Support for moving Linux Network Devices into Network Namespaces #304
Description
Since this PR was merged into the OCI spec (opencontainers/runtime-spec#1271) I have been wondering how this can be used. Right now only the CNI has a clean integration point for moving Linux network devices into a network namespace however that is possibly on the block for deprecation in the future and this is also executed during container setup and teardown. In the world of DRA, NRI is used to move network devices in and out of a network namespace by the means of a RunPodSandbox/StopPodSandbox NRI hooks. Is it possible with the network devices being defined in the OCI spec that CDI can be used to move network devices into a network namespace so NRI isn't required as its used to retrieve the network namespace.
It looks possible however is this outside of the scope of CDI? I noticed that DRA supports CDI today, it seems like it could possibly make the flow for moving network devices into a netns cleaner. As far as I can tell, this would happen during the Create/StartContainer RPC's of CRI which is after RunPodSandbox. I guess it becomes a little odd when you have multiple containers and in k8s the network namespace is shared. Perhaps NRI is the way to do this however, I figured this could start the conversation.