Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simplify --net ns: syntax? #3789

Open
apostasie opened this issue Dec 23, 2024 · 4 comments
Open

Simplify --net ns: syntax? #3789

apostasie opened this issue Dec 23, 2024 · 4 comments
Assignees
@apostasie
Labels
kind/feature

Comments

@apostasie
Copy link
Contributor

What is the problem you're trying to solve

Currently, we require absolute path to the ns.

eg:

sudo nerdctl run -d --net ns:/run/netns/lepton-test busybox sleep Inf

and (of course?)

sudo nerdctl run -d --net ns:lepton-test busybox sleep Inf

... will fail.

Is there a particular reason not to allow network namespaces names instead of full path?
Put otherwise: are there cases where passing along a full path that is not under /run/netns would be required?

Describe the solution you'd like

na

Additional context

No response
@AkihiroSuda
Copy link
Member

--net ns: should be compatible with Podman; so supporting absolute paths SGTM if Podman supports them

@dancavallaro
Copy link
Contributor

I'll chime in with my 2 cents (whatever that's worth) as the original contributor of this feature.

Put otherwise: are there cases where passing along a full path that is not under /run/netns would be required?

Yes! I'll readily admit to not being an expert here, but my understanding is that storing network namespaces with names under /var/run/netns is simply a convention used by the iproute2 tools (see https://man7.org/linux/man-pages/man8/ip-netns.8.html), but network namespaces can be created at any arbitrary path. This is what we do in my use case that originally led me to contribute this feature, but for another example, consider that Docker by default stores network namespaces under /var/run/docker/netns, so supporting arbitrary paths allows you to run containers in any arbitrary netns, as was the intent.

For completeness' sake, you could always workaround this by symlinking an existing netns under a different path so that it's under /var/run/netns, and then you can use it with ip netns, but that's a bit cumbersome when we can just support arbitrary paths directly.

To touch on @AkihiroSuda's comment, Podman's equivalent feature does support arbitrary full paths: https://docs.podman.io/en/v4.4/markdown/podman-run.1.html#network-mode-net. Just to clarify, nerdctl already supports arbitrary paths, but I think @apostasie was proposing supporting named namespaces, either additionally or instead of arbitrary paths.

Between the Podman parity angle and my own selfish interests I'm against dropping support for arbitrary paths, but I don't have any particular problem with adding support for named namespaces when one is provided to ns: instead of a path.

@apostasie
Copy link
Contributor Author

That's helpful, thanks!

Yes, I am proposing supporting named namespaces.
Your clarification clearly proves that it should be in addition of explicit full path.

@apostasie
Copy link
Contributor Author

/dibs

@AkihiroSuda can you assign?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@apostasie apostasie

Labels
kind/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dancavallaro @AkihiroSuda @apostasie