Run Docker container on host network

Question

I'd like to assign a static IP to a docker container and have it work like a virtual machine on the host network.

Example:

Network of 10.10.10.0/24

Physical host running Docker IP: 10.10.10.1

Docker container IP: 10.10.10.2

Now obviously that's rather easy as long as I have a separate NIC for the container - otherwise there's problems with ARP. I have read up on macvlan networks and they seem to be a way to resolve this:

https://docs.docker.com/network/macvlan/

However, it says clearly says that:

In this case, you need to designate a physical interface on your Docker host to use for the Macvlan, as well as the subnet and gateway of the Macvlan.

Can this physical interface still carry a "normal" IP address so it can communicate with other physical hosts on the network?

Answer 1

Yes, it can.

By default though there will be no connectivity from host to a container. Official doc for v17.09 states the following:

When using macvlan, you cannot ping or communicate with the default namespace IP address. For example, if you create a container and try to ping the Docker host’s eth0, it will not work. That traffic is explicitly filtered by the kernel modules themselves to offer additional provider isolation and security.

A macvlan subinterface can be added to the Docker host, to allow traffic between the Docker host and containers. The IP address needs to be set on this subinterface and removed from the parent address.

While that version of docker might be old the manual for it had a number of useful commands that were removed in the newer docs:

On Debian or Ubuntu, adding the following to /etc/network/interfaces will make this persistent.

auto eno1
iface eno1 inet manual

auto mac0
iface mac0 inet dhcp
  pre-up ip link add mac0 link eno1 type macvlan mode bridge
  post-down ip link del mac0 link eno1 type macvlan mode bridge

NOTE: Make sure you are not using Ubuntu's netplan that was introduced in v18 to manage those interfaces.