Merge pull request #24535 from M1cha/network-driver-options

add support for driver-specific options during container creation
2025-10-13 01:06:10 +08:00 · 2024-11-14 09:29:44 +00:00
parent ecaf9bf515 315e7412e8
commit fa5e3b6e94
9 changed files with 73 additions and 8 deletions
--- a/docs/source/markdown/options/network.md
+++ b/docs/source/markdown/options/network.md
@ -14,6 +14,9 @@ Valid _mode_ values are:
    - **ip6=**_IPv6_: Specify a static IPv6 address for this container.
    - **mac=**_MAC_: Specify a static MAC address for this container.
    - **interface_name=**_name_: Specify a name for the created network interface inside the container.
+    - **host_interface_name=**_name_: Specify a name for the created network interface outside the container.
+
+    Any other options will be passed through to netavark without validation. This can be useful to pass arguments to netavark plugins.

    For example, to set a static ipv4 address and a static mac address, use `--network bridge:ip=10.88.0.10,mac=44:33:22:11:00:99`.

--- a/go.mod
+++ b/go.mod
@ -14,7 +14,7 @@ require (
 	github.com/checkpoint-restore/go-criu/v7 v7.2.0
 	github.com/containernetworking/plugins v1.5.1
 	github.com/containers/buildah v1.38.0
-	github.com/containers/common v0.61.0
+	github.com/containers/common v0.61.1-0.20241112152446-305e9ce69b0f
 	github.com/containers/conmon v2.0.20+incompatible
 	github.com/containers/gvisor-tap-vsock v0.8.0
 	github.com/containers/image/v5 v5.33.0
--- a/go.sum
+++ b/go.sum
@ -81,8 +81,8 @@ github.com/containernetworking/plugins v1.5.1 h1:T5ji+LPYjjgW0QM+KyrigZbLsZ8jaX+
 github.com/containernetworking/plugins v1.5.1/go.mod h1:MIQfgMayGuHYs0XdNudf31cLLAC+i242hNm6KuDGqCM=
 github.com/containers/buildah v1.38.0 h1:FmciZMwzhdcvtWj+8IE+61+lfTG2JfgrbZ2DUnEMnTE=
 github.com/containers/buildah v1.38.0/go.mod h1:tUsHC2bcgR5Q/R76qZUn7x0FRglqPFry2g5KhWfH4LI=
-github.com/containers/common v0.61.0 h1:j/84PTqZIKKYy42OEJsZmjZ4g4Kq2ERuC3tqp2yWdh4=
-github.com/containers/common v0.61.0/go.mod h1:NGRISq2vTFPSbhNqj6MLwyes4tWSlCnqbJg7R77B8xc=
+github.com/containers/common v0.61.1-0.20241112152446-305e9ce69b0f h1:K3jmJrkDJJhLnRdVFI7Gb5mv4/jb2ue9StZ2F1y2rsE=
+github.com/containers/common v0.61.1-0.20241112152446-305e9ce69b0f/go.mod h1:NGRISq2vTFPSbhNqj6MLwyes4tWSlCnqbJg7R77B8xc=
 github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
 github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
 github.com/containers/gvisor-tap-vsock v0.8.0 h1:Z8ZEWb+Lio0d+lXexONdUWT4rm9lF91vH0g3ARnMy7o=
--- a/pkg/specgen/namespaces.go
+++ b/pkg/specgen/namespaces.go
@ -482,7 +482,10 @@ func parseBridgeNetworkOptions(opts string) (types.PerNetworkOptions, error) {
 			netOpts.InterfaceName = value

 		default:
-			return netOpts, fmt.Errorf("unknown bridge network option: %s", name)
+			if netOpts.Options == nil {
+				netOpts.Options = make(map[string]string)
+			}
+			netOpts.Options[name] = value
 		}
 	}
 	return netOpts, nil
--- a/pkg/specgen/namespaces_test.go
+++ b/pkg/specgen/namespaces_test.go
@ -158,10 +158,32 @@ func TestParseNetworkFlag(t *testing.T) {
 			},
 		},
 		{
-			name:   "bridge mode with invalid option",
+			name:   "bridge mode with unknown option",
 			args:   []string{"bridge:abc=123"},
 			nsmode: Namespace{NSMode: Bridge},
-			err:    "unknown bridge network option: abc",
+			networks: map[string]types.PerNetworkOptions{
+				defaultNetName: {
+					InterfaceName: "",
+					Options: map[string]string{
+						"abc": "123",
+					},
+				},
+			},
+		},
+		{
+			name:   "bridge mode with multiple unknown options",
+			args:   []string{"bridge:abc=123,xyz=789,other=a-much-longer-value"},
+			nsmode: Namespace{NSMode: Bridge},
+			networks: map[string]types.PerNetworkOptions{
+				defaultNetName: {
+					InterfaceName: "",
+					Options: map[string]string{
+						"abc":   "123",
+						"xyz":   "789",
+						"other": "a-much-longer-value",
+					},
+				},
+			},
 		},
 		{
 			name:   "bridge mode with invalid ip",
@ -175,6 +197,19 @@ func TestParseNetworkFlag(t *testing.T) {
 			nsmode: Namespace{NSMode: Bridge},
 			err:    "address 123: invalid MAC address",
 		},
+		{
+			name:   "bridge mode with host interface name",
+			args:   []string{"bridge:host_interface_name=my-veth"},
+			nsmode: Namespace{NSMode: Bridge},
+			networks: map[string]types.PerNetworkOptions{
+				defaultNetName: {
+					InterfaceName: "",
+					Options: map[string]string{
+						"host_interface_name": "my-veth",
+					},
+				},
+			},
+		},
 		{
 			name:   "network name",
 			args:   []string{"someName"},
--- a/test/e2e/network_test.go
+++ b/test/e2e/network_test.go
@ -5,6 +5,7 @@ package integration
 import (
 	"encoding/json"
 	"fmt"
+	"net"
 	"path/filepath"
 	"time"

@ -297,6 +298,27 @@ var _ = Describe("Podman network", func() {
 		Expect(rmAll).Should(ExitCleanly())
 	})

+	It("podman run container host interface name", func() {
+		Skip("FIXME: We need netavark >= v1.14 for host interface support")
+
+		ctrName := "testCtr"
+		vethName := "my_veth" + stringid.GenerateRandomID()[:8]
+		container := podmanTest.Podman([]string{"run", "-dt", "--network", "bridge:host_interface_name=" + vethName, "--name", ctrName, ALPINE, "top"})
+		container.WaitWithDefaultTimeout()
+		Expect(container).Should(ExitCleanly())
+
+		if !isRootless() {
+			veth, err := net.InterfaceByName(vethName)
+			Expect(err).ToNot(HaveOccurred())
+			Expect(veth.Name).To(Equal(vethName))
+		} else {
+			session := podmanTest.Podman([]string{"unshare", "--rootless-netns", "ip", "link", "show", vethName})
+			session.WaitWithDefaultTimeout()
+			Expect(session).Should(ExitCleanly())
+			Expect(session.OutputToString()).To(ContainSubstring(vethName))
+		}
+	})
+
 	It("podman inspect container two CNI networks (container not running)", func() {
 		netName1 := "net1-" + stringid.GenerateRandomID()
 		network1 := podmanTest.Podman([]string{"network", "create", netName1})
--- a/vendor/github.com/containers/common/libnetwork/types/network.go
+++ b/vendor/github.com/containers/common/libnetwork/types/network.go
@ -269,6 +269,8 @@ type PerNetworkOptions struct {
 	// InterfaceName for this container. Required in the backend.
 	// Optional in the frontend. Will be filled with ethX (where X is a integer) when empty.
 	InterfaceName string `json:"interface_name"`
+	// Driver-specific options for this container.
+	Options map[string]string `json:"options,omitempty"`
 }

 // NetworkOptions for a given container.
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@ -1,4 +1,4 @@
 package version

 // Version is the version of the build.
-const Version = "0.61.0"
+const Version = "0.62.0-dev"
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -174,7 +174,7 @@ github.com/containers/buildah/pkg/sshagent
 github.com/containers/buildah/pkg/util
 github.com/containers/buildah/pkg/volumes
 github.com/containers/buildah/util
-# github.com/containers/common v0.61.0
+# github.com/containers/common v0.61.1-0.20241112152446-305e9ce69b0f
 ## explicit; go 1.22.6
 github.com/containers/common/internal
 github.com/containers/common/internal/attributedstring