Allow user to specify container's link-local addresses#23415
Allow user to specify container's link-local addresses#23415crosbymichael merged 1 commit intomoby:masterfrom aboch:ll
Conversation
|
Why have a special option rather than recognising the link local address ranges in |
|
The regular IP addresses are accepted only on user-defined networks with configured subnets, and are maintained by the IPAM driver which ensures their uniqueness. The restriction does not need to apply to link-local addresses. Even though as you said it could just be an implementation detail to separate the twos, we want to clearly separate link-local addresses from the regular |
|
@aboch ok sounds reasonable. |
|
You can vendor in the changes to libnetwork and engine-api if you want to check the CI here. |
|
Thanks @justincormack, just re-pushed with manual vendor |
|
need rebase |
|
The test that verifies the length of the help message failed. |
|
Thanks @cpuguy83 , updated |
|
👍 |
|
This is what we are looking for as well. |
|
@aboch can you pls remove the manual vendor-in and rebase to the master ? |
container/container.go
Outdated
There was a problem hiding this comment.
Is it ok to silently ignore failures to parse here? I haven't tested, but it seems from reading the code like I could just put anything in --link-local-ip and not get any errors.
There was a problem hiding this comment.
That's true. This is the same behavior we have today for the other ip addresses.
There was a problem hiding this comment.
I am ok to validate the user specified IP addresses, but it should be done once for all the IPs and probably via a utility function that can be reused and provide a consistent error message. If you are ok with it, I am suggesting to address it as a following bug fix.
|
LGTM |
docs/reference/run.md
Outdated
There was a problem hiding this comment.
There a 1 space offset on the 'bridge' line below :-(
Signed-off-by: Alessandro Boch <[email protected]>
|
LGTM |
9 participants
Allows docker containers to fit in deployments which make use of link-local IPs to segregate and expose local host services.
Follows usage example:
Link-local IPs are special IPs which belong to a well known subnet and are purely managed by the operator, usually dependent on the architecture where they are deployed. Therefore they are not managed by docker (IPAM driver). Libnetwork will honor the request, only check they are effectively of link-local type, and program them on the container's interface.
Note: Won't build as it depends on moby/libnetwork#1228 and docker-archive-public/docker.engine-api#269. But want this PR open to start docker changes review process.Signed-off-by: Alessandro Boch [email protected]