Network namespace in own container
In previous blog (https://medium.com/@jain.sm/writing-your-own-linux-container-259054465bd1)we created a container with uts,pid and mount namespaces. We didn’t add the network namespace there.
In this blog we discuss how to setup network namespaces for the container.
Before that lets understand how the networking setup should work between the namespace created for the container and the host namespace.
For that we follow the following steps
1. Create a linux bridge on host
2. Create a veth pair
3. One end of veth pair is connected to the bridge
4. Other end of the bridge is connected to the network interface on the container namespace
Diagrammatically its shown below
If we revisit the program function run
We have now refactored the cmd.Run call. Reason is this
Cmd.Run is a blocking call and will block till the child process returns. In our case we want some configurations to be done on host in terms of creating the bridge, creating veth pair before child process returns. Since in our case we spin a shell the child process is not returning and we will never get an opportunity to setup the bridge and veth on host. Interestingly we have cmd.Start which returns immediately and then cmd.Wait which blocks. So we position our code of setting up
1. Bridge on host
2. Veth pair
3. Add one end of veth pair to bridge and other into network namespace
Till this activity is complete we wait via this function
Once the setup is completed we then call the cmd.Wait() function.
Executing the program gave us a network interface inside the container with 10.10.10.2 IP
Listing interfaces on host
We can see brg0 bridge interface and veth0 interface.
Now we ping from host to container to check network connectivity
In this example we used the netsetgo (https://github.com/teddyking/netsetgo) tool to configure the biridge and veth interfaces and connecting it to host bridge and container namespace.
Disclaimer : The views expressed above are personal and not of the company I work for.
