-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Epic: Use Lima host resolver on Windows #1899
Comments
How to enable this feature: This feature can be enabled through a configuration property NOTE: This feature can only be enabled for Windows currently and it is an experimental feature. You can take a look at the example {
"version":4,
"kubernetes":{
"version":"1.22.7",
"memoryInGB":2,
"numberCPUs":2,
"port":6443,
"containerEngine":"moby",
"checkForExistingKimBuilder":false,
"enabled":true,
"WSLIntegrations":{
"Ubuntu":true
},
"options":{
"traefik":true,
"flannel":true
},
"suppressSudo":false,
"experimentalHostResolver":true <== This is the config!
},
"portForwarding":{
"includeKubernetesServices":false
},
"images":{
"showAll":true,
"namespace":"k8s.io"
},
"telemetry":true,
"updater":false,
"debug":false,
"pathManagementStrategy":"notset"
} After applying the configuration changes above you must restart Rancher Desktop for the changes to take place. |
It is already the default on Linux and macOS. |
On Windows |
We want to use the Lima host resolver to take advantage of all the DNS configuration on the host itself (automatic support of split-DNS over VPN etc).
The resolver code should be in a separate repo at https://github.com/rancher-sandbox/rancher-desktop-host-resolver. It currently uses a fork of
pkg/hostagent/dns.go
from Lima to allow rapid development. Once this task is complete, any changes should be back-ported upstream.Add cobra commandline processing. Add options for the listening interface, the tcp and udp ports, IPv6 support, and built-in hostnames (like
host.docker.internal
).Choose random available ports when tcp/udp ports are not specified.
Look at the findXXXFreeLocalPort functions; we should be able to reuse them.
Add an option to specify allowed source addresses and reject connections not from allowed sources.For WSL2 we will need to connect via the host IP address, but we don't want to accept outside connections. Look at the pseudo loopback forwarder for a possible implementation (except that one checks destination, not source address).NOTE: For the above item, a different approach was taken. To avoid filtration of the incoming DNS requests. The host-resolver runs two processes, 1) In wsl distro 2) on the windows host machine, the communication happens over a dedicated
AF_VSOCK
connection, therefore the process that runs on the windows host machine can only accept DNS lookups that are incoming over theAF_VSOCK
connection.Create Github action to make releases
Download host resolver in Rancher Desktop resources
Start/stop host resolver before/after the WSL2 distro is started
Replacednsmasq
with the host resolver.NOTE: for the item above, we are allowing the users to choose between
host-resolver
ordnsmaq
throughexperimentalHostResolver
configuration flag.The text was updated successfully, but these errors were encountered: