Beginning in version
202104-1, Docker non-default networks
tfe_terraform_isolation on subnet
172.20.0.0/16 were added for the Terraform Enterprise component Docker containers as part of a network segmentation update. This is to provide better network isolation from environments running untrusted code.
Prior to this network segmentation update, a custom MTU (maximum transmission unit) value for containers could be set in the
daemon.json file and honored by each container that used the Docker default network. Currently, Docker containers on isolation or custom networks do not inherit the MTU settings from the
daemon.json file which can result in intermittent network issues in Terraform runs so it is necessary to recreate the isolation networks with the proper MTU by using the procedure below.
# Stop the TFE application. $ replicatedctl app stop # Verify the application has stopped. $ replicatedctl app status # Delete the tfe_terraform_isolation Docker network. $ sudo docker network rm tfe_terraform_isolation # Delete the tfe_services Docker network. $ sudo docker network rm tfe_services # Recreate the tfe_terraform_isolation Docker network with new MTU settings. $ sudo docker network create tfe_terraform_isolation --subnet=172.20.0.0/16 --gateway 172.20.0.1 -o com.docker.network.driver.mtu=1460 # Recreate the tfe_terraform_isolation Docker network with new MTU settings. $ sudo docker network create tfe_services --subnet=172.19.0.0/16 --gateway 172.19.0.1 -o com.docker.network.driver.mtu=1460 # Verify settings are present. Check for MTU settings. $ sudo docker network inspect tfe_terraform_isolation # Verify settings are present. Check for MTU settings. $ sudo docker network inspect tfe_services # Once verified, start the application. $ replicatedctl app start
For additional assistance please contact HashiCorp Support.