in order for the fall back mechanisms to work in containernetworking-plugins, the firewall plugin must still be called via the cni configuration file. however, no backend will be specified as we will rely on cni to do the right thing.
Signed-off-by: Brent Baude <bbaude@redhat.com>
it turns out that when the firewall plugin is not provided as part of the configuration, then the firewall cni plugin will dynamically figure out if it should use firewalld or iptables.
also removing this from the default configuration file
Signed-off-by: Brent Baude <bbaude@redhat.com>
Both Podman and CRI-O set up CNI bridges with the name 'cni0'. If
both our CNI conflist and the CRI-O conflist are installed,
whoever runs first will win - that is, they will configure the
bridge, and everyone will use it. Problem: the CRI-O CNI config
conflicts with ours and results in containers with no networking.
Solution: rename our bridge so we don't conflict with CRI-O.
At the same time, hit our IPAM configuration. The current version
was an older format in danger of deprecation. The new format is
documented at [1].
Finally, fix indentation for the entire file.
[1] https://github.com/containernetworking/plugins/tree/master/plugins/ipam/host-local#example-configurations
Signed-off-by: Matthew Heon <matthew.heon@pm.me>
drop the pkg/firewall module and start using the firewall CNI plugin.
It requires an updated package for CNI plugins.
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Set up nbetworking ports for the following use cases:
* bind the same port between host and container
* bind a specific host port to a different container port
* bind a random host port to a specific container port
Signed-off-by: baude <bbaude@redhat.com>
Closes: #214
Approved by: baude
