When a user initializes a docker swarm an overlay network is generated called an ingress network which handles swarm service control and data traffic.

Bobcares answers all questions no matter the size, with our Docker hosting support

Let us take a look at the docker swarm ingress network in detail.

Overlay networks and Ingress

When the user initializes a swarm or joins a Docker host to an existing swarm. It will generate two new networks that Docker hosts. Ingress is an overlay network that handles the control and data traffic related to swarm services.

When a user creates a swarm service without connecting it to a user-defined overlay network. It connects by default to the ingress network. When a user starts a swarm, the manager creates an overlay network called ingress. The ingress network includes every node that joins the swarm. The ingress network’s sole purpose is to transport traffic from external clients. It publishes the service ports to the services within the swarm.

When a node on the ingress network receives an external request, it resolves the service name to a virtual IP address. This processing will be using the same internal DNS server. The request is then load balanced to a service replica via the ingress network by the IP virtual server.

Here, every node is part of the ingress network, every node can resolve and handle external requests. For all of this to work, the nodes must have a couple of ports open: o TCP and UDP protocol port 7946 for container network discovery. o UDP port 4789 for enabling the container ingress network.

Customize the default ingress network for the docker swarm ingress network

Most users will never need to configure the ingress network, but Docker makes it possible. This is useful if the automatically selected subnet conflicted with one already in use on your network, or if you need to change other low-level network settings such as the MTU.

Customizing the network ingress entails removing and recreating it. This is usually before creating any swarm services. If you already have services that publish ports, you must remove them before you can remove the ingress network. Existing services that do not publish ports continue to function but are not in load-balancing while there is no ingress network. This has an impact on services that publish ports, such as a WordPress service that publishes port 80.

Using the docker network, inspect the ingress network. Examine ingress and remove any services in connection. These are ports that are published by services, such as a WordPress service that publishes port 80. If all such services are not terminated, the following step fails.

Get rid of the existing ingress network:

docker network rm ingress

Using the —ingress flag and the custom options to set, create a new overlay network. In this example, the MTU is set to 1200, the subnet is set to 10.11.0.0/16, and the gateway is set to 10.11.0.2.

docker network create \
--driver overlay \
--ingress \
--subnet=10.11.0.0/16 \
--gateway=10.11.0.2 \
--opt com.docker.network.driver.mtu=1200 \
my-ingress

It is important to note, that the user can name their ingress to network anything other than ingress, but they can only have one. An attempt to make a duplicate fails. After the configuration, the user has to restart the services stopped earlier in the first step.

[Need assistance with similar queries? We are here to help]

Conclusion

To conclude, the docker swarm initialization generates an ingress network. A user can easily manage and customize the Ingress network.