Add network interal mode

Signed-off-by: Chun Chen <ramichen@tencent.com>
Signed-off-by: David Calavera <david.calavera@gmail.com>
This commit is contained in:
Chun Chen 2015-12-28 10:15:50 +08:00 committed by David Calavera
parent e44bde8606
commit b70954e60a
8 changed files with 28 additions and 4 deletions

View file

@ -47,6 +47,8 @@ func (cli *DockerCli) CmdNetworkCreate(args ...string) error {
cmd.Var(flIpamAux, []string{"-aux-address"}, "auxiliary ipv4 or ipv6 addresses used by Network driver")
cmd.Var(flOpts, []string{"o", "-opt"}, "set driver specific options")
flInternal := cmd.Bool([]string{"-internal"}, false, "restricts external access to the network")
cmd.Require(flag.Exact, 1)
err := cmd.ParseFlags(args, true)
if err != nil {
@ -72,6 +74,7 @@ func (cli *DockerCli) CmdNetworkCreate(args ...string) error {
IPAM: network.IPAM{Driver: *flIpamDriver, Config: ipamCfg},
Options: flOpts.GetAll(),
CheckDuplicate: true,
Internal: *flInternal,
}
resp, err := cli.client.NetworkCreate(nc)

View file

@ -13,7 +13,7 @@ type Backend interface {
GetNetworksByID(partialID string) []libnetwork.Network
GetAllNetworks() []libnetwork.Network
CreateNetwork(name, driver string, ipam network.IPAM,
options map[string]string) (libnetwork.Network, error)
options map[string]string, internal bool) (libnetwork.Network, error)
ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
DisconnectContainerFromNetwork(containerName string,
network libnetwork.Network) error

View file

@ -92,7 +92,7 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
warning = fmt.Sprintf("Network with name %s (id : %s) already exists", nw.Name(), nw.ID())
}
nw, err = n.backend.CreateNetwork(create.Name, create.Driver, create.IPAM, create.Options)
nw, err = n.backend.CreateNetwork(create.Name, create.Driver, create.IPAM, create.Options, create.Internal)
if err != nil {
return err
}

View file

@ -101,7 +101,7 @@ func (daemon *Daemon) GetAllNetworks() []libnetwork.Network {
}
// CreateNetwork creates a network with the given name, driver and other optional parameters
func (daemon *Daemon) CreateNetwork(name, driver string, ipam network.IPAM, options map[string]string) (libnetwork.Network, error) {
func (daemon *Daemon) CreateNetwork(name, driver string, ipam network.IPAM, options map[string]string, internal bool) (libnetwork.Network, error) {
c := daemon.netController
if driver == "" {
driver = c.Config().Daemon.DefaultDriver
@ -116,6 +116,9 @@ func (daemon *Daemon) CreateNetwork(name, driver string, ipam network.IPAM, opti
nwOptions = append(nwOptions, libnetwork.NetworkOptionIpam(ipam.Driver, "", v4Conf, v6Conf, nil))
nwOptions = append(nwOptions, libnetwork.NetworkOptionDriverOpts(options))
if internal {
nwOptions = append(nwOptions, libnetwork.NetworkOptionInternalNetwork())
}
n, err := c.NewNetwork(driver, name, nwOptions...)
if err != nil {
return nil, err

View file

@ -114,6 +114,7 @@ This section lists each version from latest to oldest. Each listing includes a
* `POST /containers/create` now allows you to set the static IPv4 and/or IPv6 address for the container.
* `POST /networks/(id)/connect` now allows you to set the static IPv4 and/or IPv6 address for the container.
* `GET /info` now includes the number of containers running, stopped, and paused.
* `POST /networks/create` now supports restricting external access to the network by setting the `internal` field.
### v1.21 API changes

View file

@ -2985,13 +2985,15 @@ Content-Type: application/json
{
"Name":"isolated_nw",
"Driver":"bridge"
"Driver":"bridge",
"IPAM":{
"Config":[{
"Subnet":"172.20.0.0/16",
"IPRange":"172.20.10.0/24",
"Gateway":"172.20.10.11"
}]
},
"Internal":true
}
```

View file

@ -18,6 +18,7 @@ parent = "smn_cli"
-d --driver=DRIVER Driver to manage the Network bridge or overlay. The default is bridge.
--gateway=[] ipv4 or ipv6 Gateway for the master subnet
--help Print usage
--internal Restricts external access to the network
--ip-range=[] Allocate container ip from a sub-range
--ipam-driver=default IP Address Management Driver
-o --opt=map[] Set custom network plugin options
@ -120,6 +121,11 @@ docker network create -d overlay
```
Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error.
### Network internal mode
By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity.
If you want to create an externally isolated `overlay` network, you can specify the `--internal` option.
## Related information
* [network inspect](network_inspect.md)

View file

@ -10,6 +10,7 @@ docker-network-create - create a new network
[**-d**|**--driver**=*DRIVER*]
[**--gateway**=*[]*]
[**--help**]
[**--internal**]
[**--ip-range**=*[]*]
[**--ipam-driver**=*default*]
[**-o**|**--opt**=*map[]*]
@ -120,6 +121,11 @@ docker network create -d overlay
```
Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error.
### Network internal mode
By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity.
If you want to create an externally isolated `overlay` network, you can specify the `--internal` option.
# OPTIONS
**--aux-address**=map[]
Auxiliary ipv4 or ipv6 addresses used by network driver
@ -133,6 +139,9 @@ Be sure that your subnetworks do not overlap. If they do, the network create fai
**--help**
Print usage
**--internal**
Restricts external access to the network
**--ip-range**=[]
Allocate container ip from a sub-range