summaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/container_validate.go17
-rw-r--r--pkg/specgen/generate/namespaces.go38
-rw-r--r--pkg/specgen/generate/pod_create.go18
-rw-r--r--pkg/specgen/namespaces.go21
-rw-r--r--pkg/specgen/pod_validate.go20
-rw-r--r--pkg/specgen/podspecgen.go35
-rw-r--r--pkg/specgen/specgen.go24
7 files changed, 61 insertions, 112 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index caea51ea8..cae231f0e 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -29,25 +29,10 @@ func exclusiveOptions(opt1, opt2 string) error {
// Validate verifies that the given SpecGenerator is valid and satisfies required
// input for creating a container.
func (s *SpecGenerator) Validate() error {
- if rootless.IsRootless() && len(s.CNINetworks) == 0 {
- if s.StaticIP != nil || s.StaticIPv6 != nil {
- return ErrNoStaticIPRootless
- }
- if s.StaticMAC != nil {
- return ErrNoStaticMACRootless
- }
- }
-
// Containers being added to a pod cannot have certain network attributes
// associated with them because those should be on the infra container.
if len(s.Pod) > 0 && s.NetNS.NSMode == FromPod {
- if s.StaticIP != nil || s.StaticIPv6 != nil {
- return errors.Wrap(define.ErrNetworkOnPodContainer, "static ip addresses must be defined when the pod is created")
- }
- if s.StaticMAC != nil {
- return errors.Wrap(define.ErrNetworkOnPodContainer, "MAC addresses must be defined when the pod is created")
- }
- if len(s.CNINetworks) > 0 {
+ if len(s.Networks) > 0 {
return errors.Wrap(define.ErrNetworkOnPodContainer, "networks must be defined when the pod is created")
}
if len(s.PortMappings) > 0 || s.PublishExposedPorts {
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index ebdd2abd0..782156663 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -259,32 +259,28 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
if err != nil {
return nil, err
}
- if len(s.CNINetworks) == 0 {
- rtConfig, err := rt.GetConfigNoCopy()
- if err != nil {
- return nil, err
- }
- s.CNINetworks = append(s.CNINetworks, rtConfig.Network.DefaultNetwork)
- }
- networks := make(map[string]types.PerNetworkOptions, len(s.CNINetworks))
- for i, netName := range s.CNINetworks {
- opts := types.PerNetworkOptions{}
- opts.Aliases = s.Aliases[netName]
- if i == 0 {
- if s.StaticIP != nil {
- opts.StaticIPs = append(opts.StaticIPs, *s.StaticIP)
+ // if no network was specified use add the default
+ if len(s.Networks) == 0 {
+ // backwards config still allow the old cni networks list and convert to new format
+ if len(s.CNINetworks) > 0 {
+ logrus.Warn(`specgen "cni_networks" option is deprecated use the "networks" map instead`)
+ networks := make(map[string]types.PerNetworkOptions, len(s.CNINetworks))
+ for _, net := range s.CNINetworks {
+ networks[net] = types.PerNetworkOptions{}
}
- if s.StaticIPv6 != nil {
- opts.StaticIPs = append(opts.StaticIPs, *s.StaticIPv6)
+ s.Networks = networks
+ } else {
+ // no networks given but bridge is set so use default network
+ rtConfig, err := rt.GetConfigNoCopy()
+ if err != nil {
+ return nil, err
}
- if s.StaticMAC != nil {
- opts.StaticMAC = *s.StaticMAC
+ s.Networks = map[string]types.PerNetworkOptions{
+ rtConfig.Network.DefaultNetwork: {},
}
}
- networks[netName] = opts
}
-
- toReturn = append(toReturn, libpod.WithNetNS(portMappings, expose, postConfigureNetNS, "bridge", networks))
+ toReturn = append(toReturn, libpod.WithNetNS(portMappings, expose, postConfigureNetNS, "bridge", s.Networks))
}
if s.UseImageHosts {
diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 72dd249e7..0a797c571 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -218,9 +218,7 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
case specgen.Host:
logrus.Debugf("Pod will use host networking")
if len(p.InfraContainerSpec.PortMappings) > 0 ||
- p.InfraContainerSpec.StaticIP != nil ||
- p.InfraContainerSpec.StaticMAC != nil ||
- len(p.InfraContainerSpec.CNINetworks) > 0 ||
+ len(p.InfraContainerSpec.Networks) > 0 ||
p.InfraContainerSpec.NetNS.NSMode == specgen.NoNetwork {
return nil, errors.Wrapf(define.ErrInvalidArg, "cannot set host network if network-related configuration is specified")
}
@@ -234,9 +232,7 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
case specgen.NoNetwork:
logrus.Debugf("Pod will not use networking")
if len(p.InfraContainerSpec.PortMappings) > 0 ||
- p.InfraContainerSpec.StaticIP != nil ||
- p.InfraContainerSpec.StaticMAC != nil ||
- len(p.InfraContainerSpec.CNINetworks) > 0 ||
+ len(p.InfraContainerSpec.Networks) > 0 ||
p.InfraContainerSpec.NetNS.NSMode == "host" {
return nil, errors.Wrapf(define.ErrInvalidArg, "cannot disable pod network if network-related configuration is specified")
}
@@ -264,15 +260,13 @@ func MapSpec(p *specgen.PodSpecGenerator) (*specgen.SpecGenerator, error) {
if len(p.DNSSearch) > 0 {
p.InfraContainerSpec.DNSSearch = p.DNSSearch
}
- if p.StaticIP != nil {
- p.InfraContainerSpec.StaticIP = p.StaticIP
- }
- if p.StaticMAC != nil {
- p.InfraContainerSpec.StaticMAC = p.StaticMAC
- }
if p.NoManageResolvConf {
p.InfraContainerSpec.UseImageResolvConf = true
}
+ if len(p.Networks) > 0 {
+ p.InfraContainerSpec.Networks = p.Networks
+ }
+ // deprecated cni networks for api users
if len(p.CNINetworks) > 0 {
p.InfraContainerSpec.CNINetworks = p.CNINetworks
}
diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go
index bb5385ef1..121e1ecf7 100644
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@@ -6,6 +6,7 @@ import (
"strings"
"github.com/containers/common/pkg/cgroups"
+ "github.com/containers/podman/v3/libpod/network/types"
"github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/util"
"github.com/containers/storage"
@@ -271,9 +272,9 @@ func ParseUserNamespace(ns string) (Namespace, error) {
// ParseNetworkNamespace parses a network namespace specification in string
// form.
// Returns a namespace and (optionally) a list of CNI networks to join.
-func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, []string, error) {
+func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, map[string]types.PerNetworkOptions, error) {
toReturn := Namespace{}
- var cniNetworks []string
+ networks := make(map[string]types.PerNetworkOptions)
// Net defaults to Slirp on rootless
switch {
case ns == string(Slirp), strings.HasPrefix(ns, string(Slirp)+":"):
@@ -313,18 +314,22 @@ func ParseNetworkNamespace(ns string, rootlessDefaultCNI bool) (Namespace, []str
default:
// Assume we have been given a list of CNI networks.
// Which only works in bridge mode, so set that.
- cniNetworks = strings.Split(ns, ",")
+ networkList := strings.Split(ns, ",")
+ for _, net := range networkList {
+ networks[net] = types.PerNetworkOptions{}
+ }
+
toReturn.NSMode = Bridge
}
- return toReturn, cniNetworks, nil
+ return toReturn, networks, nil
}
-func ParseNetworkString(network string) (Namespace, []string, map[string][]string, error) {
+func ParseNetworkString(network string) (Namespace, map[string]types.PerNetworkOptions, map[string][]string, error) {
var networkOptions map[string][]string
parts := strings.SplitN(network, ":", 2)
- ns, cniNets, err := ParseNetworkNamespace(network, containerConfig.Containers.RootlessNetworking == "cni")
+ ns, nets, err := ParseNetworkNamespace(network, containerConfig.Containers.RootlessNetworking == "cni")
if err != nil {
return Namespace{}, nil, nil, err
}
@@ -332,9 +337,9 @@ func ParseNetworkString(network string) (Namespace, []string, map[string][]strin
if len(parts) > 1 {
networkOptions = make(map[string][]string)
networkOptions[parts[0]] = strings.Split(parts[1], ",")
- cniNets = nil
+ nets = nil
}
- return ns, cniNets, networkOptions, nil
+ return ns, nets, networkOptions, nil
}
func SetupUserNS(idmappings *storage.IDMappingOptions, userns Namespace, g *generate.Generator) (string, error) {
diff --git a/pkg/specgen/pod_validate.go b/pkg/specgen/pod_validate.go
index bca7b6dbe..32c1159c6 100644
--- a/pkg/specgen/pod_validate.go
+++ b/pkg/specgen/pod_validate.go
@@ -1,7 +1,6 @@
package specgen
import (
- "github.com/containers/podman/v3/pkg/rootless"
"github.com/containers/podman/v3/pkg/util"
"github.com/pkg/errors"
)
@@ -19,15 +18,6 @@ func exclusivePodOptions(opt1, opt2 string) error {
// Validate verifies the input is valid
func (p *PodSpecGenerator) Validate() error {
- if rootless.IsRootless() && len(p.CNINetworks) == 0 {
- if p.StaticIP != nil {
- return ErrNoStaticIPRootless
- }
- if p.StaticMAC != nil {
- return ErrNoStaticMACRootless
- }
- }
-
// PodBasicConfig
if p.NoInfra {
if len(p.InfraCommand) > 0 {
@@ -52,12 +42,6 @@ func (p *PodSpecGenerator) Validate() error {
if p.NetNS.NSMode != Default && p.NetNS.NSMode != "" {
return errors.New("NoInfra and network modes cannot be used together")
}
- if p.StaticIP != nil {
- return exclusivePodOptions("NoInfra", "StaticIP")
- }
- if p.StaticMAC != nil {
- return exclusivePodOptions("NoInfra", "StaticMAC")
- }
if len(p.DNSOption) > 0 {
return exclusivePodOptions("NoInfra", "DNSOption")
}
@@ -78,8 +62,8 @@ func (p *PodSpecGenerator) Validate() error {
if len(p.PortMappings) > 0 {
return errors.New("PortMappings can only be used with Bridge or slirp4netns networking")
}
- if len(p.CNINetworks) > 0 {
- return errors.New("CNINetworks can only be used with Bridge mode networking")
+ if len(p.Networks) > 0 {
+ return errors.New("Networks can only be used with Bridge mode networking")
}
}
if p.NoManageResolvConf {
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index 948fb990c..e59d11c0a 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -86,33 +86,26 @@ type PodNetworkConfig struct {
// Defaults to Bridge as root and Slirp as rootless.
// Mandatory.
NetNS Namespace `json:"netns,omitempty"`
- // StaticIP sets a static IP for the infra container. As the infra
- // container's network is used for the entire pod by default, this will
- // thus be a static IP for the whole pod.
- // Only available if NetNS is set to Bridge (the default for root).
- // As such, conflicts with NoInfra=true by proxy.
- // Optional.
- StaticIP *net.IP `json:"static_ip,omitempty"`
- // StaticMAC sets a static MAC for the infra container. As the infra
- // container's network is used for the entire pod by default, this will
- // thus be a static MAC for the entire pod.
- // Only available if NetNS is set to Bridge (the default for root).
- // As such, conflicts with NoInfra=true by proxy.
- // Optional.
- // swagger:strfmt string
- StaticMAC *types.HardwareAddr `json:"static_mac,omitempty"`
// PortMappings is a set of ports to map into the infra container.
// As, by default, containers share their network with the infra
// container, this will forward the ports to the entire pod.
// Only available if NetNS is set to Bridge or Slirp.
// Optional.
PortMappings []types.PortMapping `json:"portmappings,omitempty"`
- // CNINetworks is a list of CNI networks that the infra container will
- // join. As, by default, containers share their network with the infra
- // container, these networks will effectively be joined by the
- // entire pod.
- // Only available when NetNS is set to Bridge, the default for root.
- // Optional.
+ // Map of networks names ot ids the container should join to.
+ // You can request additional settings for each network, you can
+ // set network aliases, static ips, static mac address and the
+ // network interface name for this container on the specifc network.
+ // If the map is empty and the bridge network mode is set the container
+ // will be joined to the default network.
+ Networks map[string]types.PerNetworkOptions
+ // CNINetworks is a list of CNI networks to join the container to.
+ // If this list is empty, the default CNI network will be joined
+ // instead. If at least one entry is present, we will not join the
+ // default network (unless it is part of this list).
+ // Only available if NetNS is set to bridge.
+ // Optional.
+ // Deprecated: as of podman 4.0 use "Networks" instead.
CNINetworks []string `json:"cni_networks,omitempty"`
// NoManageResolvConf indicates that /etc/resolv.conf should not be
// managed by the pod. Instead, each container will create and manage a
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 0e257ad4c..e650c1966 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -394,26 +394,10 @@ type ContainerCgroupConfig struct {
// ContainerNetworkConfig contains information on a container's network
// configuration.
type ContainerNetworkConfig struct {
- // Aliases are a list of network-scoped aliases for container
- // Optional
- Aliases map[string][]string `json:"aliases"`
// NetNS is the configuration to use for the container's network
// namespace.
// Mandatory.
NetNS Namespace `json:"netns,omitempty"`
- // StaticIP is the a IPv4 address of the container.
- // Only available if NetNS is set to Bridge.
- // Optional.
- StaticIP *net.IP `json:"static_ip,omitempty"`
- // StaticIPv6 is a static IPv6 address to set in the container.
- // Only available if NetNS is set to Bridge.
- // Optional.
- StaticIPv6 *net.IP `json:"static_ipv6,omitempty"`
- // StaticMAC is a static MAC address to set in the container.
- // Only available if NetNS is set to bridge.
- // Optional.
- // swagger:strfmt string
- StaticMAC *nettypes.HardwareAddr `json:"static_mac,omitempty"`
// PortBindings is a set of ports to map into the container.
// Only available if NetNS is set to bridge or slirp.
// Optional.
@@ -434,12 +418,20 @@ type ContainerNetworkConfig struct {
// PublishExposedPorts is set.
// Optional.
Expose map[uint16]string `json:"expose,omitempty"`
+ // Map of networks names ot ids the container should join to.
+ // You can request additional settings for each network, you can
+ // set network aliases, static ips, static mac address and the
+ // network interface name for this container on the specifc network.
+ // If the map is empty and the bridge network mode is set the container
+ // will be joined to the default network.
+ Networks map[string]nettypes.PerNetworkOptions
// CNINetworks is a list of CNI networks to join the container to.
// If this list is empty, the default CNI network will be joined
// instead. If at least one entry is present, we will not join the
// default network (unless it is part of this list).
// Only available if NetNS is set to bridge.
// Optional.
+ // Deprecated: as of podman 4.0 use "Networks" instead.
CNINetworks []string `json:"cni_networks,omitempty"`
// UseImageResolvConf indicates that resolv.conf should not be managed
// by Podman, but instead sourced from the image.