Manage overlapping external subnets with Docker

One of the good (and bad) features of using Docker and docker-compose is it’s ability to spin up virtual networks for your container stack. This encourages application isolation, and clear thinking about what network ports you need to expose from and between your containers.

By default, Docker allocates a /16 subnet from the 172.[17-32].0.0 range for their network segments. Unfortunately, we use this range extensively in our corporate network. It turns out many other people do too.

Various bug reports have been open about this since 2016, and even a Pull Request from December 2016, but finally a patch has made it’s way into Docker 18.06 release.

With the Docker 18.06 release, this functionality is now available, although you can’t configure it using the normal methods in the Toolbox GUI on the Docker client on MacOS.

But you can still make it work! As one Docker For Mac user has posted:

You can bypass the GUI for configuring daemon.json by editing ~/.docker/daemon.json. Restart Docker will use your default address pools but the GUI will continue to complain.

The ability to edit daemon.json was released with 17.09 https://docs.docker.com/docker-for-mac/release-notes/#docker-community-edition-17090-ce-mac33-2017-10-03

Here’s my daemon.json:

$ cat ~/.docker/daemon.json
{
  "debug" : true,
  "bip" : "192.168.251.1/24",
  "experimental" : true,
  "default-address-pools": [
    {
      "scope": "local",
      "base": "172.30.0.0/16",
      "size": 24
    }
  ]
}

We’ve tried it and it works perfectly. No more overlapping subnets!