diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go index df934d25cb..4962fd5668 100644 --- a/libpod/boltdb_state.go +++ b/libpod/boltdb_state.go @@ -57,10 +57,13 @@ type BoltState struct { // operations. // - execBkt: Map of exec session ID to container ID - used for resolving // exec session IDs to the containers that hold the exec session. -// - aliasesBkt - Contains a bucket for each CNI network, which contain a map of -// network alias (an extra name for containers in DNS) to the ID of the -// container holding the alias. Aliases must be unique per-network, and cannot -// conflict with names registered in nameRegistryBkt. +// - networksBkt: Contains all network names as key with their options json +// encoded as value. +// - aliasesBkt - Deprecated, use the networksBkt. Used to contain a bucket +// for each CNI network which contain a map of network alias (an extra name +// for containers in DNS) to the ID of the container holding the alias. +// Aliases must be unique per-network, and cannot conflict with names +// registered in nameRegistryBkt. // - runtimeConfigBkt: Contains configuration of the libpod instance that // initially created the database. This must match for any further instances // that access the database, to ensure that state mismatches with @@ -1056,7 +1059,7 @@ func (s *BoltState) AllContainers() ([]*Container, error) { return ctrs, nil } -// GetNetworks returns the CNI networks this container is a part of. +// GetNetworks returns the networks this container is a part of. func (s *BoltState) GetNetworks(ctr *Container) (map[string]types.PerNetworkOptions, error) { if !s.valid { return nil, define.ErrDBClosed @@ -1346,11 +1349,11 @@ func (s *BoltState) NetworkDisconnect(ctr *Container, network string) error { ctrAliasesBkt := dbCtr.Bucket(aliasesBkt) ctrNetworksBkt := dbCtr.Bucket(networksBkt) if ctrNetworksBkt == nil { - return fmt.Errorf("container %s is not connected to any CNI networks, so cannot disconnect: %w", ctr.ID(), define.ErrNoSuchNetwork) + return fmt.Errorf("container %s is not connected to any networks, so cannot disconnect: %w", ctr.ID(), define.ErrNoSuchNetwork) } netConnected := ctrNetworksBkt.Get([]byte(network)) if netConnected == nil { - return fmt.Errorf("container %s is not connected to CNI network %q: %w", ctr.ID(), network, define.ErrNoSuchNetwork) + return fmt.Errorf("container %s is not connected to network %q: %w", ctr.ID(), network, define.ErrNoSuchNetwork) } if err := ctrNetworksBkt.Delete([]byte(network)); err != nil { diff --git a/libpod/container.go b/libpod/container.go index 987843d073..255e353ea4 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -1251,12 +1251,7 @@ func (c *Container) Secrets() []*ContainerSecret { // Networks gets all the networks this container is connected to. // Please do NOT use ctr.config.Networks, as this can be changed from those // values at runtime via network connect and disconnect. -// If the container is configured to use CNI and this function returns an empty -// array, the container will still be connected to the default network. -// The second return parameter, a bool, indicates that the container -// is joining the default CNI network - the network name will be included in the -// returned array of network names, but the container did not explicitly join -// this network. +// Returned array of network names or error. func (c *Container) Networks() ([]string, error) { if !c.batched { c.lock.Lock() diff --git a/libpod/container_config.go b/libpod/container_config.go index 833113cff9..3720e110bf 100644 --- a/libpod/container_config.go +++ b/libpod/container_config.go @@ -24,7 +24,7 @@ type ContainerConfig struct { // in when the container is created, but it is not the final spec used // to run the container - it will be modified by Libpod to add things we // manage (e.g. bind mounts for /etc/resolv.conf, named volumes, a - // network namespace prepared by CNI or slirp4netns) in the + // network namespace prepared by the network backend) in the // generateSpec() function. Spec *spec.Spec `json:"spec"` diff --git a/libpod/container_inspect.go b/libpod/container_inspect.go index fbb6dce7c0..e9e0a8bc2d 100644 --- a/libpod/container_inspect.go +++ b/libpod/container_inspect.go @@ -552,7 +552,7 @@ func (c *Container) generateInspectContainerHostConfig(ctrSpec *spec.Spec, named hostConfig.NetworkMode = networkMode // Port bindings. - // Only populate if we're using CNI to configure the network. + // Only populate if we are creating the network namespace to configure the network. if c.config.CreateNetNS { hostConfig.PortBindings = makeInspectPortBindings(c.config.PortMappings) } else { diff --git a/libpod/container_internal.go b/libpod/container_internal.go index dcc3e1ae34..165ef7ec35 100644 --- a/libpod/container_internal.go +++ b/libpod/container_internal.go @@ -984,7 +984,7 @@ func (c *Container) completeNetworkSetup() error { return err } state := c.state - // collect any dns servers that cni tells us to use (dnsname) + // collect any dns servers that the network backend tells us to use for _, status := range c.getNetworkStatus() { for _, server := range status.DNSServerIPs { nameservers = append(nameservers, server.String()) diff --git a/libpod/container_validate.go b/libpod/container_validate.go index 22f89f2203..caa633d432 100644 --- a/libpod/container_validate.go +++ b/libpod/container_validate.go @@ -82,7 +82,7 @@ func (c *Container) validate() error { return fmt.Errorf("cannot set static IP or MAC address if not creating a network namespace: %w", define.ErrInvalidArg) } - // Cannot set static IP or MAC if joining >1 CNI network. + // Cannot set static IP or MAC if joining >1 network. if len(c.config.Networks) > 1 && (c.config.StaticIP != nil || c.config.StaticMAC != nil) { return fmt.Errorf("cannot set static IP or MAC address if joining more than one network: %w", define.ErrInvalidArg) } diff --git a/libpod/define/container_inspect.go b/libpod/define/container_inspect.go index 690b255e1c..038d4971b3 100644 --- a/libpod/define/container_inspect.go +++ b/libpod/define/container_inspect.go @@ -606,7 +606,7 @@ type InspectBasicNetworkConfig struct { AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"` } -// InspectAdditionalNetwork holds information about non-default CNI networks the +// InspectAdditionalNetwork holds information about non-default networks the // container has been connected to. // As with InspectNetworkSettings, many fields are unused and maintained only // for compatibility with Docker. @@ -642,7 +642,7 @@ type InspectNetworkSettings struct { LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"` Ports map[string][]InspectHostPort `json:"Ports"` SandboxKey string `json:"SandboxKey"` - // Networks contains information on non-default CNI networks this + // Networks contains information on non-default networks this // container has joined. // It is a map of network name to network information. Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"` diff --git a/libpod/define/pod_inspect.go b/libpod/define/pod_inspect.go index d56074882d..dc82af2201 100644 --- a/libpod/define/pod_inspect.go +++ b/libpod/define/pod_inspect.go @@ -120,7 +120,7 @@ type InspectPodInfraConfig struct { // HostAdd adds a number of hosts to the infra container's resolv.conf // which will be shared with the rest of the pod. HostAdd []string - // Networks is a list of CNI networks the pod will join. + // Networks is a list of networks the pod will join. Networks []string // NetworkOptions are additional options for each network NetworkOptions map[string][]string diff --git a/libpod/networking_common.go b/libpod/networking_common.go index 63d5d1178a..08b6a1b2fb 100644 --- a/libpod/networking_common.go +++ b/libpod/networking_common.go @@ -41,7 +41,7 @@ func (c *Container) convertPortMappings() []types.PortMapping { func (c *Container) getNetworkOptions(networkOpts map[string]types.PerNetworkOptions) types.NetworkOptions { opts := types.NetworkOptions{ ContainerID: c.config.ID, - ContainerName: getCNIPodName(c), + ContainerName: getNetworkPodName(c), } opts.PortMappings = c.convertPortMappings() @@ -78,9 +78,9 @@ func (r *Runtime) setUpNetwork(ns string, opts types.NetworkOptions) (map[string return results, err } -// getCNIPodName return the pod name (hostname) used by CNI and the dnsname plugin. +// getNetworkPodName return the pod name (hostname) used by dns backend. // If we are in the pod network namespace use the pod name otherwise the container name -func getCNIPodName(c *Container) string { +func getNetworkPodName(c *Container) string { if c.config.NetMode.IsPod() || c.IsInfra() { pod, err := c.runtime.state.Pod(c.PodID()) if err == nil { @@ -92,7 +92,7 @@ func getCNIPodName(c *Container) string { // Tear down a container's network configuration and joins the // rootless net ns as rootless user -func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error { +func (r *Runtime) teardownNetworkBackend(ns string, opts types.NetworkOptions) error { rootlessNetNS, err := r.GetRootlessNetNs(false) if err != nil { return err @@ -106,7 +106,7 @@ func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error { // rootlessNetNS is nil if we are root if rootlessNetNS != nil { - // execute the cni setup in the rootless net ns + // execute the network setup in the rootless net ns err = rootlessNetNS.Do(tearDownPod) if cerr := rootlessNetNS.Cleanup(r); cerr != nil { logrus.WithError(err).Error("failed to clean up rootless netns") @@ -118,9 +118,9 @@ func (r *Runtime) teardownNetwork(ns string, opts types.NetworkOptions) error { return err } -// Tear down a container's CNI network configuration, but do not tear down the +// Tear down a container's network backend configuration, but do not tear down the // namespace itself. -func (r *Runtime) teardownCNI(ctr *Container) error { +func (r *Runtime) teardownNetwork(ctr *Container) error { if ctr.state.NetNS == nil { // The container has no network namespace, we're set return nil @@ -136,7 +136,7 @@ func (r *Runtime) teardownCNI(ctr *Container) error { if !ctr.config.NetMode.IsSlirp4netns() && !ctr.config.NetMode.IsPasta() && len(networks) > 0 { netOpts := ctr.getNetworkOptions(networks) - return r.teardownNetwork(ctr.state.NetNS.Path(), netOpts) + return r.teardownNetworkBackend(ctr.state.NetNS.Path(), netOpts) } return nil } @@ -154,10 +154,8 @@ func isBridgeNetMode(n namespaces.NetworkMode) error { // It will tear down, and then reconfigure, the network of the container. // This is mainly used when a reload of firewall rules wipes out existing // firewall configuration. -// Efforts will be made to preserve MAC and IP addresses, but this only works if -// the container only joined a single CNI network, and was only assigned a -// single MAC or IP. -// Only works on root containers at present, though in the future we could +// Efforts will be made to preserve MAC and IP addresses. +// Only works on containers with bridge networking at present, though in the future we could // extend this to stop + restart slirp4netns func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.StatusBlock, error) { if ctr.state.NetNS == nil { @@ -168,9 +166,9 @@ func (r *Runtime) reloadContainerNetwork(ctr *Container) (map[string]types.Statu } logrus.Infof("Going to reload container %s network", ctr.ID()) - err := r.teardownCNI(ctr) + err := r.teardownNetwork(ctr) if err != nil { - // teardownCNI will error if the iptables rules do not exists and this is the case after + // teardownNetwork will error if the iptables rules do not exists and this is the case after // a firewall reload. The purpose of network reload is to recreate the rules if they do // not exists so we should not log this specific error as error. This would confuse users otherwise. // iptables-legacy and iptables-nft will create different errors make sure to match both. @@ -248,7 +246,7 @@ func (c *Container) getContainerNetworkInfo() (*define.InspectNetworkSettings, e } // We can't do more if the network is down. - // We still want to make dummy configurations for each CNI net + // We still want to make dummy configurations for each network // the container joined. if len(networks) > 0 { settings.Networks = make(map[string]*define.InspectAdditionalNetwork, len(networks)) @@ -370,7 +368,7 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro } // check if network exists and if the input is a ID we get the name - // CNI only uses names so it is important that we only use the name + // CNI and netavark and the libpod db only uses names so it is important that we only use the name netName, err = c.runtime.normalizeNetworkName(netName) if err != nil { return err @@ -402,14 +400,14 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro opts := types.NetworkOptions{ ContainerID: c.config.ID, - ContainerName: getCNIPodName(c), + ContainerName: getNetworkPodName(c), } opts.PortMappings = c.convertPortMappings() opts.Networks = map[string]types.PerNetworkOptions{ netName: networks[netName], } - if err := c.runtime.teardownNetwork(c.state.NetNS.Path(), opts); err != nil { + if err := c.runtime.teardownNetworkBackend(c.state.NetNS.Path(), opts); err != nil { return err } @@ -470,7 +468,7 @@ func (c *Container) NetworkDisconnect(nameOrID, netName string, force bool) erro // ConnectNetwork connects a container to a given network func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNetworkOptions) error { - // only the bridge mode supports cni networks + // only the bridge mode supports networks if err := isBridgeNetMode(c.config.NetMode); err != nil { return err } @@ -484,7 +482,7 @@ func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNe } // check if network exists and if the input is a ID we get the name - // CNI only uses names so it is important that we only use the name + // CNI and netavark and the libpod db only uses names so it is important that we only use the name netName, err = c.runtime.normalizeNetworkName(netName) if err != nil { return err @@ -525,7 +523,7 @@ func (c *Container) NetworkConnect(nameOrID, netName string, netOpts types.PerNe opts := types.NetworkOptions{ ContainerID: c.config.ID, - ContainerName: getCNIPodName(c), + ContainerName: getNetworkPodName(c), } opts.PortMappings = c.convertPortMappings() opts.Networks = map[string]types.PerNetworkOptions{ @@ -626,7 +624,7 @@ func getFreeInterfaceName(networks map[string]types.PerNetworkOptions) string { return "" } -// DisconnectContainerFromNetwork removes a container from its CNI network +// DisconnectContainerFromNetwork removes a container from its network func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error { ctr, err := r.LookupContainer(nameOrID) if err != nil { @@ -635,7 +633,7 @@ func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force return ctr.NetworkDisconnect(nameOrID, netName, force) } -// ConnectContainerToNetwork connects a container to a CNI network +// ConnectContainerToNetwork connects a container to a network func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error { ctr, err := r.LookupContainer(nameOrID) if err != nil { diff --git a/libpod/networking_freebsd.go b/libpod/networking_freebsd.go index 9f5c2e6b6a..637e0ea08f 100644 --- a/libpod/networking_freebsd.go +++ b/libpod/networking_freebsd.go @@ -85,7 +85,7 @@ func (r *RootlessNetNS) getPath(path string) string { // Do - run the given function in the rootless netns. // It does not lock the rootlessCNI lock, the caller -// should only lock when needed, e.g. for cni operations. +// should only lock when needed, e.g. for network operations. func (r *RootlessNetNS) Do(toRun func() error) error { return errors.New("not supported on freebsd") } @@ -192,7 +192,7 @@ func (r *Runtime) teardownNetNS(ctr *Container) error { // do not return an error otherwise we would prevent network cleanup logrus.Errorf("failed to free gvproxy machine ports: %v", err) } - if err := r.teardownCNI(ctr); err != nil { + if err := r.teardownNetwork(ctr); err != nil { return err } diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index aaa2cad1bb..0a6b7de109 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -63,7 +63,7 @@ func (r *RootlessNetNS) getPath(path string) string { // Do - run the given function in the rootless netns. // It does not lock the rootlessCNI lock, the caller -// should only lock when needed, e.g. for cni operations. +// should only lock when needed, e.g. for network operations. func (r *RootlessNetNS) Do(toRun func() error) error { err := r.ns.Do(func(_ ns.NetNS) error { // Before we can run the given function, @@ -269,7 +269,7 @@ func (r *RootlessNetNS) Cleanup(runtime *Runtime) error { // at this stage the container is already locked. // also do not try to lock only containers which are not currently in net // teardown because this will result in an ABBA deadlock between the rootless - // cni lock and the container lock + // rootless netns lock and the container lock // because we need to get the state we have to sync otherwise this will not // work because the state is empty by default // I do not like this but I do not see a better way at moment @@ -702,7 +702,7 @@ func (r *Runtime) teardownNetNS(ctr *Container) error { // Do not check the error here, we want to always umount the netns // This will ensure that the container interface will be deleted // even when there is a CNI or netavark bug. - prevErr := r.teardownCNI(ctr) + prevErr := r.teardownNetwork(ctr) // First unmount the namespace if err := netns.UnmountNS(ctr.state.NetNS.Path()); err != nil { diff --git a/libpod/networking_unsupported.go b/libpod/networking_unsupported.go index 7163a02dd0..d1cec1c47d 100644 --- a/libpod/networking_unsupported.go +++ b/libpod/networking_unsupported.go @@ -42,12 +42,12 @@ func (r *Runtime) normalizeNetworkName(nameOrID string) (string, error) { return "", errors.New("not implemented (*Runtime) normalizeNetworkName") } -// DisconnectContainerFromNetwork removes a container from its CNI network +// DisconnectContainerFromNetwork removes a container from its network func (r *Runtime) DisconnectContainerFromNetwork(nameOrID, netName string, force bool) error { return errors.New("not implemented (*Runtime) DisconnectContainerFromNetwork") } -// ConnectContainerToNetwork connects a container to a CNI network +// ConnectContainerToNetwork connects a container to a network func (r *Runtime) ConnectContainerToNetwork(nameOrID, netName string, netOpts types.PerNetworkOptions) error { return errors.New("not implemented (*Runtime) ConnectContainerToNetwork") } @@ -59,7 +59,7 @@ func (r *RootlessNetNS) getPath(path string) string { // Do - run the given function in the rootless netns. // It does not lock the rootlessCNI lock, the caller -// should only lock when needed, e.g. for cni operations. +// should only lock when needed, e.g. for network operations. func (r *RootlessNetNS) Do(toRun func() error) error { return errors.New("not implemented (*RootlessNetNS) Do") } diff --git a/libpod/options.go b/libpod/options.go index 153ebd9433..2f81d9358a 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -374,8 +374,8 @@ func WithNoPivotRoot() RuntimeOption { } } -// WithCNIConfigDir sets the CNI configuration directory. -func WithCNIConfigDir(dir string) RuntimeOption { +// WithNetworkConfigDir sets the network configuration directory. +func WithNetworkConfigDir(dir string) RuntimeOption { return func(rt *Runtime) error { if rt.valid { return define.ErrRuntimeFinalized diff --git a/pkg/api/server/register_networks.go b/pkg/api/server/register_networks.go index 86dd4449c7..8f1b6a96a6 100644 --- a/pkg/api/server/register_networks.go +++ b/pkg/api/server/register_networks.go @@ -181,7 +181,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error { // tags: // - networks (compat) // summary: Delete unused networks - // description: Remove CNI networks that do not have containers + // description: Remove networks that do not have containers // produces: // - application/json // parameters: @@ -213,7 +213,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error { // tags: // - networks // summary: Remove a network - // description: Remove a CNI configured network + // description: Remove a configured network // parameters: // - in: path // name: name @@ -289,8 +289,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error { // - networks // summary: Inspect a network // description: | - // Display low level configuration for a CNI network. - // - In a 200 response, all of the fields named Bytes are returned as a Base64 encoded string. + // Display configuration for a network. // parameters: // - in: path // name: name @@ -391,7 +390,7 @@ func (s *APIServer) registerNetworkHandlers(r *mux.Router) error { // tags: // - networks // summary: Delete unused networks - // description: Remove CNI networks that do not have containers + // description: Remove networks that do not have containers // produces: // - application/json // parameters: diff --git a/pkg/bindings/network/network.go b/pkg/bindings/network/network.go index 412f934abc..ec4940b6dc 100644 --- a/pkg/bindings/network/network.go +++ b/pkg/bindings/network/network.go @@ -12,7 +12,7 @@ import ( jsoniter "github.com/json-iterator/go" ) -// Create makes a new CNI network configuration +// Create makes a new network configuration func Create(ctx context.Context, network *types.Network) (types.Network, error) { return CreateWithOptions(ctx, network, nil) } @@ -50,7 +50,7 @@ func CreateWithOptions(ctx context.Context, network *types.Network, extraCreateO return report, response.Process(&report) } -// Inspect returns low level information about a CNI network configuration +// Inspect returns information about a network configuration func Inspect(ctx context.Context, nameOrID string, _ *InspectOptions) (types.Network, error) { var net types.Network conn, err := bindings.GetClient(ctx) @@ -66,7 +66,7 @@ func Inspect(ctx context.Context, nameOrID string, _ *InspectOptions) (types.Net return net, response.Process(&net) } -// Remove deletes a defined CNI network configuration by name. The optional force boolean +// Remove deletes a defined network configuration by name. The optional force boolean // will remove all containers associated with the network when set to true. A slice // of NetworkRemoveReports are returned. func Remove(ctx context.Context, nameOrID string, options *RemoveOptions) ([]*entities.NetworkRmReport, error) { @@ -91,7 +91,7 @@ func Remove(ctx context.Context, nameOrID string, options *RemoveOptions) ([]*en return reports, response.Process(&reports) } -// List returns a summary of all CNI network configurations +// List returns a summary of all network configurations func List(ctx context.Context, options *ListOptions) ([]types.Network, error) { var netList []types.Network if options == nil { @@ -192,7 +192,7 @@ func Exists(ctx context.Context, nameOrID string, options *ExistsOptions) (bool, return response.IsSuccess(), nil } -// Prune removes unused CNI networks +// Prune removes unused networks func Prune(ctx context.Context, options *PruneOptions) ([]*entities.NetworkPruneReport, error) { if options == nil { options = new(PruneOptions) diff --git a/pkg/bindings/network/types.go b/pkg/bindings/network/types.go index c205a1d8f8..c978a0d3dd 100644 --- a/pkg/bindings/network/types.go +++ b/pkg/bindings/network/types.go @@ -76,7 +76,7 @@ type ExistsOptions struct { } // PruneOptions are optional options for removing unused -// CNI networks +// networks // //go:generate go run ../generator/generator.go PruneOptions type PruneOptions struct { diff --git a/pkg/domain/infra/runtime_libpod.go b/pkg/domain/infra/runtime_libpod.go index c9aabc9bd7..bd73d20f96 100644 --- a/pkg/domain/infra/runtime_libpod.go +++ b/pkg/domain/infra/runtime_libpod.go @@ -253,7 +253,7 @@ func getRuntime(ctx context.Context, fs *flag.FlagSet, opts *engineOpts) (*libpo // TODO flag to set libpod tmp dir? if fs.Changed("network-config-dir") { - options = append(options, libpod.WithCNIConfigDir(cfg.ContainersConf.Network.NetworkConfigDir)) + options = append(options, libpod.WithNetworkConfigDir(cfg.ContainersConf.Network.NetworkConfigDir)) } if fs.Changed("default-mounts-file") { options = append(options, libpod.WithDefaultMountsFile(cfg.ContainersConf.Containers.DefaultMountsFile)) diff --git a/pkg/machine/ignition.go b/pkg/machine/ignition.go index d317ad1fb0..6a6495bf76 100644 --- a/pkg/machine/ignition.go +++ b/pkg/machine/ignition.go @@ -334,7 +334,7 @@ Delegate=memory pids cpu io }, }) - // Set containers.conf up for core user to use cni networks + // Set containers.conf up for core user to use networks // by default files = append(files, File{ Node: Node{ diff --git a/pkg/specgen/namespaces.go b/pkg/specgen/namespaces.go index 78bcb8619c..94c96794a3 100644 --- a/pkg/specgen/namespaces.go +++ b/pkg/specgen/namespaces.go @@ -44,7 +44,7 @@ const ( // be joined. loopback should still exist. // Only used with the network namespace, invalid otherwise. NoNetwork NamespaceMode = "none" - // Bridge indicates that a CNI network stack + // Bridge indicates that the network backend (CNI/netavark) // should be used. // Only used with the network namespace, invalid otherwise. Bridge NamespaceMode = "bridge"