Improve container networking
Right now we simply use "docker --network=host" and manage network overlays separately. It would be nice to support more advanced container networking configurations, in particular, a closer integration between net-overlays and the container scheduling itself.
More specifically here's a possible outcome:
- containers are assigned their own IPs
- net_overlay assigns a subnet to a host, not just a single IP
- container IPs are picked out of private network ranges
There are a few challenges:
- the current service discovery layer assigns IPs to service instances. Multiple containers within a service should use separate ports on the same IP (and should be visible to each other as 'localhost'). Maybe we can do something with "docker network create", or we can bind the docker bridge and the vpn interface later somehow.