Support IPv6 for nerdctl network #1558
Conversation
|
this may inspire you https://github.com/containerd/nerdctl/pull/127/files :-D |
|
@containerd/nerdctl-maintainers Hey guys I'm encountering issues. The CI cannot pass when allocating the IPv6 address but test cases work well locally on my laptop. Later @Zheaoli figured out that the problem is lacking IPv6 support in test runners. And I reproduced the scene on the local host after disabling IPv6 support and confirmed that. The matter is that GHA seems not to support IPv6 on test runners yet (and not going to) according to actions/runner-images#668. Any ideas? |
|
Blocked by lacking IPv6 test support. There is proposal #2031 |
I think we can merge this PR without CI as an experimental feature. |
the runners support IPv6 , you can run IPv6 internally in the machine, we have CI on kind running ipv6 only clusters. What is not supported is IPv6 connectivity, the runners can not communicate externally with IPv6 |
|
can you rebase and push again the PR to take a look at the logs of the failures? |
|
Great thanks to @Zheaoli for being my copilot and helping to solve the IPv6 permission problem. 👏🏻 Done rebasing.
Fine. I will take a look later today (UTC+8). |
|
it is a permissions problem it looks like a permission problems , I can't remember now but I think that you may need to tune a bit more the way you run the tests inside the container nerdctl/.github/workflows/test.yml Line 105 in ce742c9 kind runs something like and it runs and creates bridges inside kind nodes in github CI https://github.com/aojea/kindnet/blob/master/.github/workflows/e2e.yml#L63-L66 , so it is definitively possible |
| @@ -200,6 +239,8 @@ jobs: | |||
| sudo apt-get install -y expect | |||
| - name: "Ensure that the integration test suite is compatible with Docker" | |||
| run: go test -timeout 20m -v -exec sudo ./cmd/nerdctl/... -args -test.target=docker -test.kill-daemon | |||
| - name: "Ensure that the IPv6 integration test suite is compatible with Docker" | |||
| run: go test -timeout 20m -v -exec sudo ./cmd/nerdctl/... -args -test.target=docker -test.kill-daemon -test.ipv6 | |||
There was a problem hiding this comment.
Doesn't this need reconfiguring sysctl and /etc/docker/daemon.json ?
There was a problem hiding this comment.
No. Fun fact 😂
When the parameter --test.ipv6 is enabled, those non-IPv6 tests will not run. I do this because when it comes to nerdctl, IPv6 and non-IPv6 tests can not run together. (integration-tests-ipv6 uses host network that results in some problems with non-IPv6 tests. This may caused by running nerdctl tests nested inside docker and qemu).
I'd like to take your advice if there is a better idea.
There was a problem hiding this comment.
Somehow the integration-tests-ipv6 fails to run nested inside docker and qemu, despite sysctl and daemon being configured. Later @Zheaoli figured out a solution by using network=host to run it successfully. However, this leads to non-IPv6 test failure. So I have to separate the IPv6 test.
There was a problem hiding this comment.
hmm, it should be able to run nested, but nested networks are complex and hard to debug, maybe you are missing certain sysctl or something, who knows
| - name: "Register QEMU (tonistiigi/binfmt)" | ||
| run: docker run --privileged --rm tonistiigi/binfmt --install all | ||
| - name: "Run integration tests" | ||
| run: docker run --network host -t --rm --privileged test-integration-ipv6 |
There was a problem hiding this comment.
Please add a comment to explain why we need (and why we can safely(?) use) --network host
Co-authored-by: Zheao Li <me@manjusaka.me> Signed-off-by: Hanchin Hsieh <me@yuchanns.xyz>
|
Thanks @yuchanns @AkihiroSuda |
Hanchin Hsieh (yuchanns) served as a Reviewer of nerdctl from November 2022 to June 2024. Hanchin has made significant contributions such as the addition of syslog driver (containerd#1377) and IPv6 networking (containerd#1558). We show our huge appreciation to Hanchin. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Fix #1547
FYI: cni-ipam
Tasks:
network createcommand.--ip6argument for thecontainer runcommand.Signed-off-by: Hanchin Hsieh me@yuchanns.xyz
Co-authored-by: Zheao Li me@manjusaka.me