Introduction
Beginning in version 202104-1, Docker non-default networks tfe_services and tfe_terraform_isolation on subnet 172.19.0.0/16 and 172.20.0.0/16 were added for the Terraform Enterprise component Docker containers as part of a network segmentation update. This is to provide better network isolation from environments running untrusted code.
Use Case
Prior to this network segmentation update, a custom MTU (maximum transmission unit) value for containers could be set in the daemon.json file and honored by each container that used the Docker default network. Currently, Docker containers on isolation or custom networks do not inherit the MTU settings from the daemon.json file which can result in intermittent network issues in Terraform runs so it is necessary to recreate the isolation networks with the proper MTU by using the procedure below.
Procedure
# Stop the TFE application.
$ replicatedctl app stop
# Verify the application has stopped.
$ replicatedctl app status
# Delete the tfe_terraform_isolation Docker network.
$ sudo docker network rm tfe_terraform_isolation
# Delete the tfe_services Docker network.
$ sudo docker network rm tfe_services
# Recreate the tfe_terraform_isolation Docker network with new MTU settings.
$ sudo docker network create tfe_terraform_isolation --subnet=172.20.0.0/16 --gateway 172.20.0.1 -o com.docker.network.driver.mtu=1460
# Recreate the tfe_terraform_isolation Docker network with new MTU settings.
$ sudo docker network create tfe_services --subnet=172.19.0.0/16 --gateway 172.19.0.1 -o com.docker.network.driver.mtu=1460
# Verify settings are present. Check for MTU settings.
$ sudo docker network inspect tfe_terraform_isolation
# Verify settings are present. Check for MTU settings.
$ sudo docker network inspect tfe_services
# Once verified, start the application.
$ replicatedctl app start---