diff --git a/docs/source/markdown/podman-systemd.unit.5.md b/docs/source/markdown/podman-systemd.unit.5.md index 1400de2fbd..7cf8732ba1 100644 --- a/docs/source/markdown/podman-systemd.unit.5.md +++ b/docs/source/markdown/podman-systemd.unit.5.md @@ -128,6 +128,9 @@ Valid options for `[Container]` are listed below: | Annotation="XYZ" | --annotation "XYZ" | | AutoUpdate=registry | --label "io.containers.autoupdate=registry" | | ContainerName=name | --name name | +| DNS=192.168.55.1 | --dns=192.168.55.1 | +| DNSSearch=foo.com | --dns-search=foo.com | +| DNSOption=ndots:1 | --dns-option=ndots:1 | | DropCapability=CAP | --cap-drop=CAP | | Environment=foo=bar | --env foo=bar | | EnvironmentFile=/tmp/env | --env-file /tmp/env | @@ -223,6 +226,24 @@ The (optional) name of the Podman container. If this is not specified, the defau of `systemd-%N` is used, which is the same as the service name but with a `systemd-` prefix to avoid conflicts with user-managed containers. +### `DNS=` + +Set network-scoped DNS resolver/nameserver for containers in this network. + +This key can be listed multiple times. + +### `DNSOption=` + +Set custom DNS options. + +This key can be listed multiple times. + +### `DNSSearch=` + +Set custom DNS search domains. Use **DNSSearch=.** to remove the search domain. + +This key can be listed multiple times. + ### `DropCapability=` Drop these capabilities from the default podman capability set, or `all` to drop all capabilities. @@ -705,6 +726,7 @@ Valid options for `[Network]` are listed below: | **[Network] options** | **podman network create equivalent** | |-------------------------------|--------------------------------------| | DisableDNS=true | --disable-dns | +| DNS=192.168.55.1 | --dns=192.168.55.1 | | Driver=bridge | --driver bridge | | Gateway=192.168.55.3 | --gateway 192.168.55.3 | | Internal=true | --internal | @@ -725,6 +747,12 @@ If enabled, disables the DNS plugin for this network. This is equivalent to the Podman `--disable-dns` option +### `DNS=` + +Set network-scoped DNS resolver/nameserver for containers in this network. + +This key can be listed multiple times. + ### `Driver=` (defaults to `bridge`) Driver to manage the network. Currently `bridge`, `macvlan` and `ipvlan` are supported. diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go index d593bf8e24..0199cd0e38 100644 --- a/pkg/systemd/quadlet/quadlet.go +++ b/pkg/systemd/quadlet/quadlet.go @@ -50,6 +50,9 @@ const ( KeyContainerName = "ContainerName" KeyCopy = "Copy" KeyDevice = "Device" + KeyDNS = "DNS" + KeyDNSOption = "DNSOption" + KeyDNSSearch = "DNSSearch" KeyDropCapability = "DropCapability" KeyEnvironment = "Environment" KeyEnvironmentFile = "EnvironmentFile" @@ -134,6 +137,9 @@ var ( KeyAnnotation: true, KeyAutoUpdate: true, KeyContainerName: true, + KeyDNS: true, + KeyDNSOption: true, + KeyDNSSearch: true, KeyDropCapability: true, KeyEnvironment: true, KeyEnvironmentFile: true, @@ -208,6 +214,7 @@ var ( // Supported keys in "Network" group supportedNetworkKeys = map[string]bool{ KeyLabel: true, + KeyDNS: true, KeyNetworkDisableDNS: true, KeyNetworkDriver: true, KeyNetworkGateway: true, @@ -483,6 +490,21 @@ func ConvertContainer(container *parser.UnitFile, names map[string]string, isUse podman.add("--security-opt", fmt.Sprintf("seccomp=%s", seccompProfile)) } + dns := container.LookupAll(ContainerGroup, KeyDNS) + for _, ipAddr := range dns { + podman.addf("--dns=%s", ipAddr) + } + + dnsOptions := container.LookupAll(ContainerGroup, KeyDNSOption) + for _, dnsOption := range dnsOptions { + podman.addf("--dns-option=%s", dnsOption) + } + + dnsSearches := container.LookupAll(ContainerGroup, KeyDNSSearch) + for _, dnsSearch := range dnsSearches { + podman.addf("--dns-search=%s", dnsSearch) + } + dropCaps := container.LookupAllStrv(ContainerGroup, KeyDropCapability) for _, caps := range dropCaps { @@ -748,6 +770,11 @@ func ConvertNetwork(network *parser.UnitFile, name string) (*parser.UnitFile, st podman.add("--disable-dns") } + dns := network.LookupAll(NetworkGroup, KeyDNS) + for _, ipAddr := range dns { + podman.addf("--dns=%s", ipAddr) + } + driver, ok := network.Lookup(NetworkGroup, KeyNetworkDriver) if ok && len(driver) > 0 { podman.addf("--driver=%s", driver) diff --git a/test/e2e/quadlet/dns-options.container b/test/e2e/quadlet/dns-options.container new file mode 100644 index 0000000000..523991252d --- /dev/null +++ b/test/e2e/quadlet/dns-options.container @@ -0,0 +1,8 @@ +## assert-podman-final-args localhost/imagename +## assert-podman-args "--dns-option=ndots:1" +## assert-podman-args "--dns-option=color:blue" + +[Container] +Image=localhost/imagename +DNSOption=ndots:1 +DNSOption=color:blue diff --git a/test/e2e/quadlet/dns-search.container b/test/e2e/quadlet/dns-search.container new file mode 100644 index 0000000000..dbc26d4a49 --- /dev/null +++ b/test/e2e/quadlet/dns-search.container @@ -0,0 +1,8 @@ +## assert-podman-final-args localhost/imagename +## assert-podman-args "--dns-search=foo.com" +## assert-podman-args "--dns-search=bar.com" + +[Container] +Image=localhost/imagename +DNSSearch=foo.com +DNSSearch=bar.com diff --git a/test/e2e/quadlet/dns.container b/test/e2e/quadlet/dns.container new file mode 100644 index 0000000000..6402b8bf61 --- /dev/null +++ b/test/e2e/quadlet/dns.container @@ -0,0 +1,8 @@ +## assert-podman-final-args localhost/imagename +## assert-podman-args "--dns=8.7.7.7" +## assert-podman-args "--dns=8.8.8.8" + +[Container] +Image=localhost/imagename +DNS=8.7.7.7 +DNS=8.8.8.8 diff --git a/test/e2e/quadlet/dns.network b/test/e2e/quadlet/dns.network new file mode 100644 index 0000000000..77ed678d32 --- /dev/null +++ b/test/e2e/quadlet/dns.network @@ -0,0 +1,7 @@ +## assert-podman-final-args systemd-dns +## assert-podman-args "--dns=8.7.7.7" +## assert-podman-args "--dns=8.8.8.8" + +[Network] +DNS=8.7.7.7 +DNS=8.8.8.8 diff --git a/test/e2e/quadlet_test.go b/test/e2e/quadlet_test.go index 6eb3922b7f..46c020e286 100644 --- a/test/e2e/quadlet_test.go +++ b/test/e2e/quadlet_test.go @@ -577,6 +577,9 @@ BOGUS=foo Entry("capabilities2.container", "capabilities2.container", 0, ""), Entry("devices.container", "devices.container", 0, ""), Entry("disableselinux.container", "disableselinux.container", 0, ""), + Entry("dns-options.container", "dns-options.container", 0, ""), + Entry("dns-search.container", "dns-search.container", 0, ""), + Entry("dns.container", "dns.container", 0, ""), Entry("env-file.container", "env-file.container", 0, ""), Entry("env-host-false.container", "env-host-false.container", 0, ""), Entry("env-host.container", "env-host.container", 0, ""), @@ -654,6 +657,7 @@ BOGUS=foo Entry("Network - Basic", "basic.network", 0, ""), Entry("Network - Disable DNS", "disable-dns.network", 0, ""), + Entry("Network - DNS", "dns.network", 0, ""), Entry("Network - Driver", "driver.network", 0, ""), Entry("Network - Gateway not enough Subnet", "gateway.less-subnet.network", 1, "converting \"gateway.less-subnet.network\": cannot set more gateways than subnets"), Entry("Network - Gateway without Subnet", "gateway.no-subnet.network", 1, "converting \"gateway.no-subnet.network\": cannot set gateway or range without subnet"),