Hi,

sorry if this question is bad. You are allowed to flame me for this :)

I would like to create a container which is basically connected to two separate VLANs and does some sort of bridging between them.

I also would like to be able to assign IP addresses from inside the container, because I would like to assign IP addresses via keepalived.

The reason, why I would like to do it that way is to reduce cross traffic between hosts.

I have three hosts, that are attached to a public VLAN. All three hosts got a public IP address, which needs to be assigned to another host in case of something is going wrong.

HAProxy picks up the request on the public VLAN and forwards it to the underlying backend, which is in the same container. This backend talks to a storage cluster via the private VLAN.

The container host is a ubuntu 20.04 with Podman 3.4.2

What I did until now:

- create two additional networks [1]

- create a container [2]

But now I have the problem that I am not allowed to add an IP address from inside the container [3]

I also don't know if I have a conceptual error in the whole thing, because it is a strange thing to use containers as a VM replacement.

But currently I just don't know better.

Hope someone can help me.

---

A more in depth description of what I try to solve:

I have a ceph cluster that serves s3 traffic via radosgw.

radosgw talks to all the physical disks in the cluster directly. So it does the discribution of objects.

To do TLS termination, some basic HTTP header manipulation, and other HTTP related stuff a HAProxy is sitting in front of the radosgw.

I don't want to have a public IP address directly on a storage host, because misconfiguration happen and this is something I want to avoid.

So I thought I could spin up a container on some storage server, map the public VLAN and the private storage VLAN into the container and combine HAProxy and radosgw into one unit.

Now there is the problem with public availablity. I want to used DNS load balancing for the HAproxy. So every HAProxy gets it's own public IP address. But when one ore more HAproxy instance fail (there are so many things that can go south) I would like to add the IP address to another container.

Here comes keepalived, which does VRRP from inside the containers and when some container stop anouncing it is available, another host spins up the IP address, and starts to serve it.

And because I am struggling with even those simple tasks, I don't want to even try k8s/k3s. Also I think k8s/k3s have a lot of cross traffic between the instances, which might kill the performance really hard.

---

[1]

$ podman network create --disable-dns --driver=macvlan -o parent=bond0.50 --subnet 10.64.1.0/24 public

$ podman network create --disable-dns --driver=macvlan -o parent=bond0.43 --subnet 10.64.2.0/24 management

[2]

$ podman run --detach --hostname=frontend-`hostname` --name frontend-`hostname -s` \

  --mount=type=bind,source=/opt/frontend/etc/haproxy,destination=/etc/haproxy,ro \

  --mount=type=bind,source=/opt/frontend/etc/ssl/frontend,destination=/etc/ssl/frontend,ro \

  --network=podman,public,management \ 

  -it ubuntu:20.04 /bin/bash

[3]

root@frontend-0cc47a6df14e:/# ip addr add 192.168.0.1/24 dev eth2
RTNETLINK answers: Operation not permitted

Best wishes

 Boris