Skip to content

docker-in-docker feature breaks with Codespaces+Kind and docker v27+ (docker's ipv6 breaking changes) #1023

New issue
New issue
Closed
#1068
Closed
docker-in-docker feature breaks with Codespaces+Kind and docker v27+ (docker's ipv6 breaking changes)#1023
#1068
Assignees
gauravsaini04
@jeremysf

Description

@jeremysf
jeremysf
opened on Jun 28, 2024

We have been using Visual Studio Code, GitHub Codespaces and the docker-in-docker feature with Kubernetes' kind project (https://kind.sigs.k8s.io/) for several years now.

Recently, with the release of docker version 27, things broke. When trying to use the kind command line utility to create a new kind cluster (i.e. launch the kind docker container which encapsulates a Kubernetes cluster) we get the following error:

Creating cluster "kind" ...
ERROR: failed to create cluster: failed to ensure docker network: command "docker network create -d=bridge -o com.docker.network.bridge.enable_ip_masquerade=true -o com.docker.network.driver.mtu=1500 --ipv6 --subnet fc00:f853:ccd:e793::/64 kind" failed with error: exit status 1
Command Output: Error response from daemon: Failed to Setup IP tables: Unable to enable NAT rule:  (iptables failed: ip6tables --wait -t nat -I POSTROUTING -s fc00:f853:ccd:e793::/64 ! -o br-94aea5e559a6 -j MASQUERADE: ip6tables v1.8.7 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
 (exit status 3))

The issue is I think related to this change by docker:

https://docs.docker.com/engine/release-notes/27.0/#ipv6

I think what is needed is the ability to do this from the release notes:

To restore the behavior of earlier releases, no ip6tables at all, set "ip6tables": false in daemon.json, or use the CLI option --ip6tables=false. Alternatively, leave ip6tables enabled, publish ports, and enable direct routing.

Temporarily, I am able to get things working again with the following feature configuration in our devcontainer.json:

    "features": {
        "ghcr.io/devcontainers/features/common-utils:1": {
            "installZsh": true,
            "upgradePackages": false,
            "uid": "1000",
            "gid": "1000",
            "installOhMyZsh": "true",
            "nonFreePackages": "true"
        },
        "ghcr.io/devcontainers/features/docker-in-docker:2.2.1": {
            "version": "26.1.3",
            "enableNonRootDocker": true,
            "moby": false
        }
    },

Is it possible to extend the feature with an option to disable ip6tables and/or to pass in additional command line options to the launch of docker?

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions