Creating networks via docker #150
Comments
|
@squaremo moby/moby#13060 is only the first of a set of PR which will made in there. So the short answer is it's coming. The idea is to implement the majority of the CLI handles and remote API handlers in libnetwork itself and just hook it up to docker core with a small function. Introducing a new UI or remote API in docker needs more discussion and that's why the goal of moby/moby#13060 has been limited to modularize networking code out of docker and providing a clean interface to networking code for docker or anybody else to use. BTW, for the initial implementation of CLI handlers take a look at |
|
Also, we are currently integrating the |
|
Another requirement: the ability to add more than one network in the same invocation is quite important. Typically one interface will provide internet-in-general access, and one will be the "cluster" network (e.g., weave). |
|
@squaremo so assuming weave1 is a network created using the weave driver, you'd want |
Yes exactly. One wrinkle is that typically we'd want the bridge driver to set the default gateway, but the weave driver to provide (or at least influence) the |
|
@dave-tucker @squaremo no. I will be pushing mavenugo/docker@c0c7f37 shortly. This is based on the discussions that i followed for volumes, the idea is to introduce --network-driver instead of overloading the --net string. We need to find a way with these constraints. |
|
@mavenugo Does and expect a bridge interface as well as a weave interface? |
|
@mavenugo right, I'm not talking about overloading of |
|
If there are going to be multiple --net's, is there an idea on how to pass network labels per --net? |
|
@dave-tucker @squaremo @shettyg All are valid and reasonable questions. There are a few trade-offs to be made between simple, consistent UI & functionality. I will get back to you all later today. |
|
It hasn't been discussed here yet, but my expectation is that labels are namespaced per the docs
A driver should get passed all labels, but only respond to those in it's namespace |
Ah, but the label namespaces correspond to the driver name, rather than the network name. So if a container has two endpoints provided by the same driver, how will that driver know which labels apply to which endpoint? |
|
Prefix the label with the network name? E.g |
|
@squaremo @dave-tucker @mavenugo Is it very important to support to support multiple networks in docker run command. Also the labels in the |
@mrjana, the raciness may be important IMO. Many badly written applications will simply fail when they can't reach out to peers. So you are effectively expecting applications to be written in a way that IP reachability to a peer should always have retry logic. |
|
@shettyg I am not saying solving the raciness is not important. But it is much more important to get the UI right, otherwise it is very difficult to revert it back. |
|
@shettyg I think the race condition manifests in ways that are worse than "simply fail". E.g. if your container has a service that listens on 0.0.0.0, it will listen on all interfaces that are active at the time you do the listen; it will not add interfaces that are added later. |
It's already the case that you can add a weave interface to a container after the fact; avoiding the extra command (and the entailed race) is the primary motivation for developing a plugin. Weave needs containers to have an interface on the bridge network as_well, and for this not to be racy or require extra commands, since it's used to provide name resolution. |
|
Since endpoint creation has been separated out, would something like the following not work for anyone?
With the UUID returned by the endpoint creation (Similar syntax as --net=container:containerid):
The above only calls join() and skips createendpoint(). |
|
@shettyg There is an important difference between an endpoint that is created during |
|
@squaremo In the above case, you would call createendpoint() and join() Alternatively, In the above case, you would only call join() (According to @mrjana, labels provided to createndpoint() and join() are different, so that is another constraint with which this has to work) |
|
I believe moby/moby#13441 will address this issue, in part, but seems caught up in bikeshedding :( |
|
It looks like Solomon's 'docker run --publish-service db.work-dev' is similar to my 'docker run --endpoint=driver1:uuid' |
|
@mavenugo @dave-tucker can this issue be closed now that it is tracked under moby/moby#14593 |
|
Thanks @tomdee, closing in favour of moby/moby#14593 |
There's not much point in having the whole driver subsystem unless one can actually create a network. I don't see that as part of moby/moby#13060.
If it is a requirement to not add new commands to docker (e.g.,
docker network create), then perhaps it can be part of the syntax of the--netargument. For example,where
weaverefers to the driver, andmynetis a network created with that driver (if it doesn't already exist).The text was updated successfully, but these errors were encountered: