Add network interal mode
Signed-off-by: Chun Chen <ramichen@tencent.com> Signed-off-by: David Calavera <david.calavera@gmail.com>
This commit is contained in:
parent
e44bde8606
commit
b70954e60a
8 changed files with 28 additions and 4 deletions
|
@ -47,6 +47,8 @@ func (cli *DockerCli) CmdNetworkCreate(args ...string) error {
|
|||
cmd.Var(flIpamAux, []string{"-aux-address"}, "auxiliary ipv4 or ipv6 addresses used by Network driver")
|
||||
cmd.Var(flOpts, []string{"o", "-opt"}, "set driver specific options")
|
||||
|
||||
flInternal := cmd.Bool([]string{"-internal"}, false, "restricts external access to the network")
|
||||
|
||||
cmd.Require(flag.Exact, 1)
|
||||
err := cmd.ParseFlags(args, true)
|
||||
if err != nil {
|
||||
|
@ -72,6 +74,7 @@ func (cli *DockerCli) CmdNetworkCreate(args ...string) error {
|
|||
IPAM: network.IPAM{Driver: *flIpamDriver, Config: ipamCfg},
|
||||
Options: flOpts.GetAll(),
|
||||
CheckDuplicate: true,
|
||||
Internal: *flInternal,
|
||||
}
|
||||
|
||||
resp, err := cli.client.NetworkCreate(nc)
|
||||
|
|
|
@ -13,7 +13,7 @@ type Backend interface {
|
|||
GetNetworksByID(partialID string) []libnetwork.Network
|
||||
GetAllNetworks() []libnetwork.Network
|
||||
CreateNetwork(name, driver string, ipam network.IPAM,
|
||||
options map[string]string) (libnetwork.Network, error)
|
||||
options map[string]string, internal bool) (libnetwork.Network, error)
|
||||
ConnectContainerToNetwork(containerName, networkName string, endpointConfig *network.EndpointSettings) error
|
||||
DisconnectContainerFromNetwork(containerName string,
|
||||
network libnetwork.Network) error
|
||||
|
|
|
@ -92,7 +92,7 @@ func (n *networkRouter) postNetworkCreate(ctx context.Context, w http.ResponseWr
|
|||
warning = fmt.Sprintf("Network with name %s (id : %s) already exists", nw.Name(), nw.ID())
|
||||
}
|
||||
|
||||
nw, err = n.backend.CreateNetwork(create.Name, create.Driver, create.IPAM, create.Options)
|
||||
nw, err = n.backend.CreateNetwork(create.Name, create.Driver, create.IPAM, create.Options, create.Internal)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -101,7 +101,7 @@ func (daemon *Daemon) GetAllNetworks() []libnetwork.Network {
|
|||
}
|
||||
|
||||
// CreateNetwork creates a network with the given name, driver and other optional parameters
|
||||
func (daemon *Daemon) CreateNetwork(name, driver string, ipam network.IPAM, options map[string]string) (libnetwork.Network, error) {
|
||||
func (daemon *Daemon) CreateNetwork(name, driver string, ipam network.IPAM, options map[string]string, internal bool) (libnetwork.Network, error) {
|
||||
c := daemon.netController
|
||||
if driver == "" {
|
||||
driver = c.Config().Daemon.DefaultDriver
|
||||
|
@ -116,6 +116,9 @@ func (daemon *Daemon) CreateNetwork(name, driver string, ipam network.IPAM, opti
|
|||
|
||||
nwOptions = append(nwOptions, libnetwork.NetworkOptionIpam(ipam.Driver, "", v4Conf, v6Conf, nil))
|
||||
nwOptions = append(nwOptions, libnetwork.NetworkOptionDriverOpts(options))
|
||||
if internal {
|
||||
nwOptions = append(nwOptions, libnetwork.NetworkOptionInternalNetwork())
|
||||
}
|
||||
n, err := c.NewNetwork(driver, name, nwOptions...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -114,6 +114,7 @@ This section lists each version from latest to oldest. Each listing includes a
|
|||
* `POST /containers/create` now allows you to set the static IPv4 and/or IPv6 address for the container.
|
||||
* `POST /networks/(id)/connect` now allows you to set the static IPv4 and/or IPv6 address for the container.
|
||||
* `GET /info` now includes the number of containers running, stopped, and paused.
|
||||
* `POST /networks/create` now supports restricting external access to the network by setting the `internal` field.
|
||||
|
||||
### v1.21 API changes
|
||||
|
||||
|
|
|
@ -2985,13 +2985,15 @@ Content-Type: application/json
|
|||
|
||||
{
|
||||
"Name":"isolated_nw",
|
||||
"Driver":"bridge"
|
||||
"Driver":"bridge",
|
||||
"IPAM":{
|
||||
"Config":[{
|
||||
"Subnet":"172.20.0.0/16",
|
||||
"IPRange":"172.20.10.0/24",
|
||||
"Gateway":"172.20.10.11"
|
||||
}]
|
||||
},
|
||||
"Internal":true
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@ parent = "smn_cli"
|
|||
-d --driver=DRIVER Driver to manage the Network bridge or overlay. The default is bridge.
|
||||
--gateway=[] ipv4 or ipv6 Gateway for the master subnet
|
||||
--help Print usage
|
||||
--internal Restricts external access to the network
|
||||
--ip-range=[] Allocate container ip from a sub-range
|
||||
--ipam-driver=default IP Address Management Driver
|
||||
-o --opt=map[] Set custom network plugin options
|
||||
|
@ -120,6 +121,11 @@ docker network create -d overlay
|
|||
```
|
||||
Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error.
|
||||
|
||||
### Network internal mode
|
||||
|
||||
By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity.
|
||||
If you want to create an externally isolated `overlay` network, you can specify the `--internal` option.
|
||||
|
||||
## Related information
|
||||
|
||||
* [network inspect](network_inspect.md)
|
||||
|
|
|
@ -10,6 +10,7 @@ docker-network-create - create a new network
|
|||
[**-d**|**--driver**=*DRIVER*]
|
||||
[**--gateway**=*[]*]
|
||||
[**--help**]
|
||||
[**--internal**]
|
||||
[**--ip-range**=*[]*]
|
||||
[**--ipam-driver**=*default*]
|
||||
[**-o**|**--opt**=*map[]*]
|
||||
|
@ -120,6 +121,11 @@ docker network create -d overlay
|
|||
```
|
||||
Be sure that your subnetworks do not overlap. If they do, the network create fails and Engine returns an error.
|
||||
|
||||
### Network internal mode
|
||||
|
||||
By default, when you connect a container to an `overlay` network, Docker also connects a bridge network to it to provide external connectivity.
|
||||
If you want to create an externally isolated `overlay` network, you can specify the `--internal` option.
|
||||
|
||||
# OPTIONS
|
||||
**--aux-address**=map[]
|
||||
Auxiliary ipv4 or ipv6 addresses used by network driver
|
||||
|
@ -133,6 +139,9 @@ Be sure that your subnetworks do not overlap. If they do, the network create fai
|
|||
**--help**
|
||||
Print usage
|
||||
|
||||
**--internal**
|
||||
Restricts external access to the network
|
||||
|
||||
**--ip-range**=[]
|
||||
Allocate container ip from a sub-range
|
||||
|
||||
|
|
Loading…
Reference in a new issue