@ -54,6 +54,7 @@ expect an integer, and they can only be specified once. | |||
-b, --bridge="" Attach containers to a pre-existing network bridge | |||
use 'none' to disable container networking | |||
--bip="" Use this CIDR notation address for the network bridge's IP, not compatible with -b | |||
--fixed-cidr="" IPv4 subnet for fixed IPs (ex: 10.20.0.0/16) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think --ip=
is more natural. The value can still use the CIDR notation of course.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LK4D4 what about this comment ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would change the description to be more explicit like IPv4 subnet range for containers on the
docker0bridge
also - can you please add some documentation about how this new option interacts with or relates to the --bip
option
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We talked with @shykes on last meeting and he was okay with --fixed-cidr
. This is more common in network engineers world.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SvenDowideit This is not necessary docker0
, it can be bridge specified by -b
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kewl :) if you can add this info into the docs, we're in a better place :)
+1 on the design, as long as it doesn't break links. Just a superficial note on the syntax ( Sorry for being slow. |
@shykes I don't think that ip is more natural for this feature :) I expect that |
I agree, fixed CIDR is more descriptive. An IP should also be assignable
|
ping @shykes |
--fixed-cidr only provides half of the story. I think --fixed-cidr should not set the subnet, only the ip range allocaiton. If we are following openstack's approach, we should use --fixed-range to set the subnet separately from the allocation range. These two combined allow for a great degree of flexibility. [edit] --fixed-cidr works as i was hoping, no change is necessary. |
Just to keep the conversation together: https://botbot.me/freenode/docker-dev/msg/18199269/
|
Had a talk with @LK4D4. The subnet isn't touched, so we should be good to go. Just need to add some documentation. |
LGTM |
I think just needs docs review from @SvenDowideit |
|
||
* `--bip=CIDR` — supply a specific IP address and netmask for the | ||
`docker0` bridge, using standard CIDR notation like | ||
`192.168.1.5/24`. | ||
|
||
* `--fixed-cidr=CIDR` — restrict the IP range from the `docker0` subnet, | ||
using the standard CIDR notation like `172.167.1.0/28`. This range must | ||
be nested in bridge subnet(docker0 or setted by `--bridge`). For example |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- space before
(
- put docker0 into
docker0
code quotes - s/setted by/set using/
Okay, now we have bunch of lgtms here :) We need the one who brave enough to merge it or close it forever. ping @crosbymichael |
|
||
* `--bip=CIDR` — supply a specific IP address and netmask for the | ||
`docker0` bridge, using standard CIDR notation like | ||
`192.168.1.5/24`. | ||
|
||
* `--fixed-cidr=CIDR` — restrict the IP range from the `docker0` subnet, | ||
using the standard CIDR notation like `172.167.1.0/28`. This range must | ||
be nested in bridge subnet (`docker0` or set using `--bridge`). For example |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LK4D4 Docs mostly LGTM. However, I find "[..] nested in bridge subnet" to be bit confusing.
Do you think there can be another way to put it so it becomes simpler and easier to understand?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm, "must be subset of bridge IP range"? I'm not very good at English still, so almost any english sentence is equally cryptic for me :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"must be subset of bridge IP range" sounds fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
May I humbly suggest: "IPv4 range for fixed IPs (ex: 10.20.0.0/16); this range must be a subset of the bridge IP range"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't have time to test right now but if someone else reviews and tests I'm good with this |
maybe @tiborvass or @unclejack tomorrow? |
Fixed article text. |
pint @fredlf @ostezer |
supports its default route. Both are configurable at server startup: | ||
Docker configures `docker0` with an IP address, netmask and IP | ||
allocation range. The host machine can both receive and send packets to | ||
containers connected to the bridge, and gives it an MTU — the *maximum |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's not clear to me what the pronoun "it" is referring to. The bridge? docker0
? Might help to break it into two sentences and get rid of the pronoun.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm actually don't follow. docker0
and "it" are in different sentences and docker0
and bridge are synonyms anyway. Could you provide exact text for me?
Docker-DCO-1.1-Signed-off-by: Frederick F. Kautz IV <fkautz@alumni.cmu.edu> (github: fkautz) Signed-off-by: Alexandr Morozov <lk4d4@docker.com>
@fredlf Thanks for review. Could you help me with that big sentence about |
how about something like
I've ignored the 1500 bytes - do we need it? |
LGTM. We'll fix the docs later. |
ping @unclejack |
Will this fix docker changing the container ip on container or deamon restart? |
@DwayneBull Nope |
@LK4D4 I assume you could get round it with something like --fixed-cidr="172.168.0.1/32" |
@DwayneBull Problem that this is daemon-wide option. There is another PR for per-container IP control. |
@jamtur01 Is it OK if we merge this PR with the current docs? |
LGTM |
Implement allocating IPs from CIDR within bridge network
Fixes #4986
It is similar to openstack nova
--fixed-cidr
and allows to do things like this. And our network engineer very excited about this change :)Also I've refactored ipallocator a little more.