aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--cmd/podman/networks/create.go3
-rw-r--r--cmd/podman/play/kube.go1
-rw-r--r--docs/source/markdown/podman-network-create.1.md11
-rw-r--r--libpod/network/create.go138
-rw-r--r--libpod/network/create_test.go131
-rw-r--r--libpod/network/files.go1
-rw-r--r--libpod/network/netconflist.go14
-rw-r--r--libpod/network/netconflist_test.go70
-rw-r--r--pkg/api/handlers/libpod/play.go12
-rw-r--r--pkg/api/server/register_play.go4
-rw-r--r--pkg/bindings/play/play.go1
-rw-r--r--pkg/domain/entities/network.go1
-rw-r--r--pkg/domain/entities/play.go2
-rw-r--r--pkg/domain/infra/abi/play.go9
-rw-r--r--test/e2e/network_create_test.go86
-rw-r--r--test/e2e/play_kube_test.go16
-rw-r--r--test/e2e/run_networking_test.go5
17 files changed, 439 insertions, 66 deletions
diff --git a/cmd/podman/networks/create.go b/cmd/podman/networks/create.go
index 74646090d..c06011ce9 100644
--- a/cmd/podman/networks/create.go
+++ b/cmd/podman/networks/create.go
@@ -35,8 +35,7 @@ func networkCreateFlags(flags *pflag.FlagSet) {
flags.StringVar(&networkCreateOptions.MacVLAN, "macvlan", "", "create a Macvlan connection based on this device")
// TODO not supported yet
// flags.StringVar(&networkCreateOptions.IPamDriver, "ipam-driver", "", "IP Address Management Driver")
- // TODO enable when IPv6 is working
- // flags.BoolVar(&networkCreateOptions.IPV6, "IPv6", false, "enable IPv6 networking")
+ flags.BoolVar(&networkCreateOptions.IPv6, "ipv6", false, "enable IPv6 networking")
flags.IPNetVar(&networkCreateOptions.Subnet, "subnet", net.IPNet{}, "subnet in CIDR format")
flags.BoolVar(&networkCreateOptions.DisableDNS, "disable-dns", false, "disable dns plugin")
}
diff --git a/cmd/podman/play/kube.go b/cmd/podman/play/kube.go
index feb112ad7..4f34b2b76 100644
--- a/cmd/podman/play/kube.go
+++ b/cmd/podman/play/kube.go
@@ -52,6 +52,7 @@ func init() {
flags.SetNormalizeFunc(utils.AliasFlags)
flags.StringVar(&kubeOptions.CredentialsCLI, "creds", "", "`Credentials` (USERNAME:PASSWORD) to use for authenticating to a registry")
flags.StringVar(&kubeOptions.Network, "network", "", "Connect pod to CNI network(s)")
+ flags.StringVar(&kubeOptions.LogDriver, "log-driver", "", "Logging driver for the container")
flags.BoolVarP(&kubeOptions.Quiet, "quiet", "q", false, "Suppress output information when pulling images")
flags.BoolVar(&kubeOptions.TLSVerifyCLI, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries")
flags.StringVar(&kubeOptions.Authfile, "authfile", auth.GetDefaultAuthFile(), "Path of the authentication file. Use REGISTRY_AUTH_FILE environment variable to override")
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md
index 45d9d9b0b..0a7ea0586 100644
--- a/docs/source/markdown/podman-network-create.1.md
+++ b/docs/source/markdown/podman-network-create.1.md
@@ -49,6 +49,10 @@ Macvlan connection.
The subnet in CIDR notation.
+**--ipv6**
+
+Enable IPv6 (Dual Stack) networking. You must pass a IPv6 subnet. The *subnet* option must be used with the *ipv6* option.
+
## EXAMPLE
Create a network with no options
@@ -63,6 +67,13 @@ Create a network named *newnet* that uses *192.5.0.0/16* for its subnet.
/etc/cni/net.d/newnet.conflist
```
+Create an IPv6 network named *newnetv6*, you must specify the subnet for this network, otherwise the command will fail.
+For this example, we use *2001:db8::/64* for its subnet.
+```
+# podman network create --subnet 2001:db8::/64 --ipv6 newnetv6
+/etc/cni/net.d/newnetv6.conflist
+```
+
Create a network named *newnet* that uses *192.168.33.0/24* and defines a gateway as *192.168.133.3*
```
# podman network create --subnet 192.168.33.0/24 --gateway 192.168.33.3 newnet
diff --git a/libpod/network/create.go b/libpod/network/create.go
index bf11631bf..c11904ecf 100644
--- a/libpod/network/create.go
+++ b/libpod/network/create.go
@@ -15,6 +15,7 @@ import (
"github.com/pkg/errors"
)
+// Create the CNI network
func Create(name string, options entities.NetworkCreateOptions, r *libpod.Runtime) (*entities.NetworkCreateReport, error) {
var fileName string
if err := isSupportedDriver(options.Driver); err != nil {
@@ -41,60 +42,120 @@ func Create(name string, options entities.NetworkCreateOptions, r *libpod.Runtim
return &entities.NetworkCreateReport{Filename: fileName}, nil
}
+// validateBridgeOptions validate the bridge networking options
+func validateBridgeOptions(options entities.NetworkCreateOptions) error {
+ subnet := &options.Subnet
+ ipRange := &options.Range
+ gateway := options.Gateway
+ // if IPv6 is set an IPv6 subnet MUST be specified
+ if options.IPv6 && ((subnet.IP == nil) || (subnet.IP != nil && !IsIPv6(subnet.IP))) {
+ return errors.Errorf("ipv6 option requires an IPv6 --subnet to be provided")
+ }
+ // range and gateway depend on subnet
+ if subnet.IP == nil && (ipRange.IP != nil || gateway != nil) {
+ return errors.Errorf("every ip-range or gateway must have a corresponding subnet")
+ }
+
+ // if a range is given, we need to ensure it is "in" the network range.
+ if ipRange.IP != nil {
+ firstIP, err := FirstIPInSubnet(ipRange)
+ if err != nil {
+ return errors.Wrapf(err, "failed to get first IP address from ip-range")
+ }
+ lastIP, err := LastIPInSubnet(ipRange)
+ if err != nil {
+ return errors.Wrapf(err, "failed to get last IP address from ip-range")
+ }
+ if !subnet.Contains(firstIP) || !subnet.Contains(lastIP) {
+ return errors.Errorf("the ip range %s does not fall within the subnet range %s", ipRange.String(), subnet.String())
+ }
+ }
+
+ // if network is provided and if gateway is provided, make sure it is "in" network
+ if gateway != nil && !subnet.Contains(gateway) {
+ return errors.Errorf("gateway %s is not in valid for subnet %s", gateway.String(), subnet.String())
+ }
+
+ return nil
+
+}
+
// createBridge creates a CNI network
func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreateOptions) (string, error) {
isGateway := true
ipMasq := true
- subnet := &options.Subnet
- ipRange := options.Range
runtimeConfig, err := r.GetConfig()
if err != nil {
return "", err
}
- // if range is provided, make sure it is "in" network
- if subnet.IP != nil {
- // if network is provided, does it conflict with existing CNI or live networks
- err = ValidateUserNetworkIsAvailable(runtimeConfig, subnet)
- } else {
- // if no network is provided, figure out network
- subnet, err = GetFreeNetwork(runtimeConfig)
- }
+
+ // validate options
+ err = validateBridgeOptions(options)
if err != nil {
return "", err
}
+
+ // For compatibility with the docker implementation:
+ // if IPv6 is enabled (it really means dual-stack) then an IPv6 subnet has to be provided, and one free network is allocated for IPv4
+ // if IPv6 is not specified the subnet may be specified and can be either IPv4 or IPv6 (podman, unlike docker, allows IPv6 only networks)
+ // If not subnet is specified an IPv4 subnet will be allocated
+ subnet := &options.Subnet
+ ipRange := &options.Range
gateway := options.Gateway
- if gateway == nil {
- // if no gateway is provided, provide it as first ip of network
- gateway = CalcGatewayIP(subnet)
- }
- // if network is provided and if gateway is provided, make sure it is "in" network
- if options.Subnet.IP != nil && options.Gateway != nil {
- if !subnet.Contains(gateway) {
- return "", errors.Errorf("gateway %s is not in valid for subnet %s", gateway.String(), subnet.String())
+ var ipamRanges [][]IPAMLocalHostRangeConf
+ var routes []IPAMRoute
+ if subnet.IP != nil {
+ // if network is provided, does it conflict with existing CNI or live networks
+ err = ValidateUserNetworkIsAvailable(runtimeConfig, subnet)
+ if err != nil {
+ return "", err
}
- }
- if options.Internal {
- isGateway = false
- ipMasq = false
- }
-
- // if a range is given, we need to ensure it is "in" the network range.
- if options.Range.IP != nil {
- if options.Subnet.IP == nil {
- return "", errors.New("you must define a subnet range to define an ip-range")
+ // obtain CNI subnet default route
+ defaultRoute, err := NewIPAMDefaultRoute(IsIPv6(subnet.IP))
+ if err != nil {
+ return "", err
}
- firstIP, err := FirstIPInSubnet(&options.Range)
+ routes = append(routes, defaultRoute)
+ // obtain CNI range
+ ipamRange, err := NewIPAMLocalHostRange(subnet, ipRange, gateway)
if err != nil {
return "", err
}
- lastIP, err := LastIPInSubnet(&options.Range)
+ ipamRanges = append(ipamRanges, ipamRange)
+ }
+ // if no network is provided or IPv6 flag used, figure out the IPv4 network
+ if options.IPv6 || len(routes) == 0 {
+ subnetV4, err := GetFreeNetwork(runtimeConfig)
if err != nil {
return "", err
}
- if !subnet.Contains(firstIP) || !subnet.Contains(lastIP) {
- return "", errors.Errorf("the ip range %s does not fall within the subnet range %s", options.Range.String(), subnet.String())
+ // obtain IPv4 default route
+ defaultRoute, err := NewIPAMDefaultRoute(false)
+ if err != nil {
+ return "", err
}
+ routes = append(routes, defaultRoute)
+ // the CNI bridge plugin does not need to set
+ // the range or gateway options explicitly
+ ipamRange, err := NewIPAMLocalHostRange(subnetV4, nil, nil)
+ if err != nil {
+ return "", err
+ }
+ ipamRanges = append(ipamRanges, ipamRange)
+ }
+
+ // create CNI config
+ ipamConfig, err := NewIPAMHostLocalConf(routes, ipamRanges)
+ if err != nil {
+ return "", err
}
+
+ if options.Internal {
+ isGateway = false
+ ipMasq = false
+ }
+
+ // obtain host bridge name
bridgeDeviceName, err := GetFreeDeviceName(runtimeConfig)
if err != nil {
return "", err
@@ -113,20 +174,9 @@ func createBridge(r *libpod.Runtime, name string, options entities.NetworkCreate
name = bridgeDeviceName
}
+ // create CNI plugin configuration
ncList := NewNcList(name, version.Current())
var plugins []CNIPlugins
- var routes []IPAMRoute
-
- defaultRoute, err := NewIPAMDefaultRoute(IsIPv6(subnet.IP))
- if err != nil {
- return "", err
- }
- routes = append(routes, defaultRoute)
- ipamConfig, err := NewIPAMHostLocalConf(subnet, routes, ipRange, gateway)
- if err != nil {
- return "", err
- }
-
// TODO need to iron out the role of isDefaultGW and IPMasq
bridge := NewHostLocalBridge(bridgeDeviceName, isGateway, false, ipMasq, ipamConfig)
plugins = append(plugins, bridge)
diff --git a/libpod/network/create_test.go b/libpod/network/create_test.go
new file mode 100644
index 000000000..16188e497
--- /dev/null
+++ b/libpod/network/create_test.go
@@ -0,0 +1,131 @@
+package network
+
+import (
+ "net"
+ "testing"
+
+ "github.com/containers/podman/v2/pkg/domain/entities"
+)
+
+func Test_validateBridgeOptions(t *testing.T) {
+
+ tests := []struct {
+ name string
+ subnet net.IPNet
+ ipRange net.IPNet
+ gateway net.IP
+ isIPv6 bool
+ wantErr bool
+ }{
+ {
+ name: "IPv4 subnet only",
+ subnet: net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ },
+ {
+ name: "IPv4 subnet and range",
+ subnet: net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ ipRange: net.IPNet{IP: net.IPv4(192, 168, 0, 128), Mask: net.IPv4Mask(255, 255, 255, 128)},
+ },
+ {
+ name: "IPv4 subnet and gateway",
+ subnet: net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ gateway: net.ParseIP("192.168.0.10"),
+ },
+ {
+ name: "IPv4 subnet, range and gateway",
+ subnet: net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ ipRange: net.IPNet{IP: net.IPv4(192, 168, 0, 128), Mask: net.IPv4Mask(255, 255, 255, 128)},
+ gateway: net.ParseIP("192.168.0.10"),
+ },
+ {
+ name: "IPv6 subnet only",
+ subnet: net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ },
+ {
+ name: "IPv6 subnet and range",
+ subnet: net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ ipRange: net.IPNet{IP: net.ParseIP("2001:DB8:0:0:1::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff:ffff::"))},
+ isIPv6: true,
+ },
+ {
+ name: "IPv6 subnet and gateway",
+ subnet: net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ gateway: net.ParseIP("2001:DB8::2"),
+ isIPv6: true,
+ },
+ {
+ name: "IPv6 subnet, range and gateway",
+ subnet: net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ ipRange: net.IPNet{IP: net.ParseIP("2001:DB8:0:0:1::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff:ffff::"))},
+ gateway: net.ParseIP("2001:DB8::2"),
+ isIPv6: true,
+ },
+ {
+ name: "IPv6 subnet, range and gateway without IPv6 option (PODMAN SUPPORTS IT UNLIKE DOCKEr)",
+ subnet: net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ ipRange: net.IPNet{IP: net.ParseIP("2001:DB8:0:0:1::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff:ffff::"))},
+ gateway: net.ParseIP("2001:DB8::2"),
+ isIPv6: false,
+ },
+ {
+ name: "range provided but not subnet",
+ ipRange: net.IPNet{IP: net.IPv4(192, 168, 0, 128), Mask: net.IPv4Mask(255, 255, 255, 128)},
+ wantErr: true,
+ },
+ {
+ name: "gateway provided but not subnet",
+ gateway: net.ParseIP("192.168.0.10"),
+ wantErr: true,
+ },
+ {
+ name: "IPv4 subnet but IPv6 required",
+ subnet: net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ ipRange: net.IPNet{IP: net.IPv4(192, 168, 0, 128), Mask: net.IPv4Mask(255, 255, 255, 128)},
+ gateway: net.ParseIP("192.168.0.10"),
+ isIPv6: true,
+ wantErr: true,
+ },
+ {
+ name: "IPv6 required but IPv4 options used",
+ subnet: net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ ipRange: net.IPNet{IP: net.IPv4(192, 168, 0, 128), Mask: net.IPv4Mask(255, 255, 255, 128)},
+ gateway: net.ParseIP("192.168.0.10"),
+ isIPv6: true,
+ wantErr: true,
+ },
+ {
+ name: "IPv6 required but not subnet provided",
+ isIPv6: true,
+ wantErr: true,
+ },
+ {
+ name: "range out of the subnet",
+ subnet: net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ ipRange: net.IPNet{IP: net.ParseIP("2001:1:1::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff:ffff::"))},
+ gateway: net.ParseIP("2001:DB8::2"),
+ isIPv6: true,
+ wantErr: true,
+ },
+ {
+ name: "gateway out of the subnet",
+ subnet: net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ gateway: net.ParseIP("2001::2"),
+ isIPv6: true,
+ wantErr: true,
+ },
+ }
+ for _, tt := range tests {
+ tt := tt
+ t.Run(tt.name, func(t *testing.T) {
+ options := entities.NetworkCreateOptions{
+ Subnet: tt.subnet,
+ Range: tt.ipRange,
+ Gateway: tt.gateway,
+ IPv6: tt.isIPv6,
+ }
+ if err := validateBridgeOptions(options); (err != nil) != tt.wantErr {
+ t.Errorf("validateBridgeOptions() error = %v, wantErr %v", err, tt.wantErr)
+ }
+ })
+ }
+}
diff --git a/libpod/network/files.go b/libpod/network/files.go
index a2090491f..846e5c62d 100644
--- a/libpod/network/files.go
+++ b/libpod/network/files.go
@@ -14,6 +14,7 @@ import (
"github.com/pkg/errors"
)
+// GetCNIConfDir get CNI configuration directory
func GetCNIConfDir(configArg *config.Config) string {
if len(configArg.Network.NetworkConfigDir) < 1 {
dc, err := config.DefaultConfig()
diff --git a/libpod/network/netconflist.go b/libpod/network/netconflist.go
index 8187fdb39..b95980529 100644
--- a/libpod/network/netconflist.go
+++ b/libpod/network/netconflist.go
@@ -42,8 +42,7 @@ func NewHostLocalBridge(name string, isGateWay, isDefaultGW, ipMasq bool, ipamCo
}
// NewIPAMHostLocalConf creates a new IPAMHostLocal configfuration
-func NewIPAMHostLocalConf(subnet *net.IPNet, routes []IPAMRoute, ipRange net.IPNet, gw net.IP) (IPAMHostLocalConf, error) {
- var ipamRanges [][]IPAMLocalHostRangeConf
+func NewIPAMHostLocalConf(routes []IPAMRoute, ipamRanges [][]IPAMLocalHostRangeConf) (IPAMHostLocalConf, error) {
ipamConf := IPAMHostLocalConf{
PluginType: "host-local",
Routes: routes,
@@ -51,22 +50,19 @@ func NewIPAMHostLocalConf(subnet *net.IPNet, routes []IPAMRoute, ipRange net.IPN
//ResolveConf: "",
//DataDir: ""
}
- IPAMRange, err := newIPAMLocalHostRange(subnet, &ipRange, &gw)
- if err != nil {
- return ipamConf, err
- }
- ipamRanges = append(ipamRanges, IPAMRange)
+
ipamConf.Ranges = ipamRanges
return ipamConf, nil
}
-func newIPAMLocalHostRange(subnet *net.IPNet, ipRange *net.IPNet, gw *net.IP) ([]IPAMLocalHostRangeConf, error) { //nolint:interfacer
+// NewIPAMLocalHostRange create a new IPAM range
+func NewIPAMLocalHostRange(subnet *net.IPNet, ipRange *net.IPNet, gw net.IP) ([]IPAMLocalHostRangeConf, error) { //nolint:interfacer
var ranges []IPAMLocalHostRangeConf
hostRange := IPAMLocalHostRangeConf{
Subnet: subnet.String(),
}
// an user provided a range, we add it here
- if ipRange.IP != nil {
+ if ipRange != nil && ipRange.IP != nil {
first, err := FirstIPInSubnet(ipRange)
if err != nil {
return nil, err
diff --git a/libpod/network/netconflist_test.go b/libpod/network/netconflist_test.go
index 5893bf985..6bf1a9777 100644
--- a/libpod/network/netconflist_test.go
+++ b/libpod/network/netconflist_test.go
@@ -1,6 +1,7 @@
package network
import (
+ "net"
"reflect"
"testing"
)
@@ -36,3 +37,72 @@ func TestNewIPAMDefaultRoute(t *testing.T) {
})
}
}
+
+func TestNewIPAMLocalHostRange(t *testing.T) {
+ tests := []struct {
+ name string
+ subnet *net.IPNet
+ ipRange *net.IPNet
+ gw net.IP
+ want []IPAMLocalHostRangeConf
+ }{
+ {
+ name: "IPv4 subnet",
+ subnet: &net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ want: []IPAMLocalHostRangeConf{
+ {
+ Subnet: "192.168.0.0/24",
+ },
+ },
+ },
+ {
+ name: "IPv4 subnet, range and gateway",
+ subnet: &net.IPNet{IP: net.IPv4(192, 168, 0, 0), Mask: net.IPv4Mask(255, 255, 255, 0)},
+ ipRange: &net.IPNet{IP: net.IPv4(192, 168, 0, 128), Mask: net.IPv4Mask(255, 255, 255, 128)},
+ gw: net.ParseIP("192.168.0.10"),
+ want: []IPAMLocalHostRangeConf{
+ {
+ Subnet: "192.168.0.0/24",
+ RangeStart: "192.168.0.129",
+ RangeEnd: "192.168.0.255",
+ Gateway: "192.168.0.10",
+ },
+ },
+ },
+ {
+ name: "IPv6 subnet",
+ subnet: &net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ want: []IPAMLocalHostRangeConf{
+ {
+ Subnet: "2001:db8::/48",
+ },
+ },
+ },
+ {
+ name: "IPv6 subnet, range and gateway",
+ subnet: &net.IPNet{IP: net.ParseIP("2001:DB8::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff::"))},
+ ipRange: &net.IPNet{IP: net.ParseIP("2001:DB8:1:1::"), Mask: net.IPMask(net.ParseIP("ffff:ffff:ffff:ffff::"))},
+ gw: net.ParseIP("2001:DB8::2"),
+ want: []IPAMLocalHostRangeConf{
+ {
+ Subnet: "2001:db8::/48",
+ RangeStart: "2001:db8:1:1::1",
+ RangeEnd: "2001:db8:1:1:ffff:ffff:ffff:ffff",
+ Gateway: "2001:db8::2",
+ },
+ },
+ },
+ }
+ for _, tt := range tests {
+ tt := tt
+ t.Run(tt.name, func(t *testing.T) {
+ got, err := NewIPAMLocalHostRange(tt.subnet, tt.ipRange, tt.gw)
+ if err != nil {
+ t.Errorf("no error expected: %v", err)
+ }
+ if !reflect.DeepEqual(got, tt.want) {
+ t.Errorf("NewIPAMLocalHostRange() = %v, want %v", got, tt.want)
+ }
+ })
+ }
+}
diff --git a/pkg/api/handlers/libpod/play.go b/pkg/api/handlers/libpod/play.go
index b81bc9d6b..0c7a6e19d 100644
--- a/pkg/api/handlers/libpod/play.go
+++ b/pkg/api/handlers/libpod/play.go
@@ -22,6 +22,7 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
query := struct {
Network string `schema:"reference"`
TLSVerify bool `schema:"tlsVerify"`
+ LogDriver string `schema:"logDriver"`
}{
TLSVerify: true,
}
@@ -62,11 +63,12 @@ func PlayKube(w http.ResponseWriter, r *http.Request) {
containerEngine := abi.ContainerEngine{Libpod: runtime}
options := entities.PlayKubeOptions{
- Authfile: authfile,
- Username: username,
- Password: password,
- Network: query.Network,
- Quiet: true,
+ Authfile: authfile,
+ Username: username,
+ Password: password,
+ Network: query.Network,
+ Quiet: true,
+ LogDriver: query.LogDriver,
}
if _, found := r.URL.Query()["tlsVerify"]; found {
options.SkipTLSVerify = types.NewOptionalBool(!query.TLSVerify)
diff --git a/pkg/api/server/register_play.go b/pkg/api/server/register_play.go
index 9b27f36e4..e41f8311d 100644
--- a/pkg/api/server/register_play.go
+++ b/pkg/api/server/register_play.go
@@ -25,6 +25,10 @@ func (s *APIServer) registerPlayHandlers(r *mux.Router) error {
// type: boolean
// default: true
// description: Require HTTPS and verify signatures when contacting registries.
+ // - in: query
+ // name: logDriver
+ // type: string
+ // description: Logging driver for the containers in the pod.
// - in: body
// name: request
// description: Kubernetes YAML file.
diff --git a/pkg/bindings/play/play.go b/pkg/bindings/play/play.go
index ffaee3208..8af3b8fb1 100644
--- a/pkg/bindings/play/play.go
+++ b/pkg/bindings/play/play.go
@@ -28,6 +28,7 @@ func Kube(ctx context.Context, path string, options entities.PlayKubeOptions) (*
params := url.Values{}
params.Set("network", options.Network)
+ params.Set("logDriver", options.LogDriver)
if options.SkipTLSVerify != types.OptionalBoolUndefined {
params.Set("tlsVerify", strconv.FormatBool(options.SkipTLSVerify == types.OptionalBoolTrue))
}
diff --git a/pkg/domain/entities/network.go b/pkg/domain/entities/network.go
index 0bab672a7..3cc970531 100644
--- a/pkg/domain/entities/network.go
+++ b/pkg/domain/entities/network.go
@@ -42,6 +42,7 @@ type NetworkCreateOptions struct {
MacVLAN string
Range net.IPNet
Subnet net.IPNet
+ IPv6 bool
}
// NetworkCreateReport describes a created network for the cli
diff --git a/pkg/domain/entities/play.go b/pkg/domain/entities/play.go
index 356e6869d..7e4afcc28 100644
--- a/pkg/domain/entities/play.go
+++ b/pkg/domain/entities/play.go
@@ -26,6 +26,8 @@ type PlayKubeOptions struct {
SeccompProfileRoot string
// ConfigMaps - slice of pathnames to kubernetes configmap YAMLs.
ConfigMaps []string
+ // LogDriver for the container. For example: journald
+ LogDriver string
}
// PlayKubePod represents a single pod and associated containers created by play kube
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index fbba00984..317eac6d5 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -351,7 +351,8 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
if err != nil {
return nil, err
}
- conf, err := kubeContainerToCreateConfig(ctx, container, newImage, namespaces, volumes, pod.ID(), podName, podInfraID, configMaps, seccompPaths)
+
+ conf, err := kubeContainerToCreateConfig(ctx, container, newImage, namespaces, volumes, pod.ID(), podName, podInfraID, configMaps, seccompPaths, options.LogDriver)
if err != nil {
return nil, err
}
@@ -464,7 +465,7 @@ func setupSecurityContext(securityConfig *createconfig.SecurityConfig, userConfi
}
// kubeContainerToCreateConfig takes a v1.Container and returns a createconfig describing a container
-func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, newImage *image.Image, namespaces map[string]string, volumes map[string]string, podID, podName, infraID string, configMaps []v1.ConfigMap, seccompPaths *kubeSeccompPaths) (*createconfig.CreateConfig, error) {
+func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container, newImage *image.Image, namespaces map[string]string, volumes map[string]string, podID, podName, infraID string, configMaps []v1.ConfigMap, seccompPaths *kubeSeccompPaths, logDriver string) (*createconfig.CreateConfig, error) {
var (
containerConfig createconfig.CreateConfig
pidConfig createconfig.PidConfig
@@ -593,6 +594,10 @@ func kubeContainerToCreateConfig(ctx context.Context, containerYAML v1.Container
containerConfig.User = userConfig
containerConfig.Security = securityConfig
+ if logDriver != "" {
+ containerConfig.LogDriver = logDriver
+ }
+
annotations := make(map[string]string)
if infraID != "" {
annotations[ann.SandboxID] = infraID
diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
index 21f03901b..cb997d10a 100644
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -177,8 +177,7 @@ var _ = Describe("Podman network create", func() {
})
It("podman network create with name and IPv6 subnet", func() {
- SkipIfRootless("FIXME I believe this should work in rootlessmode")
-
+ SkipIfRootless("FIXME It needs the ip6tables modules loaded")
var (
results []network.NcList
)
@@ -218,12 +217,72 @@ var _ = Describe("Podman network create", func() {
Expect(subnet.Contains(containerIP)).To(BeTrue())
})
+ It("podman network create with name and IPv6 flag (dual-stack)", func() {
+ SkipIfRootless("FIXME It needs the ip6tables modules loaded")
+ var (
+ results []network.NcList
+ )
+ nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:3:2:1::/64", "--ipv6", "newDualStacknetwork"})
+ nc.WaitWithDefaultTimeout()
+ Expect(nc.ExitCode()).To(BeZero())
+
+ defer podmanTest.removeCNINetwork("newDualStacknetwork")
+
+ // Inspect the network configuration
+ inspect := podmanTest.Podman([]string{"network", "inspect", "newDualStacknetwork"})
+ inspect.WaitWithDefaultTimeout()
+
+ // JSON the network configuration into something usable
+ err := json.Unmarshal([]byte(inspect.OutputToString()), &results)
+ Expect(err).To(BeNil())
+ result := results[0]
+ Expect(result["name"]).To(Equal("newDualStacknetwork"))
+
+ // JSON the bridge info
+ bridgePlugin, err := genericPluginsToBridge(result["plugins"], "bridge")
+ Expect(err).To(BeNil())
+ Expect(bridgePlugin.IPAM.Routes[0].Dest).To(Equal("::/0"))
+ Expect(bridgePlugin.IPAM.Routes[1].Dest).To(Equal("0.0.0.0/0"))
+
+ // Once a container executes a new network, the nic will be created. We should clean those up
+ // best we can
+ defer removeNetworkDevice(bridgePlugin.BrName)
+
+ try := podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | grep global | awk ' /inet6 / {print $2}'"})
+ try.WaitWithDefaultTimeout()
+
+ _, subnet, err := net.ParseCIDR("fd00:4:3:2:1::/64")
+ Expect(err).To(BeNil())
+ containerIP, _, err := net.ParseCIDR(try.OutputToString())
+ Expect(err).To(BeNil())
+ // Ensure that the IP the container got is within the subnet the user asked for
+ Expect(subnet.Contains(containerIP)).To(BeTrue())
+ // verify the container has an IPv4 address too (the IPv4 subnet is autogenerated)
+ try = podmanTest.Podman([]string{"run", "-it", "--rm", "--network", "newDualStacknetwork", ALPINE, "sh", "-c", "ip addr show eth0 | awk ' /inet / {print $2}'"})
+ try.WaitWithDefaultTimeout()
+ containerIP, _, err = net.ParseCIDR(try.OutputToString())
+ Expect(err).To(BeNil())
+ Expect(containerIP.To4()).To(Not(BeNil()))
+ })
+
It("podman network create with invalid subnet", func() {
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/17000", "fail"})
nc.WaitWithDefaultTimeout()
Expect(nc).To(ExitWithError())
})
+ It("podman network create with ipv4 subnet and ipv6 flag", func() {
+ nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.12.0/24", "--ipv6", "fail"})
+ nc.WaitWithDefaultTimeout()
+ Expect(nc).To(ExitWithError())
+ })
+
+ It("podman network create with empty subnet and ipv6 flag", func() {
+ nc := podmanTest.Podman([]string{"network", "create", "--ipv6", "fail"})
+ nc.WaitWithDefaultTimeout()
+ Expect(nc).To(ExitWithError())
+ })
+
It("podman network create with invalid IP", func() {
nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.0/17000", "fail"})
nc.WaitWithDefaultTimeout()
@@ -247,6 +306,29 @@ var _ = Describe("Podman network create", func() {
Expect(ncFail).To(ExitWithError())
})
+ It("podman network create two networks with same subnet should fail", func() {
+ nc := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet1"})
+ nc.WaitWithDefaultTimeout()
+ Expect(nc.ExitCode()).To(BeZero())
+ defer podmanTest.removeCNINetwork("subnet1")
+
+ ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "10.11.13.0/24", "subnet2"})
+ ncFail.WaitWithDefaultTimeout()
+ Expect(ncFail).To(ExitWithError())
+ })
+
+ It("podman network create two IPv6 networks with same subnet should fail", func() {
+ SkipIfRootless("FIXME It needs the ip6tables modules loaded")
+ nc := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet1v6"})
+ nc.WaitWithDefaultTimeout()
+ Expect(nc.ExitCode()).To(BeZero())
+ defer podmanTest.removeCNINetwork("subnet1v6")
+
+ ncFail := podmanTest.Podman([]string{"network", "create", "--subnet", "fd00:4:4:4:4::/64", "--ipv6", "subnet2v6"})
+ ncFail.WaitWithDefaultTimeout()
+ Expect(ncFail).To(ExitWithError())
+ })
+
It("podman network create with invalid network name", func() {
nc := podmanTest.Podman([]string{"network", "create", "foo "})
nc.WaitWithDefaultTimeout()
diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go
index 1d683e987..6db5de9d0 100644
--- a/test/e2e/play_kube_test.go
+++ b/test/e2e/play_kube_test.go
@@ -1466,4 +1466,20 @@ MemoryReservation: {{ .HostConfig.MemoryReservation }}`})
Expect(kube.ExitCode()).To(Equal(125))
Expect(kube.ErrorToString()).To(ContainSubstring(invalidImageName))
})
+
+ It("podman play kube applies log driver to containers", func() {
+ Skip("need to verify images have correct packages for journald")
+ pod := getPod()
+ err := generateKubeYaml("pod", pod, kubeYaml)
+ Expect(err).To(BeNil())
+
+ kube := podmanTest.Podman([]string{"play", "kube", "--log-driver", "journald", kubeYaml})
+ kube.WaitWithDefaultTimeout()
+ Expect(kube.ExitCode()).To(Equal(0))
+
+ inspect := podmanTest.Podman([]string{"inspect", getCtrNameInPod(pod), "--format", "'{{ .HostConfig.LogConfig.Type }}'"})
+ inspect.WaitWithDefaultTimeout()
+ Expect(inspect.ExitCode()).To(Equal(0))
+ Expect(inspect.OutputToString()).To(ContainSubstring("journald"))
+ })
})
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index a3cc352b1..e9c1bab21 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -6,6 +6,7 @@ import (
"strings"
. "github.com/containers/podman/v2/test/utils"
+ "github.com/containers/storage/pkg/stringid"
. "github.com/onsi/ginkgo"
. "github.com/onsi/gomega"
"github.com/uber/jaeger-client-go/utils"
@@ -601,11 +602,11 @@ var _ = Describe("Podman run networking", func() {
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).To(BeZero())
- net := "dnsNetTest"
+ net := "IntTest" + stringid.GenerateNonCryptoID()
session = podmanTest.Podman([]string{"network", "create", net})
session.WaitWithDefaultTimeout()
- Expect(session.ExitCode()).To(BeZero())
defer podmanTest.removeCNINetwork(net)
+ Expect(session.ExitCode()).To(BeZero())
pod2 := "testpod2"
session = podmanTest.Podman([]string{"pod", "create", "--network", net, "--name", pod2})