Docker with ipv6 on Digital Ocean

From Coolscript
Jump to navigation Jump to search

This is a proof of concept for a Docker compose setup together with ipv6 on Digital Ocean

Interface Config

Localhost

The following lists the setup of a typical network configuration, we focus the v6 configuration:

# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
       inet 159.65.xxx.yyy  netmask 255.255.248.0  broadcast 159.65.xxx.255
       inet6 2604:a880:400:d0::xxxx:yyy1  prefixlen 64  scopeid 0x0<global>
       inet6 fe80::5ce1:17ff:feab:f3d9  prefixlen 64  scopeid 0x20<link>
       ether 5e:e1:17:ab:f3:d9  txqueuelen 1000  (Ethernet)
       RX packets 2697112  bytes 965626743 (920.8 MiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 1827600  bytes 8041106277 (7.4 GiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Digital Ocean

Digital Ocean, Droplet information about the ipv6 configuration:

   Public IPv6 Address
   2604:a880:400:d0::xxxx:yyy1 Copy
   Public IPv6 Gateway
   2604:a880:400:d0::1 

   Configurable Address Range
   2604:a880:400:d0::xxxx:yyy0 - 2604:a880:400:d0::xxxx:yyyf 

System Information

# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 12 (bookworm)
Release:        12
Codename:       bookworm

System Settings

  • On the Drople itself - Enable v6
    • net.ipv6.conf.default.disable_ipv6 = 0
    • net.ipv6.conf.all.disable_ipv6 = 0
  • On the Drople itself - Enable Forwarding
    • net.ipv6.conf.default.forwarding=1
    • net.ipv6.conf.all.forwarding=1

View/Print

sysctl -n net.ipv6.conf.default.disable_ipv6
sysctl -n net.ipv6.conf.all.disable_ipv6
sysctl -n net.ipv6.conf.default.forwarding
sysctl -n net.ipv6.conf.all.forwarding

SET

sysctl net.ipv6.conf.default.disable_ipv6=0
sysctl net.ipv6.conf.all.disable_ipv6=0
sysctl net.ipv6.conf.default.forwarding=1
sysctl net.ipv6.conf.all.forwarding=1

Docker compose

  • docker-compose.yaml
  • This sample does NOT require any settings in /etc/docker/dameon.json
  • Add the docker compose network, we will use the droplet as default gateway:
version: "3.9"
networks:
  app_net:
    enable_ipv6: true
    driver: bridge
    driver_opts:
      com.docker.network.enable_ipv6: "true"
    ipam:
      driver: default
      config:
       - subnet: 172.16.238.0/24
         gateway: 172.16.238.1
       - subnet: 2604:a880:400:d0::xxx:yyyy/124
         gateway: 2604:a880:400:d0::xxxx:yyy1


  • Add to each container the new network property, start with 2 then up to max 16
    networks:
      app_net:
          ipv4_address: 172.16.238.2
          ipv6_address: 2604:a880:400:d0::xxx:yyy2


  • Full sample
version: "3.9"
services:
  nginx:
    image: "some-nginx-image"
    ports:
      - "443:443"
      - "80:80"
    restart: unless-stopped
    container_name: nginx
    hostname: nginx
    user: www-data
    networks:
      app_net:
          ipv4_address: 172.16.238.2
          ipv6_address: 2604:a880:400:d0::xxxx:yyy2


  app:
    image: "some-app"
    restart: unless-stopped
    container_name: someapp
    hostname: someapp
    user: www-data
    networks:
      app_net:
          ipv4_address: 172.16.238.3
          ipv6_address: 2604:a880:400:d0::xxxx:yyy3


  networks:
    app_net:
      enable_ipv6: true
      driver: bridge
      driver_opts:
        com.docker.network.enable_ipv6: "true"
      ipam:
        driver: default
        config:
         - subnet: 172.16.238.0/24
           gateway: 172.16.238.1
         - subnet: 2604:a880:400:d0::xxxx:yyy0/124
           gateway: 2604:a880:400:d0::xxxx:yyy1