With the podman CLI it is currently not possible to create a dual-home network for containers.
Also bridge networks are used, the network configuration file in /etc/cni/net.d needs a read-modify-write to remove the NAT code (https://github.com/vyos/vyos-1x/commit/209ce3d9b6fb09626a7abe3540b888566b739de8)
To become more flexible in the container networking, drop the podman network commands when we interact with the network configuration and rather render it the "oldschool" way using Jinja2.
A network configuration supporting bridging, and also both IPv4 and IPv6 can look like this:
[email protected]# cat /etc/cni/net.d/baz.conflist { "cniVersion": "0.4.0", "name": "baz", "plugins": [ { "type": "bridge", "bridge": "cni-podman2", "isGateway": true, "ipMasq": true, "hairpinMode": true, "ipam": { "type": "host-local", "routes": [ { "dst": "::/0" }, { "dst": "0.0.0.0/0" } ], "ranges": [ [ { "subnet": "2001:db8::/64", "gateway": "2001:db8::1" } ], [ { "subnet": "10.88.2.0/24", "gateway": "10.88.2.1" } ] ] } }, { "type": "portmap", "capabilities": { "portMappings": true } }, { "type": "firewall", "backend": "" }, { "type": "tuning" } ] }
A JSON representation of this data will look like:
{'cniVersion': '0.4.0',
'name': 'baz',
'plugins': [{'bridge': 'cni-podman2',
'hairpinMode': True,
'ipMasq': True,
'ipam': {'ranges': [[{'gateway': '2001:db8::1',
'subnet': '2001:db8::/64'}],
[{'gateway': '10.88.2.1',
'subnet': '10.88.2.0/24'}]],
'routes': [{'dst': '::/0'}, {'dst': '0.0.0.0/0'}],
'type': 'host-local'},
'isGateway': True,
'type': 'bridge'},
{'capabilities': {'portMappings': True}, 'type': 'portmap'},
{'backend': '', 'type': 'firewall'},
{'type': 'tuning'}]}AS there is a cniVersion field - we will be future compatible and if things still change, it is only a VyOS internal adjustment not exposed to the user.