Allow passing allocation subnet to docker run
#7436
Conversation
…er containers. Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
…creates, to avoid reusing the static IPs Docker-DCO-1.1-Signed-off-by: Vishnu Kannan <vishnuk@google.com> (github: vishh)
| rangeFirstInt = networkFirstInt | ||
| rangeLastInt = networkLastInt | ||
| subnetAllocatedPos = allocated.last | ||
| pos = subnetAllocatedPos - (rangeFirstInt - baseInt) // relative to the start of available addresses |
There was a problem hiding this comment.
I changed a lot of the variable names as they were extremely confusing to work with. Some of them were integers, some were IPNet, IP, etc.
I can change the names to something else if desired. Just not the originals please :-)
|
@LK4D4 I think they serve different goals, and can co-exist. updated description to include this |
|
@phemmer, Yeah, but one of us will have pretty difficult rebase :D |
|
can you please add documentation in |
|
@ashahab-altiscale that's exactly as it's supposed to behave. This feature allows you to change the IPs docker picks from, not change the IP and subnet of the container. You told it it could pick from anywhere between |
|
@SvenDowideit Documentation added. However the biggest uncertainty I have is the name of the parameter. Right now it's |
|
Just chiming in that, indeed,
Not sure what the best name would be though. |
|
Yes I realized it right after posting the comment. Great feature! @ashahab-altiscale https://github.com/ashahab-altiscale that's exactly as — |
| @@ -613,6 +617,20 @@ Docker do all of the configuration: | |||
| At this point your container should be able to perform networking | |||
| operations as usual. | |||
|
|
|||
| As mentioned briefly above, `docker run` accepts a `--ip` flag which | |||
| limits the IP pool docker will use to pick the container's IP address | |||
|
@jamtur01 docker/Docker fixed |
|
@phemmer has the decision on naming this |
|
@thaJeztah I do not know. if that discussion has been continued somewhere besides this PR, I am unaware of it. |
|
@phemmer ok, thnx. Think it might be slightly confusing and inconsistent (see my prior comment). But IANTM, just my personal view :). Apart from that, looks like a nice addition. |
|
Well to throw in my $0.02 on the conflict with the daemon's I think the daemon Also do we want to go down the route where no argument can share a name between the daemon and |
|
Re-reading the option again, Maybe someone has ideas to make that clearer. RE: "..no argument can share a name.." Please don't let my comment block merging of this PR, nothing that cannot be improved on later on! |
* commit 'a27bebc': Fixed ipallocator to record static IPs along with the dynamic IPs it creates, to avoid reusing the static IPs Adding '--ip' option to 'docker run' to let users manage IPs for docker containers. Conflicts: daemon/networkdriver/ipallocator/allocator.go runconfig/config_test.go runconfig/parse.go Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
Docker-DCO-1.1-Signed-off-by: Patrick Hemmer <patrick.hemmer@gmail.com> (github: phemmer)
|
I'm new to github, does the "all is well" status mean this will be merged to master soon? |
|
@DwayneBull no, "all well" means that all unit-tests and integration-tests passed correctly. In other words, the changes in this pull request didn't break anything that was working before. However, that doesn't mean that this PR will be merged soon, or even ever. The decision to merge PRs depends on the maintainers agreeing that the PR should be merged. Just bookmark this page to keep track on progress |
|
Ah I see. Sorry I don't know how this all works. Thank you for the information. |
|
Is this under review for merge to master? I find this to be very useful. |
|
Given that #6101 was merged, is this still valid? |
|
@DwayneBull Yup, this is per-container option. |
|
@LK4D4 So ip allocation would look like this? |
|
@DwayneBull Yes indeed |
|
For a project maintainer to take interest in it. |
|
Very much interested in this one. Any maintainer interested in reviewing it? cc @shykes
+1, |
| if ipAddr == nil { | ||
| return job.Error(fmt.Errorf("Invalid IP: %s", requestedIP)) | ||
| } | ||
| if ipAddr.To4 != nil { |
There was a problem hiding this comment.
To4 is function which can't be nil. Heh, this is like python :/
There was a problem hiding this comment.
There was a problem hiding this comment.
You compare function with nil, not its result.
|
I like this very much. But now it needs rewriting because of merging |
|
Sorry for late review.
Because of this, we are suggesting the following:
TLDR: we're closing this but a shitload of people want to implement it in a different way, and build something very important for the project in the process. You are welcome to join the fun :) |
This is an extension of PR #5829. This PR allows passing a range of addresses to
docker runfor the IP allocator to pick an address from.Example usage:
This obsoletes #5829 as you can pass a specific IP in addition to a subnet/range.
I haven't added anything in the way of documentation. I wanted to put this out in its current form and make requested changes first.
The purpose of this PR is for multi-tenant solutions, where you have multiple products or customers running on a docker host, and you want to be able to add firewall rules per customer. With this, when starting a customer's container, you could pass a subnet, and ensure that their container gets an IP that will be properly matched by a firewall rule or routing policy.
Related: #2801 #6743