Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[24.0 backport] daemon: release sandbox even when NetworkDisabled #46702

Merged
merged 1 commit into from Oct 24, 2023
Merged

[24.0 backport] daemon: release sandbox even when NetworkDisabled #46702

merged 1 commit into from Oct 24, 2023

Conversation

thaJeztah
Copy link
Member

- What I did

When the default bridge is disabled by setting dockerd's --bridge=none option, the daemon still creates a sandbox for containers with no network attachment specified. In that case NetworkDisabled will be set to true.

However, currently the releaseNetwork call will early return if NetworkDisabled is true. Thus, these sandboxes won't be deleted until the daemon is restarted. If a high number of such containers are created, the daemon would then take few minutes to start.

As a side note, NetworkDisabled semantics is weird/broken and should be revised:

  • On one hand a sandbox is created even if NetworkDisbled is set. Thus it allows these containers to be manually connected to other networks;
  • OTOH, when manually connecting such container to a network nothing happens and no error is returned (ie. no interface and no route provisioned, no embedded DNS, etc...);

- Description for the changelog

  • Fix a bug that would prevent network sandboxes to be properly deleted when stopping containers with no network attachment are specified and dockerd's --bridge=none option is specified.

- A picture of a cute animal (not mandatory but encouraged)

@payall4u @thaJeztah
daemon: release sandbox even when NetworkDisabled
05d95fd 
When the default bridge is disabled by setting dockerd's `--bridge=none`
option, the daemon still creates a sandbox for containers with no
network attachment specified. In that case `NetworkDisabled` will be set
to true.

However, currently the `releaseNetwork` call will early return if
NetworkDisabled is true. Thus, these sandboxes won't be deleted until
the daemon is restarted. If a high number of such containers are
created, the daemon would then take few minutes to start.

See moby#42461.

Signed-off-by: payall4u <payall4u@qq.com>
Signed-off-by: Albin Kerouanton <albinker@gmail.com>
(cherry picked from commit 9664f33)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah added this to the 24.0.7 milestone Oct 23, 2023
akerouanton
akerouanton approved these changes Oct 24, 2023
View reviewed changes
Copy link
Member

@akerouanton akerouanton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@thaJeztah thaJeztah merged commit 9b20b1a into moby:24.0 Oct 24, 2023
102 checks passed
@thaJeztah thaJeztah deleted the 24.0_backport_releaseNetwork_NetworkDisabled branch October 24, 2023 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@akerouanton akerouanton akerouanton approved these changes

Assignees
No one assigned
Labels
area/networking impact/changelog kind/bugfix PR's that fix bugs status/2-code-review
Projects
None yet
Milestone
24.0.7
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@thaJeztah @akerouanton @payall4u