How to change ip address range of docker swarm ingress network

Question

I use a docker swarm 1.13.1, and when I init the docker swarm or join to docker swarm sometimes it creates a docker_gwbridge network in a "172.19.0.0/16" subnet.

But my computer subnet is in the same range, so when it initializes this network the docker swarm host machine becomes inaccessible from my computer.

So my question is: how can I change the subnet of the existing docker network.

> docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
ac1100164960        bridge              bridge              local
3838ae360f35        docker_gwbridge     bridge              local
f9a77266aa15        host                host                local
rgqnm19zbasv        ingress             overlay             swarm
04c1c6b3ade7        none                null                local

Inspect the network:

> docker network inspect 3838ae360f35
[
    {
        "Name": "docker_gwbridge",
        "Id": "3838ae360f3585f2cda8a43a939643cdd74c0db9bfb7f4f18b3b80ae07b3b9db",
        "Created": "2017-03-22T13:26:50.352865644+01:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Containers": {
            "ingress-sbox": {
                "Name": "gateway_ingress-sbox",
                "EndpointID": "194d965dd2997bddb52eab636950e219043215a5a1a6a60d08f34e454a0eaa56",
                "MacAddress": "02:42:ac:13:00:02",
                "IPv4Address": "172.19.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.enable_icc": "false",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.name": "docker_gwbridge"
        },
        "Labels": {}
    }
]

Answer 1

You can create docker_gwbridge before you initialize the swarm, as explained here.

for example：

docker network rm docker_gwbridge
docker network create --subnet=172.20.0.1/16 -o com.docker.network.bridge.enable_icc=false -o com.docker.network.bridge.name=docker_gwbridge docker_gwbridge

Answer 2

The general way to solve this, including any (non-ingress) network that gets created for you by docker or other tools like docker-compose, is to set the default address pools in your docker daemon config.

In your case, add to /etc/docker/daemon.json (or ~/.docker/daemon.json for Docker Desktop for Mac), for example:

{
  "default-address-pools": [
    {
      "base": "10.10.0.0/16",
      "size": 24
    }
  ]
}

With this, your docker bridge network will get a subnet of 10.10.0.0/24, and your docker swarm docker_gwbridge will get a subnet of 10.10.0.1/24. Any other network that gets created for you like from a docker-compose.yml file, will get the subsequent 10.10.0.2/24 subnet. And so on.

You didn't mention this as an issue, but unfortunately, this doesn't seem to apply to the ingress network.