networkd: no networkd handling of tun IFs

[t-lo]

This change prevents networkd interference with virtual/tunnel
devices for IPSEC (vti*), docker's virtual interfaces (docker*),
and Calico's virtual interfaces (cali*).

This fixes issues introduced by networkd interference we observed
with IPSEC interfaces in particular (tunnel virtual IP being
de-configured and tunnel route torn down at interface activation
time). It also aims to prevent future issues with docker and Calico.

Signed-off-by: Thilo Fromm thilo@kinvolk.io

[dongsupark]

Great!

But I'm not sure about the docker.network, because it will conflict with
the same file in coreos-overlay.

And I think other configs like flannel.network have been added to coreos-overlay instead of the common init repo.
I'm not sure why. Need to track down its git history.

[t-lo]

Oh nice, so for Docker we already have a solution. Will remove the file from my pr tomorrow.

Wrt. overlay vs. init repo, I'm open for considerations.

[t-lo]

I've updated the pull request to exclude docker.network and to include cni.network which solves an issue ignored by CoreOS upstream: coreos/bugs#1678

My motivation to have the fix in the init repo is because the config file which causes the network interference in the first place, zz-default.network, is part of the init repo, too.

[t-lo]

Any chance of getting this into one of the next releases (I realize I just missed a release train)? I don't think the change will have any negative effects on existing use cases.

[dongsupark]

Ok, I'm still not sure if this init repo is the correct place for different network files.
Anyway we can change the location later.
These changes are really needed, so I think it's ok to merge.