Support IPv6 with FF_NETWORK_PER_BUILD
Description
While the FF_NETWORK_PER_BUILD
has been used by us for security reasons with millions of builds
for years and proven to be very reliable over the years, it does not support IPv6.
So even if you enable IPv6 in your Docker daemon config, as described here: https://docs.docker.com/config/daemon/ipv6/,
it's not possible to have FF_NETWORK_PER_BUILD
enabled and IPv6 running inside the container with Gitlab Runner at the same time.
Checking the Docker documentation, it seems like this would need to be explicitly provided to the docker network create
command:
https://docs.docker.com/engine/reference/commandline/network_create/#options
The part, where it's created inside Gitlab Runner is here: https://gitlab.com/gitlab-org/gitlab-runner/-/blob/main/executors/docker/internal/networks/manager.go#L65
Proposal
Create Docker networks using the FF_NETWORK_PER_BUILD
flag with IPv6 enabled.
Ideally FF_NETWORK_PER_BUILD
should be the default as well for
security reasons alone: #11751