Networks created by docker-compose do not respect Docker's subnet settings

Question

I was having an issue with our company's network configuration, so I had to modify Docker's default subnet as detailed in this KB article.

This worked for most of my containers, however I'm still having issues with some of them. Upon inspecting the networks in use, I'm still seeing IP addresses assigned by Docker that are outside the allowed range.

For example, here is my /etc/docker/daemon.json file:

{
    "bip": "172.44.0.1/16"
}

However, when I create a network, Docker still assigns addresses to restricted ranges. As an example, I can reproduce this behavior easily like this:

$ docker network create test_net
d7ce97965b53b3d3ea1cf0b4169d7851e115b95fe9bb506ebfa6df0964db8630
$ docker network inspect test_net
[
    {
        "Name": "test_net",
        "Id": "d7ce97965b53b3d3ea1cf0b4169d7851e115b95fe9bb506ebfa6df0964db8630",
        "Created": "2018-12-27T12:54:10.515011613-06:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "172.20.0.0/16",
                    "Gateway": "172.20.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

Does there exist a way to force Docker to always generate networks within the IP ranges I specify?

Answer 1

The solution was to include this at the top of my compose file:

networks:
  default:
    driver: bridge
    ipam:
      driver: default
      config:
      - subnet:  10.103.0.1/16

The reason this works is that Docker Compose always generates a default network for every Compose app that doesn't specify one. By including something like this on each app, you can ensure that your apps never collide and always use the IP range you specify. For larger scale apps you'd probably need to increase to 3 octets instead of 2, (/24 vs /16).