boot2docker

Accessing docker containers from your mac

The most prevalent solution for running docker on the mac is using boot2docker or maybe a CoreOS vagrant VM. In either case the docker0 network is not accessible in the mac since the it is created as a host only network on Virtual Box, usually with the CIDR of 172.17.0.0/16

A simple way to get connectivity to the host only network created for docker is to add a route for the docker's network CIDR with the gateway of the VM's IP

  1. Find the IP of your VM, if you are using docker machine then: $: docker-machine ls
  2. Find the CIDR for you docker private network
    • $: docker-machine ssh yourVmName
    • $: ifconfig docker0 | grep "inet addr" if the netmask is 255.255.0.0 that means it is a /16 network so if the gateway is 172.17.42.1 its CIDR would be 172.17.0.0/16
  3. Create a route for docker0 network: $: sudo route -n add 172.17.0.0/16 192.168.99.100

To confirm that the route was added successfuly you can check the route table entries with netstat, you should see something like this:

netstat -nr  
172.17             192.168.99.100     UGSc            1        4 vboxnet  

Configuring docker0 private network CIDR range on boot2docker VM

I came across an issue with the docker0 virtual interface configuration while trying to use dnsdock

Docker0 virtual interace

Docker creates a bridged virtual interface named docker0 in the host machine. The range is selected randomly from the available CIDRs defined in the RFC 1918 However, in most cases the range of 172.17.42.1/16 is selected. One key point to keep in mind is that docker first make sure that the subnet range doesn't create a conflict with an interface already configured in the host.

dnsdock issue

The issue I was facing was that I was setting the primary DNS server of my mac to 172.17.42.1 which was IP bound to the dnsdock container:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 9d32abb2169f tonistiigi/dnsdock "/go/bin/dnsdock -nam" 35 hours ago Up 34 hours 172.17.42.1:53->53/udp dnsdock

In the latest version of the boot2docker VM two interfaces are created by default

  • eth0 which is NATed to the host giving internet access connectivity
  • eth1 which is the host only network used for the docker containers.

The DNS server settings are also copied to the VM, you can check them on /etc/resolv.conf

So since I had the primary DNS set on my mac to 172.17.42.1 when the boot2docker VM was booted it would set the primary DNS of the VM to 127.17.42.1 as well.
Now when the docker daemon starts it would see that the subnet 172.17.0.0/16 was already being used it would select the next range available which was 172.18.0.0/16
So it was a chicken and the egg problem since to get the latest DNS settings I had to restart the VM, but by restarting the VM docker would select a different range for its private network which would force my to re-updated the DNS settings on the mac and repeat the cycle endlessly.

Configuring docker0 network

To solve the issue I instructed the docker daemon to use a static CIDR for its private network in accordance to the official docs

Update file /var/lib/boot2docker/profile
Add --bip="172.17.0.0/16" to EXTRA_ARGS variable

With that option every time the VM is restarted the docker0 CIDR will still be the same even though the host has the primary DNS server pointing to the docker0 gateway