Create containers with initial network attachments#198
Conversation
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR reworks container create-time networking so that Docker/Podman receive the full set of initial networks (and per-network aliases) directly in the create command, rather than the previous approach of creating on the default network and then relying on just-in-time (JIT) attach/detach to reach the desired topology. It defers container creation until all requested ContainerNetworks are ready, and adjusts the network controller so create-time ("unmanaged") connections are not disconnected before their ContainerNetworkConnection objects exist.
Changes:
- Replace
CreateContainerOptions.Network/NetworkAliaseswith a singleNetworks []CreateContainerNetworkOptionsAPI, and emit runtime-specific multi-network arguments (Docker:name=<net>,alias=<a>; Podman:<net>:alias=<a>). - Resolve initial networks before creation (
getInitialCreateContainerNetworks, retryableerrInitialContainerNetworksNotReady), remove the startup-time JIT detach logic infinishCreatedContainerStartup, and count create-time attachments as valid connected networks. - Simplify the network reconciler to only disconnect connections it previously managed (removing
shouldKeepUnmanagedConnections), and update the test orchestrator plus integration/unit tests.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/containers/container_orchestrator.go | Introduces Networks/CreateContainerNetworkOptions, replacing the single-network create-time API. |
| internal/docker/cli_orchestrator.go | Emits per-network --network name=,alias= args for Docker. |
| internal/podman/cli_orchestrator.go | Emits per-network --network <net>:alias= args for Podman. |
| internal/docker/cli_orchestrator_test.go | Adds unit tests for Docker multi-network arg formatting. |
| internal/podman/cli_orchestrator_test.go | Adds unit tests for Podman multi-network arg formatting. |
| controllers/container_controller.go | Resolves initial networks pre-creation, removes JIT detach, adds retryable not-ready error, marks create-time networks valid. |
| controllers/network_controller.go | Only disconnects reconciler-managed connections; removes shouldKeepUnmanagedConnections. |
| controllers/container_network_tunnel_proxy_controller.go | Updates client proxy creation to the new Networks API. |
| internal/testutil/ctrlutil/test_container_orchestrator.go | Adds resolveCreateContainerNetworks to mirror multi-network create behavior. |
| test/integration/container_network_connection_test.go | Adds/updates tests for not-starting-until-ready and keeping unmanaged connections. |
| test/integration/resource_harvesting_test.go | Migrates test call sites to the new Networks field. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Require a supported Docker CLI version before probing daemon health so create-time multi-network support is gated on a fast client-only check. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
|
/backport to release/0.25 |
|
Started backporting to release/0.25: https://github.com/microsoft/dcp/actions/runs/28552264712 |
|
@danegsta backport PR couldn't be created automatically, please create the backport PR manually! |
Initial container startup should not create on the default network and then wait for JIT attach just to reach the desired topology. This changes create-time networking so Docker and Podman receive the full initial network and alias set in the container create command once all requested networks are ready.
Summary
CreateContainerOptions.Networksas the only create-time networking API and emit runtime-specific multi-network arguments for Docker and Podman.ContainerNetworks before creation, remove the startup-time JIT connection delay, and keep dynamic attach/detach reconciliation for later network changes.Validation
go test -count 1 -parallel 32 ./internal/containers ./internal/docker ./internal/podman ./internal/testutil/ctrlutil ./controllers ./test/integration -run 'TestApplyCreateContainerOptionsNetworks|TestContainerNetworkKeepsUnmanagedConnections|TestContainerNetworkDoesNotStartUntilNetworkExists|TestContainerNetworkWithAliases|TestContainerFastExitingWithNetwork|TestResourceHarvesting' -timeout 180skubectl-createdContainerNetworkandContainerresources.--container-runtime podman.