Broken DIND (Docker In Docker) Networking in Azure

[yasin-amadmia-mck]

Is this a BUG REPORT or FEATURE REQUEST?

BUG REPORT

Versions

Tectonic version (release or commit hash):

tectonic_1.8.4-tectonic.3 

NAME                                        STATUS    AGE       VERSION           EXTERNAL-IP     OS-IMAGE                                        KERNEL-VERSION
ip-10-0-31-141.eu-west-2.compute.internal   Ready     6h        v1.8.4+coreos.0   xxx                Container Linux by CoreOS 1688.2.0 (Rhyolite)   4.14.23-coreos
ip-10-0-60-95.eu-west-2.compute.internal    Ready     6h        v1.8.4+coreos.0   <none>          Container Linux by CoreOS 1688.2.0 (Rhyolite)   4.14.23-coreos
ip-10-0-76-72.eu-west-2.compute.internal    Ready     6h        v1.8.4+coreos.0   <none>          Container Linux by CoreOS 1688.2.0 (Rhyolite)   4.14.23-coreos
ip-10-0-83-137.eu-west-2.compute.internal   Ready     6h        v1.8.4+coreos.0   <none>          Container Linux by CoreOS 1688.2.0 (Rhyolite)   4.14.23-coreos

Terraform version (terraform version):

Terraform v0.10.7

Platform (aws|azure|openstack|metal|vmware):

azure

What happened?

Broken DIND (Docker In Docker) Networking in Azure. Containers created via DIND can't go outside. This only happens in Azure. Same configuration works well in AWS.

What you expected to happen?

Containers created via DIND should be able to go/connect to outside world (ex: when running apt-get update from within the container)

How to reproduce it (as minimally and precisely as possible)?

• Create a Cluster within Azure
• Create a namespace called 'testing-dind'

kubectl create namespace testing-dind

• Create a Docker-Dind deployment using file below

apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  kind: Deployment
  metadata:
    labels:
      app: docker-dind
    name: dind-deployment
    namespace: testing-dind
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: docker-dind
    template:
      metadata:
        labels:
          app: docker-dind
      spec:
        containers:
        - command:
          - docker
          - run
          - -p
          - 80:80
          - httpd:latest
          env:
          - name: DOCKER_HOST
            value: tcp://localhost:2375
          image: docker
          imagePullPolicy: IfNotPresent
          name: docker
          resources: {}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
        - image: docker:17.07.0-ce-dind
          imagePullPolicy: IfNotPresent
          name: docker-dind
          resources: {}
          securityContext:
            privileged: true
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /var/lib/docker
            name: docker-graph-storage
        dnsPolicy: ClusterFirst
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
        volumes:
        - emptyDir: {}
          name: docker-graph-storage
kind: List

• Exec into the 'docker' container (assuming pod dind-deployment-6cff68494-hzbgg)
  kubectl exec -it dind-deployment-6cff68494-hzbgg -n testing-dind /bin/sh
• Check http container
  docker ps
• Exec into the 'http' container (assuming the container name is lucid_booth)
  docker exec -it lucid_booth /bin/sh
• Run apt-get update
  apt-get update

Anything else we need to know?

The above works well on AWS (apt-get udpate completes very fast and successfully), however, for Azure it takes for ever. Perhaps some networking component (NSG etc) is missing/not-configured in Azure.