fix: per-network static IP assignment for multi-network containers#4758
fix: per-network static IP assignment for multi-network containers#4758tariromukute wants to merge 4 commits intocontainerd:mainfrom
Conversation
|
Thanks, but please add DCO sign |
Bumps [github.com/containerd/cgroups/v3](https://github.com/containerd/cgroups) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/containerd/cgroups/releases) - [Commits](containerd/cgroups@v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: github.com/containerd/cgroups/v3 dependency-version: 3.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Tariro Mukute <18515926+tariromukute@users.noreply.github.com>
Fix issue 4753 NOTE: used Claude Code Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Signed-off-by: Tariro Mukute <18515926+tariromukute@users.noreply.github.com>
tariromukute
force-pushed
the
fix/scope-static-ip-per-network-in-cni-args
branch
from
f7ee528 to
38d88d8
Compare
I have done so, thanks. |
| commonOpts := []cni.NamespaceOpts{} | ||
| commonOpts = append(commonOpts, portMapOpts...) | ||
| commonOpts = append(commonOpts, macAddressOpts...) | ||
| commonOpts = append(commonOpts, ip6AddressOpts...) | ||
| commonOpts = append(commonOpts, | ||
| cni.WithLabels(map[string]string{ | ||
| "IgnoreUnknown": "1", | ||
| }), | ||
| cni.WithArgs("NERDCTL_CNI_DHCP_HOSTNAME", opts.state.Annotations[labels.Hostname]), | ||
| ) |
There was a problem hiding this comment.
NIT:
commonOpts is used for opts.cni.Setup, so these can be defined directly under // Legacy path: single IP (or no IP) shared across all networks.
| if len(portMappings) > 0 { | ||
| rt.CapabilityArgs["portMappings"] = portMappings | ||
| } | ||
| result, err := cniConfig.AddNetworkList(ctx, confList, rt) |
There was a problem hiding this comment.
In the new method, since AddNetworkList is called instead of Setup, the ips capability (for IPv6 static addresses) is not added to rt.CapabilityArgs, so it seems necessary to add them.
ips | Dynamically allocate IPs for container interface. Runtime which has the ability of address allocation can pass these to plugins. | ips | A list of IP (string entries). [ “10.10.0.1/24”, “3ffe:ffff:0:01ff::1/64” ] | none | CNI static plugin
3 participants
Summary
When using
nerdctl composewith services connected to multiple networks that each have a static IPv4 address (ipv4_address), all static IPs were passed to every CNI plugin via a sharedCNI_ARGS(IP=<addr>). This caused failures because each bridge plugin would attempt to allocate an IP address that belongs to a different network's subnet.This PR fixes multi-network static IP assignment by:
nerdctl/ip-per-network) instead of the single-value--ip=flag (which can only hold one IP).cnilibrarydirectly (instead of go-cni'sSetup()) to set up each network individually with:eth0,eth1,eth2, ...) — go-cni'sWithConfListBytesalways assignedeth0to separate CNI instances.CNI_ARGScontaining only the IP for that specific network.--ip=flag and the existing go-cniSetup()path.Changelog KeepA
[Fixed]:
nerdctl compose upfailing for services with static IPs (ipv4_address) on multiple networks due to all IPs being passed to every CNI plugin via sharedCNI_ARGS.eth0already exists) when setting up multiple networks individually, by usingcnilibrary.AddNetworkList/DelNetworkListdirectly with correct per-networkIfName.[Added]:
nerdctl/ip-per-networkannotation (JSON map of network name → static IPv4 address) for multi-network static IP propagation from compose to the OCI hook.cnilibrarybased per-network CNI setup and teardown functions (perNetworkAdd,perNetworkDel) with correct interface naming.Steps to Reproduce
nerdctl compose up -dExpected behaviour
Each network should only receive
IP=and interface in it's corresponding network. Creation should be successful.Actual behaviour
Both networks receive request to create the same interface and IP. See error below