Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support container network aliases #7870

Closed
tmds opened this issue Oct 1, 2020 · 19 comments
Closed

support container network aliases #7870

tmds opened this issue Oct 1, 2020 · 19 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@tmds
Copy link
Contributor

tmds commented Oct 1, 2020

Allow to set network aliases for containers.

Either providing the alias on docker run:

docker run --name container1 --network network1 --network-alias alias1 --network-alias alias2 <image>

Or providing the alias post docker run:

network connect --alias alias1 --alias alias2 network1 container1
@rhatdan rhatdan added the kind/feature Categorizes issue or PR as related to a new feature. label Oct 1, 2020
@rhatdan
Copy link
Member

rhatdan commented Oct 1, 2020

@baude This looks like something that the dns-CNI PLugin would need to handle?

@baude
Copy link
Member

baude commented Oct 1, 2020

nope, i dont think so. in fact, i dont think we can do this with our current container architecture. @mheon do I remember that correctly?

@mheon
Copy link
Member

mheon commented Oct 1, 2020

I think we can but it would be a fair amount of effort to get it working - maybe a week or two of time for me or someone else who knows the network code well.

@mheon
Copy link
Member

mheon commented Oct 1, 2020

Also, there's going to be an unavoidable connection drop when we do add the new network, I think (we basically need to have CNI tear down and then recreate the network)

@tmds
Copy link
Contributor Author

tmds commented Oct 2, 2020

My use for podman network connect is to be able to pass an --alias.
docker also supports it via a --network-alias argument on the run command.
@mheon probably this is simpler to implement? Should I change this issue for adding that argument to podman?

@mheon
Copy link
Member

mheon commented Oct 2, 2020

I would say that aliases are more difficult to implement than network connect right now (still possible, but probably a good sprint worth of work to implement)

@rhatdan
Copy link
Member

rhatdan commented Oct 2, 2020

Of course if the community wanted to work on a PR, we would love to see it.

@tmds
Copy link
Contributor Author

tmds commented Oct 5, 2020

Without podman network connect --alias, or podman run --network-alias all container dns names share the same namespace. It is not possible to use the same network name for containers that live on different networks, because they clash as container names.

@rhatdan I hope someone takes this on, unfortunately I can't volunteer because I don't speak any go.

@mheon
Copy link
Member

mheon commented Oct 5, 2020

Are you sure about that? I'm fairly certain that we run per-network DNS instances, so we effectively namespace container names by the network they're attached to? @baude can confirm.

@tmds
Copy link
Contributor Author

tmds commented Oct 5, 2020

The clash is at the container name level:

$ podman network create net1
$ podman network create net2
$ podman run --rm -d --name name1 --network net1 busybox sleep 10
$ podman run --rm --name name1 --network net2 busybox sleep 10
Error: error creating container storage: the container name "name1" is already in use by "650f7d2d299dfe23d05e5f1a2cadc4230841fd33eec5bae3d9be9da05d2b1ee3". You have to remove that container to be able to reuse that name.: that name is already in use

@rhatdan
Copy link
Member

rhatdan commented Oct 6, 2020

Would --hostname fix this?

@tmds
Copy link
Contributor Author

tmds commented Oct 6, 2020

Would --hostname fix this?

I tried that. This sets the hostname for the host itself. It isn't added as a name to the DNS so other containers can resolve it.

@tmds
Copy link
Contributor Author

tmds commented Oct 7, 2020

For my use-case either of these could work:

Providing the alias on docker run:

docker run --name container1 --network network1 --network-alias alias1 --network-alias alias2 <image>

Providing the alias post docker run:

network connect --alias alias1 --alias alias2 network1 container1

@tmds tmds changed the title support 'podman network connect' command support container network aliases Oct 12, 2020
@mheon
Copy link
Member

mheon commented Nov 10, 2020

This is being worked on now by myself and @baude

@baude
Copy link
Member

baude commented Nov 10, 2020

merged upstream today ... closing

@baude baude closed this as completed Nov 10, 2020
@tmds
Copy link
Contributor Author

tmds commented Dec 10, 2020

@mheon I'm trying this out. Is it supposed to work rootless? That's how I want to use it.
If it doesn't: should I create a new issue for that?

I have:

podman.x86_64                                          2:2.2.1-1.fc32                         @updates-testing                                  

And this doesn't work for me (unless when I run it as root).

podman network create mynetwork
podman run --rm -d --network mynetwork --network-alias alias1 alpine sleep 10
podman run --rm --network mynetwork alpine ping alias1

@mheon
Copy link
Member

mheon commented Dec 10, 2020

Rootless needs an upgrade to the CNI infra image - we're discussing changes to said image right now (moving towards using content from the host, so you wouldn't need to upgrade the infra container when you upgraded CNI and dnsname). So this is root-only for now while we build a better way to handle it as rootless.

@tmds
Copy link
Contributor Author

tmds commented Dec 10, 2020

Is there an issue that I can follow to know when this may work rootless?

@mheon
Copy link
Member

mheon commented Dec 10, 2020

#8585

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

No branches or pull requests

4 participants