Investigating Docker Desktop on Windows with WSL2 using the Edgeshark open source tool, I get the following network topology for the container workload:
Please note how this is a Docker-in-containerd setup, so the Docker engine lives inside a containerd container, in the services.linuxkit
namespace of containerd.
Now I "suspect" that Docker Desktop might use CNI plugins with containerd to network its managed containers, such as the docker1
-eth0
and services1
-eth0
VETH "networks". If this actually is the case, where can I find the CNI plugin configuration for this setup?
As it turns out, we need a way to look into the environment around the Docker engine, and a way to see it, is to deploy an inspection container as follows:
docker run -it --rm --privileged --pid host alpine
Next, we can look around via the wormhole of /proc/1/root/
; this turns up a directory /proc/1/root/containers
with an onboot
sub-directory. There's more here:
/proc/1/root/containers
onboot
004-docker-net
005-docker-net-root
services
004-docker-net/runtime.json
contains a "section" about (network) interfaces:
"interfaces": [
{
"name": "docker0",
"add": "veth",
"peer": "docker1",
"createInRoot": false
}
],
So, there is no "traditional" CNI plugin configuration used here, but Docker Desktop does its own thing.