error when adding container to pod with network information

because a pod's network information is dictated by the infra container at creation, a container cannot be created with network attributes.  this has been difficult for users to understand.  we now return an error when a container is being created inside a pod and passes any of the following attributes:

* static IP (v4 and v6)
* static mac
* ports -p (i.e. -p 8080:80)
* exposed ports (i.e. 222-225)
* publish ports from image -P

Signed-off-by: Brent Baude <bbaude@redhat.com>

<MH: Fixed cherry pick conflicts and compile>

Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit is contained in:
Brent Baude
2020-08-20 09:52:53 -05:00
committed by Matthew Heon
parent c78c6b44ce
commit 23251149ab
3 changed files with 83 additions and 0 deletions

View File

@ -160,4 +160,8 @@ var (
// ErrImageInUse indicates the requested operation failed because the image was in use // ErrImageInUse indicates the requested operation failed because the image was in use
ErrImageInUse = errors.New("image is being used") ErrImageInUse = errors.New("image is being used")
// ErrNetworkOnPodContainer indicates the user wishes to alter network attributes on a container
// in a pod. This cannot be done as the infra container has all the network information
ErrNetworkOnPodContainer = errors.New("network cannot be configured when it is shared with a pod")
) )

View File

@ -3,6 +3,7 @@ package specgen
import ( import (
"strings" "strings"
"github.com/containers/libpod/v2/libpod/define"
"github.com/containers/libpod/v2/pkg/rootless" "github.com/containers/libpod/v2/pkg/rootless"
"github.com/containers/libpod/v2/pkg/util" "github.com/containers/libpod/v2/pkg/util"
"github.com/pkg/errors" "github.com/pkg/errors"
@ -34,6 +35,23 @@ func (s *SpecGenerator) Validate() error {
} }
} }
// Containers being added to a pod cannot have certain network attributes
// associated with them because those should be on the infra container.
if len(s.Pod) > 0 && s.NetNS.NSMode == FromPod {
if s.StaticIP != nil || s.StaticIPv6 != nil {
return errors.Wrap(define.ErrNetworkOnPodContainer, "static ip addresses must be defined when the pod is created")
}
if s.StaticMAC != nil {
return errors.Wrap(define.ErrNetworkOnPodContainer, "MAC addresses must be defined when the pod is created")
}
if len(s.CNINetworks) > 0 {
return errors.Wrap(define.ErrNetworkOnPodContainer, "networks must be defined when the pod is created")
}
if len(s.PortMappings) > 0 || s.PublishExposedPorts {
return errors.Wrap(define.ErrNetworkOnPodContainer, "published or exposed ports must be defined when the pod is created")
}
}
// //
// ContainerBasicConfig // ContainerBasicConfig
// //

View File

@ -471,4 +471,65 @@ var _ = Describe("Podman create", func() {
Expect(len(data)).To(Equal(1)) Expect(len(data)).To(Equal(1))
Expect(data[0].Config.StopSignal).To(Equal(uint(15))) Expect(data[0].Config.StopSignal).To(Equal(uint(15)))
}) })
It("create container in pod with IP should fail", func() {
SkipIfRootless()
name := "createwithstaticip"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
Expect(pod.ExitCode()).To(BeZero())
session := podmanTest.Podman([]string{"create", "--pod", name, "--ip", "192.168.1.2", ALPINE, "top"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).ToNot(BeZero())
})
It("create container in pod with mac should fail", func() {
SkipIfRootless()
name := "createwithstaticmac"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
Expect(pod.ExitCode()).To(BeZero())
session := podmanTest.Podman([]string{"create", "--pod", name, "--mac-address", "52:54:00:6d:2f:82", ALPINE, "top"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).ToNot(BeZero())
})
It("create container in pod with network should fail", func() {
SkipIfRootless()
name := "createwithnetwork"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
Expect(pod.ExitCode()).To(BeZero())
session := podmanTest.Podman([]string{"create", "--pod", name, "--network", "foobar", ALPINE, "top"})
session.WaitWithDefaultTimeout()
//Expect(session.ExitCode()).ToNot(BeZero())
Expect(session.ExitCode()).To(BeZero())
})
It("create container in pod with ports should fail", func() {
SkipIfRootless()
name := "createwithports"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
Expect(pod.ExitCode()).To(BeZero())
session := podmanTest.Podman([]string{"create", "--pod", name, "-p", "80:80", ALPINE, "top"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).ToNot(BeZero())
})
It("create container in pod ppublish ports should fail", func() {
SkipIfRootless()
name := "createwithpublishports"
pod := podmanTest.RunTopContainerInPod("", "new:"+name)
pod.WaitWithDefaultTimeout()
Expect(pod.ExitCode()).To(BeZero())
session := podmanTest.Podman([]string{"create", "--pod", name, "-P", ALPINE, "top"})
session.WaitWithDefaultTimeout()
Expect(session.ExitCode()).ToNot(BeZero())
})
}) })