Closed AkihiroSuda closed 2 years ago
I agree that network needs to be much more configurable. I can think of at least 4 different desirable configurations:
(1) or (2) can be combined with (3) or (4).
(1) and (2) have a potential 5s delay between starting a container and the port becoming available, (3) and (4) should provide immediate access.
(1) and (4) are more secure because they don't allow external access.
(1) and (2) are faster than (3).
Only one of the 4 options is required (we would still forward the SSH and DNS ports, even if we otherwise disabled (1) and (2)).
The 0.7.0 release is configured with both (2) and (3).
Beyond that there may be a need to configure the subnet for (4) to avoid conflicts with the local network, or VPN network ranges.
As for not requiring root
, this is also required for creating the /var/run/docker.sock
symlink to the docker socket. It can be avoided by using docker context
, or setting DOCKER_HOST
.
@jandubois My work VPN will shut down if it detects any changes to routes/iptables/interfaces. It would be very nice if one of the network options enabled using Rancher Desktop without making changes to the host network.
Is Issue #1150 related to this?
Is Issue #1150 related to this?
I don't think so. Note that kim
has been removed from RD for the next release, which will run buildkitd natively as a service, so things will look a bit different very soon.
This issue is being replaced by #1224 for running without sudo
and #1227 for making networking configurable.
Preflight Checklist
Problem Description
Starting with v0.7, Rancher Desktop requires the admin password for assigning a routable IP to the VM (by creating
/opt/rancher-desktop/bin/vde_{vmnet,switch}
and/etc/sudoers.d/rancher-desktop-lima
).Some users may feel this less secure than v0.6. I also guess some enterprise users can't even install v0.7.
Proposed Solution
Allow disabling
vde_vmnet
and falling back to v0.6 behavior.Additional Information
No response