Merge pull request #19958 from ryanhockstad/main

Add DNS fields to Container and Network unit groups
2025-05-21 09:05:56 +08:00 · 2023-09-14 00:55:34 +02:00
parent e3ea6bf2f9 883612eff3
commit 18561f26ad
7 changed files with 90 additions and 0 deletions
--- a/docs/source/markdown/podman-systemd.unit.5.md
+++ b/docs/source/markdown/podman-systemd.unit.5.md
@ -128,6 +128,9 @@ Valid options for `[Container]` are listed below:
 | Annotation="XYZ"               | --annotation "XYZ"                                   |
 | AutoUpdate=registry            | --label "io.containers.autoupdate=registry"          |
 | ContainerName=name             | --name name                                          |
+| DNS=192.168.55.1               | --dns=192.168.55.1                                   |
+| DNSSearch=foo.com              | --dns-search=foo.com                                 |
+| DNSOption=ndots:1              | --dns-option=ndots:1                                 |
 | DropCapability=CAP             | --cap-drop=CAP                                       |
 | Environment=foo=bar            | --env foo=bar                                        |
 | EnvironmentFile=/tmp/env       | --env-file /tmp/env                                  |
@ -223,6 +226,24 @@ The (optional) name of the Podman container. If this is not specified, the defau
 of `systemd-%N` is used, which is the same as the service name but with a `systemd-`
 prefix to avoid conflicts with user-managed containers.

+### `DNS=`
+
+Set network-scoped DNS resolver/nameserver for containers in this network.
+
+This key can be listed multiple times.
+
+### `DNSOption=`
+
+Set custom DNS options.
+
+This key can be listed multiple times.
+
+### `DNSSearch=`
+
+Set custom DNS search domains. Use **DNSSearch=.** to remove the search domain.
+
+This key can be listed multiple times.
+
 ### `DropCapability=`

 Drop these capabilities from the default podman capability set, or `all` to drop all capabilities.
@ -705,6 +726,7 @@ Valid options for `[Network]` are listed below:
 | **[Network] options**         | **podman network create equivalent** |
 |-------------------------------|--------------------------------------|
 | DisableDNS=true               | --disable-dns                        |
+| DNS=192.168.55.1              | --dns=192.168.55.1                   |
 | Driver=bridge                 | --driver bridge                      |
 | Gateway=192.168.55.3          | --gateway 192.168.55.3               |
 | Internal=true                 | --internal                           |
@ -725,6 +747,12 @@ If enabled, disables the DNS plugin for this network.

 This is equivalent to the Podman `--disable-dns` option

+### `DNS=`
+
+Set network-scoped DNS resolver/nameserver for containers in this network.
+
+This key can be listed multiple times.
+
 ### `Driver=` (defaults to `bridge`)

 Driver to manage the network. Currently `bridge`, `macvlan` and `ipvlan` are supported.
--- a/pkg/systemd/quadlet/quadlet.go
+++ b/pkg/systemd/quadlet/quadlet.go
@ -50,6 +50,9 @@ const (
 	KeyContainerName         = "ContainerName"
 	KeyCopy                  = "Copy"
 	KeyDevice                = "Device"
+	KeyDNS                   = "DNS"
+	KeyDNSOption             = "DNSOption"
+	KeyDNSSearch             = "DNSSearch"
 	KeyDropCapability        = "DropCapability"
 	KeyEnvironment           = "Environment"
 	KeyEnvironmentFile       = "EnvironmentFile"
@ -134,6 +137,9 @@ var (
 		KeyAnnotation:            true,
 		KeyAutoUpdate:            true,
 		KeyContainerName:         true,
+		KeyDNS:                   true,
+		KeyDNSOption:             true,
+		KeyDNSSearch:             true,
 		KeyDropCapability:        true,
 		KeyEnvironment:           true,
 		KeyEnvironmentFile:       true,
@ -208,6 +214,7 @@ var (
 	// Supported keys in "Network" group
 	supportedNetworkKeys = map[string]bool{
 		KeyLabel:             true,
+		KeyDNS:               true,
 		KeyNetworkDisableDNS: true,
 		KeyNetworkDriver:     true,
 		KeyNetworkGateway:    true,
@ -483,6 +490,21 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse
 		podman.add("--security-opt", fmt.Sprintf("seccomp=%s", seccompProfile))
 	}

+	dns := container.LookupAll(ContainerGroup, KeyDNS)
+	for _, ipAddr := range dns {
+		podman.addf("--dns=%s", ipAddr)
+	}
+
+	dnsOptions := container.LookupAll(ContainerGroup, KeyDNSOption)
+	for _, dnsOption := range dnsOptions {
+		podman.addf("--dns-option=%s", dnsOption)
+	}
+
+	dnsSearches := container.LookupAll(ContainerGroup, KeyDNSSearch)
+	for _, dnsSearch := range dnsSearches {
+		podman.addf("--dns-search=%s", dnsSearch)
+	}
+
 	dropCaps := container.LookupAllStrv(ContainerGroup, KeyDropCapability)

 	for _, caps := range dropCaps {
@ -748,6 +770,11 @@ func ConvertNetwork(network *parser.UnitFile, name string) (*parser.UnitFile, st
 		podman.add("--disable-dns")
 	}

+	dns := network.LookupAll(NetworkGroup, KeyDNS)
+	for _, ipAddr := range dns {
+		podman.addf("--dns=%s", ipAddr)
+	}
+
 	driver, ok := network.Lookup(NetworkGroup, KeyNetworkDriver)
 	if ok && len(driver) > 0 {
 		podman.addf("--driver=%s", driver)
--- a/test/e2e/quadlet/dns-options.container
+++ b/test/e2e/quadlet/dns-options.container
@ -0,0 +1,8 @@
+## assert-podman-final-args localhost/imagename
+## assert-podman-args "--dns-option=ndots:1"
+## assert-podman-args "--dns-option=color:blue"
+
+[Container]
+Image=localhost/imagename
+DNSOption=ndots:1
+DNSOption=color:blue
--- a/test/e2e/quadlet/dns-search.container
+++ b/test/e2e/quadlet/dns-search.container
@ -0,0 +1,8 @@
+## assert-podman-final-args localhost/imagename
+## assert-podman-args "--dns-search=foo.com"
+## assert-podman-args "--dns-search=bar.com"
+
+[Container]
+Image=localhost/imagename
+DNSSearch=foo.com
+DNSSearch=bar.com
--- a/test/e2e/quadlet/dns.container
+++ b/test/e2e/quadlet/dns.container
@ -0,0 +1,8 @@
+## assert-podman-final-args localhost/imagename
+## assert-podman-args "--dns=8.7.7.7"
+## assert-podman-args "--dns=8.8.8.8"
+
+[Container]
+Image=localhost/imagename
+DNS=8.7.7.7
+DNS=8.8.8.8
--- a/test/e2e/quadlet/dns.network
+++ b/test/e2e/quadlet/dns.network
@ -0,0 +1,7 @@
+## assert-podman-final-args systemd-dns
+## assert-podman-args "--dns=8.7.7.7"
+## assert-podman-args "--dns=8.8.8.8"
+
+[Network]
+DNS=8.7.7.7
+DNS=8.8.8.8
--- a/test/e2e/quadlet_test.go
+++ b/test/e2e/quadlet_test.go
@ -577,6 +577,9 @@ BOGUS=foo
 		Entry("capabilities2.container", "capabilities2.container", 0, ""),
 		Entry("devices.container", "devices.container", 0, ""),
 		Entry("disableselinux.container", "disableselinux.container", 0, ""),
+		Entry("dns-options.container", "dns-options.container", 0, ""),
+		Entry("dns-search.container", "dns-search.container", 0, ""),
+		Entry("dns.container", "dns.container", 0, ""),
 		Entry("env-file.container", "env-file.container", 0, ""),
 		Entry("env-host-false.container", "env-host-false.container", 0, ""),
 		Entry("env-host.container", "env-host.container", 0, ""),
@ -654,6 +657,7 @@ BOGUS=foo

 		Entry("Network - Basic", "basic.network", 0, ""),
 		Entry("Network - Disable DNS", "disable-dns.network", 0, ""),
+		Entry("Network - DNS", "dns.network", 0, ""),
 		Entry("Network - Driver", "driver.network", 0, ""),
 		Entry("Network - Gateway not enough Subnet", "gateway.less-subnet.network", 1, "converting \"gateway.less-subnet.network\": cannot set more gateways than subnets"),
 		Entry("Network - Gateway without Subnet", "gateway.no-subnet.network", 1, "converting \"gateway.no-subnet.network\": cannot set gateway or range without subnet"),