jandubois
commented
2 years ago I agree that network needs to be much more configurable. I can think of at least 4 different desirable configurations:
- forwarding to localhost
- forwarding to host IP
- adding a bridged IP
- adding a shared IP
(1) or (2) can be combined with (3) or (4).
(1) and (2) have a potential 5s delay between starting a container and the port becoming available, (3) and (4) should provide immediate access.
(1) and (4) are more secure because they don't allow external access.
(1) and (2) are faster than (3).
Only one of the 4 options is required (we would still forward the SSH and DNS ports, even if we otherwise disabled (1) and (2)).
The 0.7.0 release is configured with both (2) and (3).
Beyond that there may be a need to configure the subnet for (4) to avoid conflicts with the local network, or VPN network ranges.
As for not requiring root, this is also required for creating the /var/run/docker.sock symlink to the docker socket. It can be avoided by using docker context, or setting DOCKER_HOST.
SeanKnight
renzedj
Preflight Checklist
Problem Description
Starting with v0.7, Rancher Desktop requires the admin password for assigning a routable IP to the VM (by creating
/opt/rancher-desktop/bin/vde_{vmnet,switch}and/etc/sudoers.d/rancher-desktop-lima).Some users may feel this less secure than v0.6. I also guess some enterprise users can't even install v0.7.
Proposed Solution
Allow disabling
vde_vmnetand falling back to v0.6 behavior.Additional Information
No response