I’ve just been using the default user-1000 projects for all of my containers, but now I’d like to add some networks. Is it possible to do enable that setting on my project somehow? If not, what should I do? Create a new project that’s accessible for my user and move containers to it?
Unless you have OVN installed on your system, this won’t actually do anything useful for you.
The only scenario where projects can create and own their own networks is when OVN is set up on the system. This is most commonly done in larger clustered environments.
So in general, should I just stick with the 10.x.x.0/24 network the project gets and use a reverse proxy for anything that needs outside access? That’s the reason I was asking about creating a network.
You can still create a bridge or other network on your system to directly expose instances to the external network. If you do that, then you can update the project restrictions to allow the project to use that network too.
You can also configure the project to allow for proxy
devices which then lets that project listen on the host IP and forward to its instances.
I marked this as solved but I realized that I can’t actually create a bridge in my user-1000 project because of
$ incus profile device add bridgeprofile eth0 nic nictype=bridged parent=br0
Error: Failed checking if profile update allowed: Invalid device "eth0" on profile "bridgeprofile" of project "user-1000": Only managed network devices are allowed
Can I allow other network devices on my project? If not, what should I do? Right now my user is just in the incus
group, not incus-admin
, but I’d be willing to add myself to incus-admin
if that’s the solution.
You should be able to do something like sudo incus network create external --type=physical parent=br0
which will then give you a managed external
network that you can allow in the project and then use with nic network=external name=eth0