-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the option of Rootless CNI networking by default #10447
Add the option of Rootless CNI networking by default #10447
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mheon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sorry I'm late, but why do we need two configuration fields? Shouldn't netns=bridge and netns=slirp4netns be enough. I don't see the need for the RootlessNetworking field?! |
libpod/runtime.go
Outdated
@@ -532,6 +533,13 @@ func makeRuntime(ctx context.Context, runtime *Runtime) (retErr error) { | |||
} | |||
} | |||
|
|||
// If we need to make a default network - do so now. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should happen before ocicni.InitCNI
(line 465).
59aaa70
to
32a56fc
Compare
@Luap99 The idea was to keep |
OK, one last point. When the compat api is used as rootless we default to slirp4netns, see #10261. We could not swap the default to bridge since there was no default cni config. With this patch we could change this. However, the config is only created when |
I was waffling on that one, but if we have a good reason for it to be universal, I'm happy to make the change. |
43a7af4
to
3a64dbf
Compare
@Luap99 Made default network creation by default. I left the RootlessNetworking bits intact for now - mainly because I don't see an easier way of setting the default for rootless if the user sets |
We also probably want to have a discussion about containers.conf stability - I feel like it's not held up to the same standards of stability as the rest of the API because we can remove config options without much consequence. So even if this did ship, IMO we still have the ability to remove it in the future without a major version bump... |
3a64dbf
to
c7ce571
Compare
cmd/podman/common/create_opts.go
Outdated
@@ -248,7 +249,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, cgroup | |||
} | |||
|
|||
// netMode | |||
nsmode, _, err := specgen.ParseNetworkNamespace(string(cc.HostConfig.NetworkMode)) | |||
nsmode, _, err := specgen.ParseNetworkNamespace(string(cc.HostConfig.NetworkMode), rtc.Containers.RootlessNetworking == "cni") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
always set this to true for compat api, this should fix #10261
libpod/container.go
Outdated
@@ -1168,7 +1167,7 @@ func (c *Container) Networks() ([]string, bool, error) { | |||
func (c *Container) networks() ([]string, bool, error) { | |||
networks, err := c.runtime.state.GetNetworks(c) | |||
if err != nil && errors.Cause(err) == define.ErrNoSuchNetwork { | |||
if len(c.config.Networks) == 0 && !rootless.IsRootless() { | |||
if len(c.config.Networks) == 0 && !c.config.NetMode.IsSlirp4netns() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be IsBridge()
to not match net=none
c7ce571
to
0889be9
Compare
@mheon you have to rebase |
When the containers.conf field "NetNS" is set to "Bridge" and the "RootlessNetworking" field is set to "cni", Podman will now handle rootless in the same way it does root - all containers will be joined to a default CNI network, instead of exclusively using slirp4netns. If no CNI default network config is present for the user, one will be auto-generated (this also works for root, but it won't be nearly as common there since the package should already ship a config). I eventually hope to remove the "NetNS=Bridge" bit from containers.conf, but let's get something in for Brent to work with. Signed-off-by: Matthew Heon <[email protected]>
0889be9
to
533d88b
Compare
Done. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
LGTM |
/lgtm |
/hold cancel |
When the containers.conf field "NetNS" is set to "Bridge" and the "RootlessNetworking" field is set to "cni", Podman will now handle rootless in the same way it does root - all containers will be joined to a default CNI network, instead of exclusively using slirp4netns.
If no CNI default network config is present for the user, one will be auto-generated (this also works for root, but it won't be nearly as common there since the package should already ship a config).
I eventually hope to remove the "NetNS=Bridge" bit from containers.conf, but let's get something in for Brent to work with.