Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to customize network namespace of pods #2808

Closed
pcguy85 opened this issue Mar 30, 2019 · 24 comments
Closed

Ability to customize network namespace of pods #2808

pcguy85 opened this issue Mar 30, 2019 · 24 comments
Labels
do-not-close kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue

Comments

@pcguy85
Copy link
Contributor

pcguy85 commented Mar 30, 2019

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind feature

Description

podman commands create and run provide options to customize the container's network namespace (--net, --ip, etc.). However the podman pod create command doesn't have any similar options. To my (still limited) podman knowledge the pod's network namespace configuration needs to be associated with it's infra container. Is there any way, for example, to assign a static IP address to the infra container or change the network it is connected to? Imho the ability to further customize pods' network namespace could make it easier to integrate podman with existing infrastructure.

Or is there already a way to do this? As said, my podman knowledge is still limited.
@openshift-ci-robot openshift-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 30, 2019
@rhatdan
Copy link
Member

rhatdan commented Apr 13, 2019

@pcguy85 Any chance you could open a PR to fix this?

@haircommander
Copy link
Collaborator

@rhatdan I started a fix for this but I feel like there should be larger structural changes to the infra container. We will soon end up duplicating a bunch of configuration code to set up namespaces for the infra container. I was thinking of trying to use some of the cmd/podman/shared/create code that is relevant but getting the timing and library dependencies is tricky. In other words, it's a wip :)

@baude
Copy link
Member

baude commented May 29, 2019

@rhatdan at this point, i am wondering if a blog written explicitly on this would suffice.

@rhatdan rhatdan assigned weirdwiz and unassigned haircommander May 29, 2019
@rhatdan
Copy link
Member

rhatdan commented May 29, 2019

@weirdwiz Could you take a look at this?

@rhatdan
Copy link
Member

rhatdan commented Aug 5, 2019

@weirdwiz Did you ever get a chance to look at this? @QiWang19 PTAL

@mheon
Copy link
Member

mheon commented Aug 5, 2019

Agree with @haircommander that this will probably require significant structural changes to the infra container. I would not work on this until he and I have had a chance to hash out how we want to handle that.

@haircommander
Copy link
Collaborator

haircommander commented Aug 5, 2019
edited
Loading

^ yes, I don't think it make sense to continually extend the capabilities of the infra container and further duplicate container creation code. There are tons of things we can add to pod if we change the code paths in this way

@weirdwiz
Copy link
Collaborator

weirdwiz commented Aug 6, 2019

@weirdwiz Did you ever get a chance to look at this?

I wasn't able to take a look at this.

@thmo
Copy link

thmo commented Sep 28, 2019

What is the workaround until this feature is implemented? Say, if I want to put a complete pod in a different network? (Temporarily) change the default network as configured via cni?

@vrothberg
Copy link
Member

That's what I have in mind as well. @baude might now some nice tricks?

@haircommander haircommander mentioned this issue Oct 14, 2019
Merged
5 tasks
@github-actions
Copy link

github-actions bot commented Nov 4, 2019

This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days.

@vrothberg
Copy link
Member

@baude, what's your take on the issue?

@rhatdan
Copy link
Member

rhatdan commented Nov 4, 2019

I think this is a good issue, and should be something we work on and support.
@giuseppe Would you look into it?

@giuseppe
Copy link
Member

giuseppe commented Nov 5, 2019

I think we need to address pod create issues as a bigger epic.

#3993 is a similar issue.

We need to change podman create to acces the same set of options we have for run and create and apply them to the infra container.

@giuseppe
Copy link
Member

giuseppe commented Nov 5, 2019

alternatively, we could have something like podman pod create --infra-container=EXISTING_CONTAINER_ID

Where EXISTING_CONTAINER_ID is an already configured container, that is not part of any other pod.

In this way we allow even more flexibility as the container can be customized between its create and pod create

@giuseppe giuseppe mentioned this issue Nov 5, 2019
Closed
@mheon mheon reopened this Nov 13, 2019
@mheon mheon removed the stale-issue label Nov 21, 2019
@mheon mheon reopened this Nov 21, 2019
@daledude
Copy link

daledude commented Nov 22, 2019
edited
Loading

Being able to set the network on pod create would be very useful to us. Currently creating a container with the network and then attaching each other containers network to it seems hacky. Adding network on pod create like -P seems more logical.

@github-actions
Copy link

This issue had no activity for 30 days. In the absence of activity or the "do-not-close" label, the issue will be automatically closed within 7 days.

@vrothberg
Copy link
Member

Friendly ping. @giuseppe, do you have cycles to pick this?

@giuseppe
Copy link
Member

Friendly ping. @giuseppe, do you have cycles to pick this?

I think we need to unify pod create with container create, so that we can expose all the options. Unfortunately it is not a trivial amount of work :/

@mheon
Copy link
Member

mheon commented Jan 31, 2020

We have a partial unification in the works - I'm working up cards for it. Hopefully will have (at least network) related options exposed over the next few sprints.

@mheon
Copy link
Member

mheon commented Jan 31, 2020

Long-term we're moving away from an infra container, hopefully using the work @haircommander is doing for CRI-O for that purpose

@rhatdan
Copy link
Member

rhatdan commented Feb 18, 2020

@mheon is the PR you are currently working on going to help with this or do we need to wait for pinns?

@mheon
Copy link
Member

mheon commented Feb 18, 2020

This will be handled by my PR, I'll add a link

@mheon mheon mentioned this issue Feb 18, 2020
Merged
@mheon
Copy link
Member

mheon commented Feb 18, 2020

Fixed by #5241

snj33v pushed a commit to snj33v/libpod that referenced this issue May 31, 2020
@mheon @snj33v
Add network options to podman pod create
fa49e83 
Enables most of the network-related functionality from
`podman run` in `podman pod create`. Custom CNI networks can be
specified, host networking is supported, DNS options can be
configured.

Also enables host networking in `podman play kube`.

Fixes containers#2808
Fixes containers#3837
Fixes containers#4432
Fixes containers#4718
Fixes containers#4770

Signed-off-by: Matthew Heon <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 23, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
do-not-close kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests