How to change Docker network settings in KATA [KATA/KEDRE]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

 

Please use caution when following the steps.

This article is applicable to KATA 3.7.2 and KATA 4.0/4.1

In KATA 3.7, EDR stack is based on microservice architecture, it utilizes Docker Swarm. Containers have their own internal networking, which may cause issues in infrastructure, if the same networks are already used.

Docker uses 4 different networks:

Name	Subnet
bridge	172.16.0.0/16 OR 172.17.0.0/16 (depending on KATA version)
docker_gwbridge	172.18.0.0/16
ingress	10.255.0.0./16
kataedr_main_1_kata_network	10.0.0.0/16

This article describes the way to change Docker network settings. You should select networks that are not used in the infrastructure, to avoid issues with routing. In most cases, there're overlaps with bridge and docker_gwbridge networks, and changing these networks' subnets resolves the issues.

Step-by-step guide

Change bridge and docker_gwbridge address pools

All the steps must be performed as root.

Networks 172.26.0.0 and 172.24.0.0 are used as an example. Default addresses for these networks are 172.16.0.0/16 and 172.18.0.0/16. Obviously, the subnets you select as replacements must not overlap.

1. Create file /etc/docker/daemon.json with the following content:

   KATA 3.7:

   {   "bip": "172.26.0.1/16" }

   
   KATA 4.0:

   {     "shutdown-timeout": 200,     "bip": "172.26.0.1/16" }

2. Confirm the config validity (there should be no errors in the output of the following command):

   cat /etc/docker/daemon.json | python -m json.tool

3. Restart docker:

   systemctl restart docker

   If docker isn't able to start after subnets' change, change, to find the cause check tail -n 100 /var/log/dockerd.log
   If you see a line "failed to start daemon: Error initializing network controller: Error creating default "bridge" network: Pool overlaps with other one on this address space"
   This indicates the subnet you have selected for bridge is already occupied, you need to select the one that is available.

4. Disconnect the node from Swarm:

   docker node ls --format {{.ID}} | xargs docker node update --availability drain

5. Ensure all containers are down (there should be no entries in the list of running containers):

   watch docker ps

   Run this command and wait until the list of containers is empty, then exit it with CTRL+C

6. Remove docker_gwbridge:

   docker network disconnect -f docker_gwbridge gateway_ingress-sbox   docker network rm docker_gwbridge

7. Create new docker_gwbridge with new network settings:

   SUBNET=172.24.0.0/20 GATEWAY=172.24.0.1 docker network create \ --subnet=${SUBNET} \ --gateway ${GATEWAY} \ -o com.docker.network.bridge.enable_icc=false \ -o com.docker.network.bridge.name=docker_gwbridge \ docker_gwbridge

8. Connect the node back to Swarm:

   docker node ls --format {{.ID}} | xargs docker node update --availability active

9. Restart docker:

   systemctl restart docker

10. Validate your success (command should complete successfully):

    apt-kafka-util list-topics

Change ingress network subnet

Sometimes 10.255.0.0/16 subnet is used for KATA CN. This might cause problems as this subnet overlaps with docker's ingress network. To change its settings, modify the script /bin/apt-init-docker-stack: locate and change the constants:

INGRESS_SUBNET = '10.255.0.0/16'   INGRESS_GATEWAY = '10.255.0.1'

Save your changes and run apt-sedr-reset.