search

crc-org / crc

CRC is a tool to help you run containers. It manages a local OpenShift 4.x cluster, Microshift or a Podman VM optimized for testing and development purposes
https://crc.dev
Apache License 2.0
1.24k stars 233 forks source link

[Enhancement] Config option to change cluster network settings #1380

Closed dlmorais-13 closed 4 years ago

dlmorais-13 commented 4 years ago

General information

CRC version

CodeReady Containers version: 1.12.0+6710aff
OpenShift version: 4.4.8 (embedded in binary)

CRC status

CRC VM:          Running
OpenShift:       Running (v4.4.8)
Disk Usage:      22.9GB of 32.72GB (Inside the CRC VM)
Cache Usage:     14.81GB
Cache Directory: C:\Users\pb003301\.crc\cache

CRC config

- nameserver                            : 8.8.8.8

Host Operating System

Host Name:                 DESKTOP-IASEF7U
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.18362 N/A Build 18362
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          <redacted>
Registered Organization:
Product ID:                00330-80000-00000-AA309
Original Install Date:     6/25/2019, 10:21:27 PM
System Boot Time:          7/10/2020, 7:01:56 AM
System Manufacturer:       SAMSUNG ELECTRONICS CO., LTD.
System Model:              300E5M/300E5L
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 142 Stepping 9 GenuineIntel ~2703 Mhz
BIOS Version:              American Megatrends Inc. P08RED.021.181123.ZW, 11/23/2018
Windows Directory:         C:\WINDOWS
System Directory:          C:\WINDOWS\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              pt-br;Portuguese (Brazil)
Time Zone:                 (UTC-05:00) Indiana (East)
Total Physical Memory:     16,294 MB
Available Physical Memory: 2,474 MB
Virtual Memory: Max Size:  21,670 MB
Virtual Memory: Available: 5,569 MB
Virtual Memory: In Use:    16,101 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\DESKTOP-IASEF7U
Hotfix(s):                 21 Hotfix(s) Installed.
                           [01]: KB4552931
                           [02]: KB4497165
                           [03]: KB4498523
                           [04]: KB4503308
                           [05]: KB4508433
                           [06]: KB4509096
                           [07]: KB4515383
                           [08]: KB4516115
                           [09]: KB4520390
                           [10]: KB4521863
                           [11]: KB4524244
                           [12]: KB4524569
                           [13]: KB4528759
                           [14]: KB4537759
                           [15]: KB4538674
                           [16]: KB4541338
                           [17]: KB4552152
                           [18]: KB4559309
                           [19]: KB4560959
                           [20]: KB4561600
                           [21]: KB4560960
Network Card(s):           5 NIC(s) Installed.
                           [01]: Hyper-V Virtual Ethernet Adapter
                                 Connection Name: vEthernet (Default Switch)
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: 172.17.177.225
                                 [02]: fe80::3482:c0c6:d070:cb38
                           [02]: TAP-Windows Adapter V9
                                 Connection Name: Ethernet 2
                                 Status:          Media disconnected
                           [03]: Qualcomm Atheros QCA9377 Wireless Network Adapter
                                 Connection Name: Wi-Fi
                                 Status:          Media disconnected
                           [04]: Realtek PCIe FE Family Controller
                                 Connection Name: Ethernet
                                 DHCP Enabled:    Yes
                                 DHCP Server:     192.168.1.1
                                 IP address(es)
                                 [01]: 192.168.1.144
                                 [02]: fe80::a12f:8ebe:36aa:1046
                           [05]: Bluetooth Device (Personal Area Network)
                                 Connection Name: Bluetooth Network Connection 2
                                 Status:          Media disconnected
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.```

Issue

I have the CRC running on my computer just fine. Everything works. I use it to test features, pipeline configurations and troubleshoot builds that are used in my company locally installed OCP. I believe this is a common setup for someone using CRC.

The problem is that when connected to my company VPN, some things stop working. After a long troubleshooting, we came found out that my company internal firewall (CheckPoint) is dropping some requests made by CRC. Those requests are made to hosts with IP 10.128.0.x and the firewall identify as a spoofing, because we have this same subnet configured to another cluster of computers in our network, and we can't change this subnet.

Running OCP is fine, because we have the option to change this subnet during cluster installation (link 1 below), but we currently can't change that in CRC, and it's not possible to change after installation, as this configuration is immutable (link 2 below).

  1. https://docs.openshift.com/container-platform/4.4/installing/installing_openstack/installing-openstack-installer-custom.html#installation-osp-config-yaml_installing-openstack-installer-custom
  2. https://docs.openshift.com/container-platform/4.4/rest_api/config_apis/network-config-openshift-io-v1.html

Enhancement request

Given that the main target audience for this tool is probably corporate users running in local machines, mostly inside company's network, I think it's possible that this problem (and similar others) is going to happen to some people other than me. Said that I think it's a good enhancement to provide and config option to choose some network configuration prior to cluster creation.

crc config set sdn-cluster-network 10.200.0.0/14
crc config set sdn-service-network 172.100.0.0/16
gbraad commented 4 years ago

The problem is that when connected to my company VPN, some things stop working.

This is a known issue and reported as part of the release notes. Mostly caused by the fact that the VPN likely has an option enabled "Force all connections over the VPN" (or called th route all [0/0]).

In the upcoming release the network will have a different address assigned, but we can not make these configurable as this is only an option during the install phase. The images you run are pre-prepared on our end to avoid the install process. Closing as such.

gbraad commented 4 years ago

Reference: https://github.com/code-ready/snc/pull/195