As some of my “internal service” have conflicts in port usage and some require direct L2 (non-IP) capbabilities another type of network connectivity than NAT of ports through the docker host is needed.
For this purpose I use the docker macvlan driver which makes the containers connected to a macvlan network appear like they are directly connected to the physical network (or VLAN).
Configuration
Create a docker network using the macvlan driver:
docker network create -d macvlan \
--subnet 192.168.1.0/24 \
--gateway 192.168.1.1 \
--ip-range=192.168.1.208/28 \
-o parent=ens192 prod_net
- Subnet/GW are both self-explanatory.
- IP-range is the range docker’s IPAM module will use to assign an IP in this network (if you do not set a specific IP manually)
- ens192 is the “physical interface” of the docker host.
- prod_net is the network name.
The above will create the network called prod_net, which is a bridged network allowing containers to participate in the physical network directly.
Do note that the docker host will not be able to reach any container using the macvlan networking (and vice versa)