Implement nerdctl run --annotation
(introduced in Docker v24)
#2906
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Commit 1: Implement
nerdctl run --annotation
(introduced in Docker v24)An OCI runtime (as well as
nerdctl internal oci-hook
) may consume an annotation and behave differently.e.g., https://github.com/opencontainers/runc/blob/v1.1.12/docs/systemd.md#auxiliary-properties
nerdctl v1:
nerdctl run --annotation
was not implemented.nerdctl run --label
is set as a containerd label and an OCI annotation.nerdctl v2:
nerdctl run --annotation
is only set as an OCI annotation.nerdctl run --label
is only set as a containerd label. A label with thenerdctl/
prefix can no longer be set manually, with an exception fornerdctl/bypass4netns
. Thenerdctl/bypass4netns
label is still allowed and is propagated to an OCI annotation, for sake of compatibility.Docker v23:
docker run --annotation
was not implemented.docker run --label
is only set as a Docker label.Docker v24 (implemented in docker/cli#4156, moby/moby#45025):
docker run --annotation
is only set as an OCI annotation.docker run --label
is only set as a Docker label.(In a nutshell,
--annotation
may change the behavior, while--label
should not.)Commit 2: annotations: add
nerdctl/bypass4netns-ignore-subnets
([]string
)For experiments of additional
bypass4netns --ignore