Add support for --network=netns:/proc/pid/ns/net

[mrunalp]

To test this run a cri-o container and then get its pid and pass --network=netns:/proc/pid/ns/net of the cri-o container. You should then see the same ip a output inside both these containers.

@rhatdan @runcom

Signed-off-by: Mrunal Patel mrunalp@gmail.com

cc: @lsm5 we need a new rpm as soon as this is merged.

[runcom]

I cannot test this patch with 1.12.6 because I'm on Fedora 26 but I ported the patch to 1.13.1 and I noticed there are other code paths in this file where you should call mode.IsNetNs() and exit before docker can continue setting up network.

[runcom]

See #272 for a review and the port to 1.13.1 as well

[mrunalp]

Updated.

[runcom]

LGTM, but there's no way I can test this out unfortunately :(

[mrunalp]

I tested it on Fedora 26.

[mrunalp]

@lsm5 can we build a new docker rpm with this?

[bparees]

@mrunalp @runcom i'm preparing to consume this but i don't know how to determine my container's pid:

To test this run a cri-o container and then get its pid and pass --network=netns:/proc/pid/ns/net of the cri-o container. You should then see the same ip a output inside both these containers.

since my logic is running inside the pod, as far as it's concerned it's pid is "1".

[mrunalp]

@bparees We need two things. 1. pid 2. path to resolv.conf
Both of these are available in the inspect endpoint served by the crio unix socket /var/run/crio.sock at /containers/id
You should bind mount the resolv.conf path to /etc/resolv.conf i.e. the equivalent of docker run -v /path/you/get/from/inspect/:/etc/resolv.conf

[mrunalp]

@bparees See https://github.com/google/cadvisor/pull/1741/files for an example on how to talk to cri-o inspect endpoint. Also, resolv.conf path will be returned as part of annotations.