doc(local-development): added host to docker network routing

2025-03-12 17:13:51 +01:00 · 2025-03-12 17:13:51 +01:00 · 2accc93181
commit 2accc93181
parent 7700428175
3 changed files with 168 additions and 0 deletions
--- a/docs/technical-documentation/solution/scenarios/local-development/host-to-kind-network-routing/index.md
+++ b/docs/technical-documentation/solution/scenarios/local-development/host-to-kind-network-routing/index.md
@ -0,0 +1,168 @@
+# Host to Kind routing
+
+When we subnetwork inside a VM (e.g. WSL), you won't get a connection from the host (e.g. Windows) to the kind network inside the VM.
+
+### tldr;
+
+Add a route in windows to your docker network (e.g. 192.168.199.0/24) over the vm network connector:
+```powershell
+# in windows admin mode
+
+PS C:\Users\stl> route add 192.168.199.0/24 172.29.216.239
+```
+
+#### Outcome
+
+Now in windows you can reach Docker network addresses inside your VM:
+
+```powershell
+PS C:\Users\stl> ping 192.168.199.33
+
+Ping wird ausgeführt für 192.168.199.33 mit 32 Bytes Daten:
+Antwort von 192.168.199.33: Bytes=32 Zeit<1ms TTL=64
+```
+
+## Intro 
+
+
+So let' say you created a edp setup by 
+
+```bash
+# in WSL
+
+$ ./edpbuilder.sh --type kind --stacks all --domain client-192-168-199-35.traefik.me --domain-gitea gitea-client-192-168-199-35.traefik.me
+```
+
+you will not be able to send tcp/ip packets from the host (windows) to the kind network gateway, which is inside the docker network of your vm:
+
+```powershell
+# in windows
+
+PS C:\Users\stl> ping gitea-client-192-168-199-35.traefik.me
+
+Ping wird ausgeführt für gitea-client-192-168-199-35.traefik.me [192.168.199.35] mit 32 Bytes Daten:
+Zeitüberschreitung der Anforderung.
+```
+
+## Goal: Windows can access EDP
+
+So what we want is a situation like the following:
+
+In the following screenshot we have at left a browser in windows, and at the right a terminal in wsl. In both a request to `client-192-168-199-35.traefik.me`is working:
+
+![alt text](windows.png)
+
+## Setup Route from windows to WSL
+
+What we need is a route from windows to the docker containers inside the WSL.
+
+So first check your docker network address: 
+
+```bash
+# in wsl
+
+$ ip r
+default via 172.29.208.1 dev eth0 proto kernel
+172.29.208.0/20 dev eth0 proto kernel scope link src 172.29.216.239
+192.168.199.0/28 dev docker0 proto kernel scope link src 192.168.199.1
+192.168.199.32/27 dev br-8e96da84337e proto kernel scope link src 192.168.199.33
+```
+
+What you see is 
+
+* the network connection to the host with the gateway `172.29.216.239`
+* the docker network `192.168.199.0/28` ranging from 192.168.199.1 to 192.168.199.14 (28 = 255.255.240.0) 
+* and the kind network `192.168.199.32/27` ranging from 192.168.199.33 to 192.168.199.62 (27 = 255.255.224).
+
+In Windows we see that the docker network is reachabel via gateway `172.29.208.1` which is inside network `172.29.208.0/20`:
+
+```powershell
+PS C:\Users\stl> ipconfig
+...
+Ethernet-Adapter vEthernet (WSL):
+
+   Verbindungsspezifisches DNS-Suffix:
+   IPv4-Adresse  . . . . . . . . . . : 172.29.208.1
+   Subnetzmaske  . . . . . . . . . . : 255.255.240.0
+   Standardgateway . . . . . . . . . :
+...
+```
+
+## add route
+
+Now we add the route:
+
+```powershell
+# in windows
+
+PS C:\Users\stl> route add 192.168.199.0/24 172.29.216.239
+ OK!
+```
+
+and can check it with
+
+```powershell
+# in windows
+
+PS C:\Users\stl> route print
+...
+===========================================================================
+Aktive Routen:
+     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
+          0.0.0.0          0.0.0.0      10.34.216.1    10.34.219.176     25
+...
+    192.168.199.0    255.255.255.0   172.29.216.239     172.29.208.1     16
+...
+===========================================================================
+```
+
+and have network `192.168.199.0/24` to be routed by `172.29.216.239` over `172.29.208.1`.
+
+## Test
+
+Now you should be able to ping from windows to wsl:
+
+```powershell
+# in windows, send ping
+
+PS C:\Users\stl> ping gitea-client-192-168-199-35.traefik.me
+
+Ping wird ausgeführt für gitea-client-192-168-199-35.traefik.me [192.168.199.35] mit 32 Bytes Daten:
+Antwort von 192.168.199.35: Bytes=32 Zeit<1ms TTL=63
+Antwort von 192.168.199.35: Bytes=32 Zeit<1ms TTL=63
+Antwort von 192.168.199.35: Bytes=32 Zeit<1ms TTL=63
+Antwort von 192.168.199.35: Bytes=32 Zeit<1ms TTL=63
+
+Ping-Statistik für 192.168.199.35:
+    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
+    (0% Verlust),
+Ca. Zeitangaben in Millisek.:
+    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
+```
+
+```bash
+# in wsl, receive ping
+
+tcpdump -n -i eth0 icmp and src host 172.29.208.1
+```
+
+![alt text](pings.png)
+
+## Trouble shooting
+
+If icmp or http doesn't work check that a fw is off:
+
+```bash
+# in wsl
+
+sudo ufw diable
+```
+
+Also be sure that ip forwarding is on in wsl:
+
+```bash
+# in wsl
+
+echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
+
+```
--- a/docs/technical-documentation/solution/scenarios/local-development/host-to-kind-network-routing/pings.png
+++ b/docs/technical-documentation/solution/scenarios/local-development/host-to-kind-network-routing/pings.png
--- a/docs/technical-documentation/solution/scenarios/local-development/host-to-kind-network-routing/windows.png
+++ b/docs/technical-documentation/solution/scenarios/local-development/host-to-kind-network-routing/windows.png