nerdctl: [Windows] Networking doesn't work

When using nerdctl run to start a Windows container, networking doesn’t work as there is no ethernet adapter attached:

.\nerdctl.exe pull mcr.microsoft.com/windows/nanoserver:1809
.\nerdctl.exe run --rm mcr.microsoft.com/windows/nanoserver:1809 cmd /c ipconfig

# Windows IP Configuration

Same behaviour like with ctr:

./ctr.exe i pull mcr.microsoft.com/windows/nanoserver:1809
./ctr.exe run -rm  mcr.microsoft.com/windows/nanoserver:1809 test cmd /c ipconfig

# Windows IP Configuration

With crictl it works however:

.\crictl.exe pull mcr.microsoft.com/windows/nanoserver:1809
$POD_ID=(./crictl runp .\pod.json)
$CONTAINER_ID=(./crictl create $POD_ID .\container.json .\pod.json)
./crictl start $CONTAINER_ID
.\crictl.exe exec $CONTAINER_ID cmd /c ipconfig

# Windows IP Configuration
#
# Ethernet adapter vEthernet (3cceb90e9342cc0a23db648c9c4da002a329d285ba3733e8feb666a374e9f842_nat):
#
#   Connection-specific DNS Suffix  . : 
#   Link-local IPv6 Address . . . . . : fe80::1d7f:3f4c:efb5:457b%15
#   IPv4 Address. . . . . . . . . . . : 172.30.197.170
#   Subnet Mask . . . . . . . . . . . : 255.255.240.0
#   Default Gateway . . . . . . . . . : 172.30.192.1

with pod.json:

{
  "metadata": {
    "name": "mycont-sandbox",
    "namespace": "default",
    "attempt": 1,
    "uid": "hdishd83djaidwnduwk28basb"
  },
  "log_directory": "/tmp",
  "linux": {
  }
}

and container.json:

{
  "metadata": {
      "name": "mycont"
  },
  "image":{
      "image": "mcr.microsoft.com/windows/nanoserver:1809"
  },
  "command": [
      "cmd",
      "/c",
      "ping -t 127.0.0.1"
  ],
  "log_path":"mycont.0.log",
  "linux": {
  }
}

Without having any knowledge about the internals, I would assume it’s because crictl uses a pod sandbox where networking is set up for and ctr/nerdctl doesn’t?

cc @jsturtevant

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 3
  • Comments: 20 (9 by maintainers)

Commits related to this issue

Most upvoted comments

@kkbruce Networking support for Windows is not implemented yet in nerdctl. Currently networking only works with crictl and ctr command line tools.

@lippertmarkus Thanks for your info. Let’s take a look at crictl first, and we can only look forward to its implementation.

Maybe that implementation in containerd/containerd#6304 helps you for nerdctl

That is one way to do it but would be different form the Linux implementation here. I also think it might have issues as pointed out above with the flag --restart=always.

I’ve looked into the OCI hooks and there doesn’t seem to be any reason it can’t be supported in hcsshim it just hasn’t been implemented for Windows. I plan to get a prototype of that working to gauge effort and feasibility and will update here.

I am not sure why it doesn’t have support. Just inferring from the OCI docs and hcsshim code. spoke briefly with @dcantah and it sounds like it should be technically possible but would need implementation.

Does this work with the restart manager (–restart=always)? On Linux it doesn’t work, so it’s implemented in the hooks.

I will have to experiment to figure this out.

It will be an amazing start 😄

I will see if I can get this wired up properly.