0

Investigating Docker Desktop on Windows with WSL2 using the Edgeshark open source tool, I get the following network topology for the container workload:

Deocker Desktop with WSL2 network topology

Please note how this is a Docker-in-containerd setup, so the Docker engine lives inside a containerd container, in the services.linuxkit namespace of containerd.

Now I "suspect" that Docker Desktop might use CNI plugins with containerd to network its managed containers, such as the docker1-eth0 and services1 -eth0 VETH "networks". If this actually is the case, where can I find the CNI plugin configuration for this setup?

TheDiveO
  • 2,183
  • 2
  • 19
  • 38

1 Answers1

0

As it turns out, we need a way to look into the environment around the Docker engine, and a way to see it, is to deploy an inspection container as follows:

docker run -it --rm --privileged --pid host alpine

Next, we can look around via the wormhole of /proc/1/root/; this turns up a directory /proc/1/root/containers with an onboot sub-directory. There's more here:

  • /proc/1/root/containers
    • onboot
      • ...
      • 004-docker-net
      • 005-docker-net-root
      • ...
    • services
      • ...

004-docker-net/runtime.json contains a "section" about (network) interfaces:

    "interfaces": [
        {
            "name": "docker0",
            "add": "veth",
            "peer": "docker1",
            "createInRoot": false
        }
    ],

So, there is no "traditional" CNI plugin configuration used here, but Docker Desktop does its own thing.

TheDiveO
  • 2,183
  • 2
  • 19
  • 38