How/is it possible to enables `features.networks` on non-empty projects?

I’ve just been using the default user-1000 projects for all of my containers, but now I’d like to add some networks. Is it possible to do enable that setting on my project somehow? If not, what should I do? Create a new project that’s accessible for my user and move containers to it?

Unless you have OVN installed on your system, this won’t actually do anything useful for you.

The only scenario where projects can create and own their own networks is when OVN is set up on the system. This is most commonly done in larger clustered environments.

1 Like

So in general, should I just stick with the 10.x.x.0/24 network the project gets and use a reverse proxy for anything that needs outside access? That’s the reason I was asking about creating a network.

You can still create a bridge or other network on your system to directly expose instances to the external network. If you do that, then you can update the project restrictions to allow the project to use that network too.

You can also configure the project to allow for proxy devices which then lets that project listen on the host IP and forward to its instances.

1 Like

I marked this as solved but I realized that I can’t actually create a bridge in my user-1000 project because of

$ incus profile device add bridgeprofile eth0 nic nictype=bridged parent=br0
Error: Failed checking if profile update allowed: Invalid device "eth0" on profile "bridgeprofile" of project "user-1000": Only managed network devices are allowed

Can I allow other network devices on my project? If not, what should I do? Right now my user is just in the incus group, not incus-admin, but I’d be willing to add myself to incus-admin if that’s the solution.

You should be able to do something like sudo incus network create external --type=physical parent=br0 which will then give you a managed external network that you can allow in the project and then use with nic network=external name=eth0

1 Like