Current Behavior
Today's implementation assumes that at least one side of every VETH pair remains assigned to the host namespace. I.e., it is not possible to create setups like the following, where the db<--->client VETH pair between the web and postgres containers:
.-----------. .----------.
| web | | postgres |
web '--wan--db--' '--client--'
'------' '---------'
Expected Behavior
Internal VETH pairs between containers should be allowed.
Steps To Reproduce
No response
Additional information
This limitation exists because of how confd skips the setup for container interfaces in netdag_gen_iface():
|
if ((err = cni_netdag_gen_iface(net, ifname, dif, cif))) { |
|
/* error or managed by CNI/podman */ |
|
if (err > 0) |
|
err = 0; /* done, nothing more to do here */ |
|
goto err; |
|
} |
If this branch is taken for both sides, then no one will actually create the pair.
Current Behavior
Today's implementation assumes that at least one side of every VETH pair remains assigned to the host namespace. I.e., it is not possible to create setups like the following, where the
db<--->clientVETH pair between thewebandpostgrescontainers:Expected Behavior
Internal VETH pairs between containers should be allowed.
Steps To Reproduce
No response
Additional information
This limitation exists because of how
confdskips the setup for container interfaces innetdag_gen_iface():infix/src/confd/src/ietf-interfaces.c
Lines 529 to 534 in d3bfbb5
If this branch is taken for both sides, then no one will actually create the pair.