Can not set fixed-cidr. Docker Desktop validation Breaks the config value if configured manually

AlexanderBartoshZ commented 5 months ago

Description

I would like to set fixed-cidr - "192.168.10.0/24",

This is what I get when using UI:

If done manually in %programdata%\docker\config\daemon.json starting docker desktop FIXES this according to its validation rule and changes the config to "fixed-cidr": "192.168.10.0",

Clearly you get various errors depending on the fact if default nat network is present.

Please advice. We are blocked by this issue and need a solution/workaround.

Reproduce

Read the description

Expected behavior

IT WORKS :)

docker version

Client:                                                                                                                                                                                                                                                                                                              Cloud integration: v1.0.35+desktop.13                                                                                                                                                                                                                                                                               Version:           26.0.0                                                                                                                                                                                                                                                                                           API version:       1.45                                                                                                                                                                                                                                                                                             Go version:        go1.21.8                                                                                                                                                                                                                                                                                         Git commit:        2ae903e                                                                                                                                                                                                                                                                                          Built:             Wed Mar 20 15:18:56 2024                                                                                                                                                                                                                                                                         OS/Arch:           windows/amd64                                                                                                                                                                                                                                                                                    Context:           default                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             Server: Docker Desktop 4.29.0 (145265)                                                                                                                                                                                                                                                                               Engine:                                                                                                                                                                                                                                                                                                              Version:          26.0.0                                                                                                                                                                                                                                                                                            API version:      1.45 (minimum version 1.24)                                                                                                                                                                                                                                                                       Go version:       go1.21.8                                                                                                                                                                                                                                                                                          Git commit:       8b79278                                                                                                                                                                                                                                                                                           Built:            Wed Mar 20 15:17:49 2024                                                                                                                                                                                                                                                                          OS/Arch:          windows/amd64                                                                                                                                                                                                                                                                                     Experimental:     false

docker info

Client:
 Version:    26.0.0
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.13.1-desktop.1
    Path:     C:\Program Files\Docker\cli-plugins\docker-buildx.exe
  compose: Docker Compose (Docker Inc.)
    Version:  v2.26.1-desktop.1
    Path:     C:\Program Files\Docker\cli-plugins\docker-compose.exe
  debug: Get a shell into any image or container. (Docker Inc.)
    Version:  0.0.27
    Path:     C:\Program Files\Docker\cli-plugins\docker-debug.exe
  dev: Docker Dev Environments (Docker Inc.)
    Version:  v0.1.2
    Path:     C:\Program Files\Docker\cli-plugins\docker-dev.exe
  extension: Manages Docker extensions (Docker Inc.)
    Version:  v0.2.23
    Path:     C:\Program Files\Docker\cli-plugins\docker-extension.exe
  feedback: Provide feedback, right in your terminal! (Docker Inc.)
    Version:  v1.0.4
    Path:     C:\Program Files\Docker\cli-plugins\docker-feedback.exe
  init: Creates Docker-related starter files for your project (Docker Inc.)
    Version:  v1.1.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-init.exe
  sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc.)
    Version:  0.6.0
    Path:     C:\Program Files\Docker\cli-plugins\docker-sbom.exe
  scout: Docker Scout (Docker Inc.)
    Version:  v1.6.3
    Path:     C:\Program Files\Docker\cli-plugins\docker-scout.exe

Server:
 Containers: 4
  Running: 0
  Paused: 0
  Stopped: 4
 Images: 95
 Server Version: 26.0.0
 Storage Driver: windowsfilter
  Windows: 
 Logging Driver: json-file
 Plugins:
  Volume: local
  Network: ics internal l2bridge l2tunnel nat null overlay private transparent
  Log: awslogs etwlogs fluentd gcplogs gelf json-file local splunk syslog
 Swarm: inactive
 Default Isolation: hyperv
 Kernel Version: 10.0 22631 (22621.1.amd64fre.ni_release.220506-1250)
 Operating System: Microsoft Windows Version 23H2 (OS Build 22631.3447)
 OSType: windows
 Architecture: x86_64
 CPUs: 20
 Total Memory: 63.69GiB
 Name: NL1LTJJXSQ3
 ID: 7ef33f6c-55a6-4d26-9119-aba4fa7bf6f9
 Docker Root Dir: C:\ProgramData\Docker
 Debug Mode: false
 Labels:
  com.docker.desktop.address=npipe://\\.\pipe\docker_cli
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

Diagnostics ID

2EAA9B4F-EC97-4C5F-8688-27333DF2D459/20240412150843

Additional Info

Clearly not a nice bug. Please get it fixed ASAP. Is there a workaround?

AlexanderBartoshZ commented 5 months ago

@bsousaa IMO it is not about network but is more about just incorrect validation of fixed-cidr

AlexanderBartoshZ commented 5 months ago

Since it is also changed in the config on restart of Docker Desktop from 192.168.10.0/24 to 192.168.10.0 might be not only GUI

guyelight commented 5 months ago

This is a UI issue, the C:\User[username].docker\windows-daemon.json can be edited to fix cidr value, as a work around. The UI changes this file and this file always overwrites the %programdata%\Docker\config\daemon.json.

Please fix the configuration validation in the UI to allow the proper cidr value to be entered.

Or environment requires the fixed-cidr to be changed from the default due to subnet conflicts in our network.

AlexanderBartoshZ commented 5 months ago

Thx @guyelight. Can confirm that after changing C:\User[username].docker\windows-daemon.json and restarting twice (or switching back and force between Windows and Linux containers) the default nat network is there with the right cidr

szevzol commented 4 months ago

This hits me on my company development environment. I have to use VPN and the default IP ranges are conflicting with company IPs. My only chance is to use fixed-cidr config. Can you advise a workaround? Updating windows-daemon.json and restarting didn't work.

szevzol commented 4 months ago

For the ones using Hyper-V & windows containers, and it's not important to set a predefined static IP range for the containers, I think I found a workaround:

In Hyper-V Manager, create an external vSwitch connected to the host's network
The host's bandwidth will be terribly slow. Some network settings should be modified: https://www.tenforums.com/virtualization/183576-very-slow-up-download-speeds-hyperv-external-switch-setup.html
Restart docker engine: a new network will be created with the name of the new switch & with transparent driver
Run the containers or docker builds using this new network docker run --net "New External Switch" docker build --network "New External Switch"

guyelight commented 4 months ago

This hits me on my company development environment. I have to use VPN and the default IP ranges are conflicting with company IPs. My only chance is to use fixed-cidr config. Can you advise a workaround? Updating windows-daemon.json and restarting didn't work.

Change C:\User[username].docker\windows-daemon.json and C:\ProgramData.docker\daemon.json with the CIDR Value you want, do not use the UI.

You will then need to restart docker and sometimes it requires deleting the network. If you don't mind losing all you HSN networks you can do the following and a new NAT with the CIDR value will be created.

In a PowerShell Admin Window:

Stop-Service docker
Stop-Service hsn
Get-HostNetworks | Remove-HostNetworks docker 
Start-Service hsn
Start-Service docker

Use docker network inspect nat to see if the new IP Address pool took hold.

szevzol commented 4 months ago

This hits me on my company development environment. I have to use VPN and the default IP ranges are conflicting with company IPs. My only chance is to use fixed-cidr config. Can you advise a workaround? Updating windows-daemon.json and restarting didn't work.

Change C:\User[username].docker\windows-daemon.json and C:\ProgramData.docker\daemon.json with the CIDR Value you want, do not use the UI.

You will then need to restart docker and sometimes it requires deleting the network. If you don't mind losing all you HSN networks you can do the following and a new NAT with the CIDR value will be created.

In a PowerShell Admin Window:
Stop-Service docker
Stop-Service hsn
Get-HostNetworks | Remove-HostNetworks docker 
Start-Service hsn
Start-Service docker
Use docker network inspect nat to see if the new IP Address pool took hold.

I didn't remove existing network. With this step, it worked. Thank you!

szevzol commented 4 months ago

It worked, in terms of avoiding IP conflicts. However, name resolution is not working well from windows containers at the moment. I will go with using Hyperv external switch and a transparent docker network.

guyelight commented 4 months ago

This has been an issue since version 25.0. The network scoped aliases are only support in user-defined network, See: https://github.com/nektos/act/issues/2074. Just create you own nat:

docker network create -d "nat" --subnet "10.201.0.0/24" my-nat

When you attach to the network this way the network alias can be resolved. Or just use docker compose, it creates its own network each time.

This would not be a solution in olde versions because the network would be delete on restart of windows, the latest version of Docker keep this network around after restart.

docker / for-win