Merge pull request #137 from ormergi/bridge-disable-cont-iface

bridge: Disable container interface
containernetworking · Feb 2, 2024 · 4282c75 · 4282c75
2 parents 9e3b045 + 15e6dbe
commit 4282c75
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/content/plugins/current/main/bridge.md b/content/plugins/current/main/bridge.md
@@ -63,6 +63,17 @@ If the bridge is missing, the plugin will create one on first use and, if gatewa
 }
 ```
 
+## Example L2-only, disabled interface configuration
+```json
+{
+    "cniVersion": "0.3.1",
+    "name": "mynet",
+    "type": "bridge",
+    "bridge": "mynet0",
+    "disableContainerInterface": "true",
+}
+```
+
 ## Network configuration reference
 
 * `name` (string, required): the name of the network.
@@ -81,6 +92,7 @@ If the bridge is missing, the plugin will create one on first use and, if gatewa
 * `vlanTrunk` (list, optional): assign VLAN trunk tag. Defaults to none.
 * `enabledad` (boolean, optional): enables duplicate address detection for the container side veth. Defaults to false.
 * `macspoofchk` (boolean, optional): Enables mac spoof check, limiting the traffic originating from the container to the mac address of the interface. Defaults to false.
+* `disableContainerInterface` (boolean, optional): Set the container interface (veth peer inside the container netns) state down. When enabled, IPAM cannot be used.
 
 *Note:* The VLAN parameter configures the VLAN tag on the host end of the veth and also enables the vlan_filtering feature on the bridge interface.