-
Notifications
You must be signed in to change notification settings - Fork 289
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker Swarm Overlay encryption is broken in WSL2 #13450
Comments
Has docker changed the way network encryption is done? |
This is related to security patches in Moby (Docker Engine); please see my comments at microsoft/WSL#10029 (comment) for an explanation. There's not much we can do as the Microsoft team controls the WSL2 kernel; that being said, maybe we should leave this open as a tracking issue on our side while we work with Microsoft to get kernel support in. |
It’s important to track dependent (outstanding) upstream issues related to DD. Folks must know that the DD team is dependent on those blocking issues being resolved. Maybe a special label could be applied? |
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]>
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]>
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]> (cherry picked from commit 1910fdd) Signed-off-by: Bjorn Neergaard <[email protected]>
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]> (cherry picked from commit 1910fdd) Signed-off-by: Bjorn Neergaard <[email protected]>
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]> (cherry picked from commit 1910fdd) Signed-off-by: Bjorn Neergaard <[email protected]>
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]> (cherry picked from commit 1910fdd) Signed-off-by: Bjorn Neergaard <[email protected]>
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]> (cherry picked from commit 1910fdd) Signed-off-by: Bjorn Neergaard <[email protected]>
We omit xt_u32 as it's optional; since we will remove support for this module in the future, it's simpler to check for xt_bpf, which will become the new baseline. Related issues: * microsoft/WSL#10029 (comment) * docker/for-win#13450 (comment) Signed-off-by: Bjorn Neergaard <[email protected]>
The tickets were all closed on Microsoft's side. No one is working on this issue. Can the Moby folks please ask Microsoft to reopen the issues? In the meantime, I've filed: microsoft/WSL#12277 In the meantime, Docker for Windows should return a clean error message indicating that WSL2 does not support Swarm Overlay encryption, and this issue should be documented under https://docs.docker.com/desktop/features/networking/#known-limitations so developers can stop wasting their time trying to figure this out. |
Actual behavior
Error starting encrypted swarm network on windows docker desktop.
Expected behavior
Was working on older docker versions.
Information
I have raised the issue here, but so far have had no response:
microsoft/WSL#10029
Thanks!
The text was updated successfully, but these errors were encountered: