When running tools like like docker, podman, kubernetes, etc. Internal internal networks are setup set up that could collide with routed networks within the University of Waterloo’s infrastructure. If this collision happens, then any traffic that is supposed to route to those will stay on the given system. An example for this, if you are on VPN with the ip address 172.25.10.1
, and you start a container or compose project, if docker allocates 172.25.0.0/20
, your connection to the server will drop, as any traffic that was destined for you now gets directed to the docker network.
To prevent these issues from happening, campus Network Operations Centre (NOC) has reserved a subnet has been reserved so that it will not be routed. This can be used for containers. The network block that has been allocated is:
10.255.0.0/16
Which which contains 65,535
addresses that can be used for container networks. The various tools below use different default subnets and are configured differently. Known configurations are listed below, if . If there are any others that should be added, FAST members can edit this page, or a request can be made to document the specific tooling.
Configurations
Table of Contents | ||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Docker
/etc/docker/daemon.json
Code Block | ||
---|---|---|
| ||
{ .... "default-address-pools": [ {"base":"10.255.0.0/16","size":25} ] } |
...
TODO: Fill in instructions for doing this
Docker Swarm
In addition to the above docker configuration, you must also do the following
...
default-addr-pool-mask-length
specifies the default network size for each docker network. /25
contains 128 addresses, so adjust based on your needs.
Podman
See https://github.com/containers/common/blob/main/docs/containers.conf.5.md for configuration locations
...
size
specifies the default network size for each docker network. /25
contains 128 addresses, so adjust based on your needs.
Kubernetes
This is highly dependent on which provider you are using. k3s uses docker, so use the Docker instructions.
RKE2
This should be done when creating the cluster, it isn’t well supported to change this after creation
...
Code Block | ||
---|---|---|
| ||
cluster-cidr: 10.255.0.0/17 service-cidr: 10.255.128.0/17 |
LXC
/etc/default/lxc-net
Code Block |
---|
LXC_BRIDGE="lxcbr0" LXC_ADDR="10.255.0.1" LXC_NETMASK="255.255.0.0" LXC_NETWORK="10.255.0.0/16" LXC_DHCP_RANGE="10.255.0.2,10.255.255.254" LXC_DHCP_MAX="65533" |
...