Description
If I use unencrypted overlay networks, everything works.
After just changing networks from unencrypted to encrypted, things stopped working. I created the networks with the following command:
network create --attachable --driver overlay --opt encrypted <network_name>
The strange thing is encrypted overlay networks work on my local dev environment.
I use two VPSs in local dev, and three VPSs in production environment. All of them installed Ubuntu 20.04 with kernel 5.15.0-86-generic. Just in case it's caused by firewall in production environment, following are the ports I opened on production VPSs:
tcp:
- 22 # ssh
- 80 # http
- 443 # https
- 2377 # docker swarm - cluster management communications
- 7946 # docker swarm - communication among nodes
udp:
- 4789 # docker swarm - overlay network traffic
- 7946 # docker swarm - communication among nodes
Reproduce
Can't reproduce easily. I use VPSs on Hetzner cloud.
Expected behavior
No response
docker version
Client: Docker Engine - Community
Version: 24.0.2
API version: 1.43
Go version: go1.20.4
Git commit: cb74dfc
Built: Thu May 25 21:52:22 2023
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 24.0.2
API version: 1.43 (minimum version 1.12)
Go version: go1.20.4
Git commit: 659604f
Built: Thu May 25 21:52:22 2023
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.21
GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc:
Version: 1.1.7
GitCommit: v1.1.7-0-g860f061
docker-init:
Version: 0.19.0
GitCommit: de40ad0
docker info
Client: Docker Engine - Community
Version: 24.0.2
Context: default
Debug Mode: false
Plugins:
buildx: Docker Buildx (Docker Inc.)
Version: v0.10.5
Path: /usr/libexec/docker/cli-plugins/docker-buildx
compose: Docker Compose (Docker Inc.)
Version: v2.18.1
Path: /usr/libexec/docker/cli-plugins/docker-compose
scan: Docker Scan (Docker Inc.)
Version: v0.17.0
Path: /usr/libexec/docker/cli-plugins/docker-scan
Server:
Containers: 12
Running: 11
Paused: 0
Stopped: 1
Images: 24
Server Version: 24.0.2
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: json-file
Cgroup Driver: cgroupfs
Cgroup Version: 1
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: sodkyrajy01jl9x5hq19lto6g
Is Manager: true
ClusterID: yq0iueui1b7t493wnkz7x49y0
Managers: 1
Nodes: 3
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 49.12.189.113
Manager Addresses:
49.12.189.113:2377
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
runc version: v1.1.7-0-g860f061
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
Kernel Version: 5.15.0-86-generic
Operating System: Ubuntu 20.04.4 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 7.566GiB
Name: makabaka-1-1
ID: 6a7aa601-84be-4788-8635-1b1723a029fe
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: falseAdditional Info
No response
Description
If I use unencrypted overlay networks, everything works.
After just changing networks from unencrypted to encrypted, things stopped working. I created the networks with the following command:
The strange thing is encrypted overlay networks work on my local dev environment.
I use two VPSs in local dev, and three VPSs in production environment. All of them installed Ubuntu 20.04 with kernel 5.15.0-86-generic. Just in case it's caused by firewall in production environment, following are the ports I opened on production VPSs:
Reproduce
Can't reproduce easily. I use VPSs on Hetzner cloud.
Expected behavior
No response
docker version
Client: Docker Engine - Community Version: 24.0.2 API version: 1.43 Go version: go1.20.4 Git commit: cb74dfc Built: Thu May 25 21:52:22 2023 OS/Arch: linux/amd64 Context: default Server: Docker Engine - Community Engine: Version: 24.0.2 API version: 1.43 (minimum version 1.12) Go version: go1.20.4 Git commit: 659604f Built: Thu May 25 21:52:22 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.21 GitCommit: 3dce8eb055cbb6872793272b4f20ed16117344f8 runc: Version: 1.1.7 GitCommit: v1.1.7-0-g860f061 docker-init: Version: 0.19.0 GitCommit: de40ad0docker info
Additional Info
No response