Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: support ns namespace path network option for pods #16208

Closed
webarchymeta opened this issue Oct 18, 2022 · 7 comments · Fixed by #16386
Closed

Feature request: support ns namespace path network option for pods #16208

webarchymeta opened this issue Oct 18, 2022 · 7 comments · Fixed by #16386
Labels
Good First Issue This issue would be a good issue for a first time contributor to undertake. kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@webarchymeta
Copy link

The option

--network ns:[netns-path]

where [netns-path] is the path of a network namespace to join, is supported when creating containers. But when trying to let a pod to be created the same way (namely to join an existing network pre-defined in the hosting context), it fails:

Error: pods presently do not support network mode path

My question is: is there future plan to add such a support (for pods)? It will be appreciated to have such a support to increase the networking flexibility of podman ... It is supported for containers why not for pods?
@Luap99 Luap99 added kind/feature Categorizes issue or PR as related to a new feature. Good First Issue This issue would be a good issue for a first time contributor to undertake. labels Oct 18, 2022
@Luap99
Copy link
Member

Luap99 commented Oct 18, 2022

I see no reason why this is restricted, it should be simple to add this functionality.

@rhatdan
Copy link
Member

rhatdan commented Oct 18, 2022

I agree, the check blocking it should be removed.

@bjorndown
Copy link
Contributor

I would like to give this one a try. I got pod create to work, but I assume there is more to do.

./bin/podman pod inspect $(./bin/podman pod create --network ns:$(mktemp -d))
{
     "Id": "e81c95b5d4e6e1f3f202275ac320490c9e889b5e2c53b4c65eb1905938eb56d4",
     "Name": "epic_darwin",
     "Created": "2022-11-02T11:40:25.31129367+01:00",
     "CreateCommand": [
          "./bin/podman",
          "pod",
          "create",
          "--network",
          "ns:/tmp/tmp.7YMHiBxEIg"
     ],
     "ExitPolicy": "continue",
     "State": "Created",
     "Hostname": "",
     "CreateCgroup": true,
     "CgroupParent": "user.slice",
     "CgroupPath": "user.slice/user-libpod_pod_e81c95b5d4e6e1f3f202275ac320490c9e889b5e2c53b4c65eb1905938eb56d4.slice",
     "CreateInfra": true,
     "InfraContainerID": "75d55cc88da22a2a4924df499141c470992062cd43d7f1a6196c114f2681808e",
     "InfraConfig": {
          "PortBindings": {},
          "HostNetwork": false,
          "StaticIP": "",
          "StaticMAC": "",
          "NoManageResolvConf": false,
          "DNSServer": null,
          "DNSSearch": null,
          "DNSOption": null,
          "NoManageHosts": false,
          "HostAdd": null,
          "Networks": null,
          "NetworkOptions": null,
          "pid_ns": "private",
          "userns": "host",
          "uts_ns": "private"
     },
     "SharedNamespaces": [
          "ipc",
          "net",
          "uts"
     ],
     "NumContainers": 1,
     "Containers": [
          {
               "Id": "75d55cc88da22a2a4924df499141c470992062cd43d7f1a6196c114f2681808e",
               "Name": "e81c95b5d4e6-infra",
               "State": "created"
          }
     ]
}

@Luap99
Copy link
Member

Luap99 commented Nov 2, 2022

I would like to give this one a try. I got pod create to work, but I assume there is more to do.

Inspect the infra container, it should show "NetworkMode": "ns:<your path>"

Note that mkdir is not a valid netns fd. What you actually want to test is something like this:

$ sudo ip netns add test
$ sudo podman pod create --network ns:/run/netns/test --name p1
$ sudo podman run --pod p1 --rm alpine ip a

The last command should show you an empty netns (only the lo interface)
Now run:

$ sudo ip -n test link add type dummy

and then again, this should now also include the dummy interface.

sudo podman run --pod p1 --rm alpine ip a

@bjorndown
Copy link
Contributor

I am not familiar with network namespaces, but how it looks like it is working?

$ sudo ./bin/podman  pod create --name netnspod --network ns:/var/run/netns/podman --infra-image=alpine --infra-command 'ip a'
07ce95e993abe4a34a1476be7c7c2b4a3a3fd15dbb729d120f46832b8d683076

$ sudo podman pod ls
POD ID        NAME             STATUS      CREATED         INFRA ID      # OF CONTAINERS
07ce95e993ab  netnspod         Created     7 seconds ago   d0cdc09a198e  1

$ sudo podman pod start netnspod
07ce95e993abe4a34a1476be7c7c2b4a3a3fd15dbb729d120f46832b8d683076

$ sudo podman logs d0cdc09a198e
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 16:45:c8:df:b0:b8 brd ff:ff:ff:ff:ff:ff
4: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether be:92:29:58:bf:e9 brd ff:ff:ff:ff:ff:ff

$ sudo ip -n podman a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
3: veth1@veth0: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 16:45:c8:df:b0:b8 brd ff:ff:ff:ff:ff:ff
4: veth0@veth1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether be:92:29:58:bf:e9 brd ff:ff:ff:ff:ff:ff

@bjorndown
Copy link
Contributor

@Luap99 just saw your comment. When I inspect the infra container I do indeed get that:

sudo podman inspect d0cdc09a198e | grep NetworkMode
               "NetworkMode": "ns:/var/run/netns/podman",

@Luap99
Copy link
Member

Luap99 commented Nov 2, 2022

Yes this looks good then, please open a PR. Make sure to add a test somewhere under test/e2e, you can grep for ns:/run/netns to find existing test for this with container.

@bjorndown bjorndown mentioned this issue Nov 2, 2022
Merged
bjorndown pushed a commit to bjorndown/podman that referenced this issue Nov 4, 2022
Allow namespace path network option for pods.
049a5d8 
Closes containers#16208.

Signed-off-by: Björn Mosler <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 10, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 10, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Good First Issue This issue would be a good issue for a first time contributor to undertake. kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow namespace path network option for pods. bjorndown/podman
4 participants
@bjorndown @rhatdan @webarchymeta @Luap99