mirror of
https://github.com/containers/podman.git
synced 2025-05-20 16:47:39 +08:00
Implment network == none
When network == none, the container should only have a loopback interface and that's it. Signed-off-by: baude <bbaude@redhat.com> Closes: #176 Approved by: baude
This commit is contained in:
baude
@ -1,7 +1,9 @@
|
||||
FROM registry.fedoraproject.org/fedora:27
|
||||
|
||||
RUN dnf -y install btrfs-progs-devel \
|
||||
atomic-registries \
|
||||
bzip2 \
|
||||
conmon \
|
||||
device-mapper-devel \
|
||||
findutils \
|
||||
git \
|
||||
@ -19,9 +21,7 @@ RUN dnf -y install btrfs-progs-devel \
|
||||
python \
|
||||
which\
|
||||
golang-github-cpuguy83-go-md2man \
|
||||
conmon \
|
||||
procps-ng \
|
||||
atomic-registries \
|
||||
iptables && dnf clean all
|
||||
|
||||
# install bats
|
||||
@ -33,7 +33,7 @@ RUN cd /tmp \
|
||||
&& rm -fr /tmp/bats
|
||||
|
||||
# Install CNI plugins
|
||||
ENV CNI_COMMIT 7480240de9749f9a0a5c8614b17f1f03e0c06ab9
|
||||
ENV CNI_COMMIT 412b6d31280682bb4fab4446f113c22ff1886554
|
||||
RUN set -x \
|
||||
&& export GOPATH="$(mktemp -d)" \
|
||||
&& git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \
|
||||
@ -55,6 +55,19 @@ RUN set -x \
|
||||
&& export GOPATH=/go \
|
||||
&& go get github.com/onsi/gomega/...
|
||||
|
||||
# Install conmon
|
||||
ENV CRIO_COMMIT 814c6ab0913d827543696b366048056a31d9529c
|
||||
RUN set -x \
|
||||
&& export GOPATH="$(mktemp -d)" \
|
||||
&& git clone https://github.com/kubernetes-incubator/cri-o.git "$GOPATH/src/github.com/kubernetes-incubator/cri-o.git" \
|
||||
&& cd "$GOPATH/src/github.com/kubernetes-incubator/cri-o.git" \
|
||||
&& git fetch origin --tags \
|
||||
&& git checkout -q "$CRIO_COMMIT" \
|
||||
&& mkdir bin \
|
||||
&& make conmon \
|
||||
&& install -D -m 755 bin/conmon /usr/libexec/crio/conmon \
|
||||
&& rm -rf "$GOPATH"
|
||||
|
||||
# Install cni config
|
||||
#RUN make install.cni
|
||||
RUN mkdir -p /etc/cni/net.d/
|
||||
|
||||
@ -572,7 +572,8 @@ func (c *createConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er
|
||||
return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer())
|
||||
}
|
||||
options = append(options, libpod.WithNetNSFrom(connectedCtr))
|
||||
} else if !c.NetMode.IsHost() {
|
||||
} else if !c.NetMode.IsHost() && !c.NetMode.IsNone() {
|
||||
options = append(options, libpod.WithNetNS([]ocicni.PortMapping{}))
|
||||
options = append(options, libpod.WithNetNS(portBindings))
|
||||
}
|
||||
|
||||
|
||||
@ -158,7 +158,7 @@ func (p *PodmanTest) Podman(args []string) *PodmanSession {
|
||||
func (p *PodmanTest) Cleanup() {
|
||||
// Remove all containers
|
||||
session := p.Podman([]string{"rm", "-fa"})
|
||||
session.Wait(60)
|
||||
session.Wait(90)
|
||||
// Nuke tempdir
|
||||
if err := os.RemoveAll(p.TempDir); err != nil {
|
||||
fmt.Printf("%q\n", err)
|
||||
|
||||
79
test/e2e/run_networking_test.go
Normal file
79
test/e2e/run_networking_test.go
Normal file
@ -0,0 +1,79 @@
|
||||
package integration
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
. "github.com/onsi/ginkgo"
|
||||
. "github.com/onsi/gomega"
|
||||
)
|
||||
|
||||
var _ = Describe("Podman rmi", func() {
|
||||
var (
|
||||
tempdir string
|
||||
err error
|
||||
podmanTest PodmanTest
|
||||
)
|
||||
|
||||
BeforeEach(func() {
|
||||
tempdir, err = CreateTempDirInTempDir()
|
||||
if err != nil {
|
||||
os.Exit(1)
|
||||
}
|
||||
podmanTest = PodmanCreate(tempdir)
|
||||
podmanTest.RestoreAllArtifacts()
|
||||
})
|
||||
|
||||
AfterEach(func() {
|
||||
podmanTest.Cleanup()
|
||||
|
||||
})
|
||||
|
||||
It("podman run network connection with default bridge", func() {
|
||||
session := podmanTest.Podman([]string{"run", "-dt", ALPINE, "wget", "www.projectatomic.io"})
|
||||
session.Wait(90)
|
||||
Expect(session.ExitCode()).To(Equal(0))
|
||||
})
|
||||
|
||||
It("podman run network connection with host", func() {
|
||||
session := podmanTest.Podman([]string{"run", "-dt", "--network", "host", ALPINE, "wget", "www.projectatomic.io"})
|
||||
session.Wait(90)
|
||||
Expect(session.ExitCode()).To(Equal(0))
|
||||
})
|
||||
|
||||
It("podman run network connection with loopback", func() {
|
||||
session := podmanTest.Podman([]string{"run", "-dt", "--network", "host", ALPINE, "wget", "www.projectatomic.io"})
|
||||
session.Wait(90)
|
||||
Expect(session.ExitCode()).To(Equal(0))
|
||||
})
|
||||
|
||||
It("podman run network expose port 222", func() {
|
||||
session := podmanTest.Podman([]string{"run", "-dt", "--expose", "222-223", ALPINE, "/bin/sh"})
|
||||
session.Wait(30)
|
||||
Expect(session.ExitCode()).To(Equal(0))
|
||||
results := podmanTest.SystemExec("iptables", []string{"-t", "nat", "-L"})
|
||||
results.Wait(30)
|
||||
Expect(results.ExitCode()).To(Equal(0))
|
||||
Expect(results.OutputToString()).To(ContainSubstring("222"))
|
||||
Expect(results.OutputToString()).To(ContainSubstring("223"))
|
||||
})
|
||||
|
||||
It("podman run network expose host port 80 to container port 8000", func() {
|
||||
session := podmanTest.Podman([]string{"run", "-dt", "-p", "80:8000", ALPINE, "/bin/sh"})
|
||||
session.Wait(30)
|
||||
Expect(session.ExitCode()).To(Equal(0))
|
||||
results := podmanTest.SystemExec("iptables", []string{"-t", "nat", "-L"})
|
||||
results.Wait(30)
|
||||
Expect(results.ExitCode()).To(Equal(0))
|
||||
Expect(results.OutputToString()).To(ContainSubstring("8000"))
|
||||
})
|
||||
|
||||
It("podman run network expose ports in image metadata", func() {
|
||||
session := podmanTest.Podman([]string{"run", "-dt", "-P", "docker.io/library/nginx:latest"})
|
||||
session.Wait(90)
|
||||
Expect(session.ExitCode()).To(Equal(0))
|
||||
results := podmanTest.Podman([]string{"inspect", "-l"})
|
||||
results.Wait(30)
|
||||
Expect(results.ExitCode()).To(Equal(0))
|
||||
Expect(results.OutputToString()).To(ContainSubstring(": 80,"))
|
||||
})
|
||||
})
|
||||
@ -1,59 +0,0 @@
|
||||
#!/usr/bin/env bats
|
||||
|
||||
load helpers
|
||||
|
||||
function teardown() {
|
||||
cleanup_test
|
||||
}
|
||||
|
||||
function setup() {
|
||||
copy_images
|
||||
}
|
||||
|
||||
@test "test network connection with default bridge" {
|
||||
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt ${ALPINE} wget www.yahoo.com
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} wait --latest
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
@test "test network connection with host" {
|
||||
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt --network host ${ALPINE} wget www.yahoo.com
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} wait --latest
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
@test "expose port 222" {
|
||||
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt --expose 222-223 ${ALPINE} /bin/sh
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run bash -c "iptables -t nat -L"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run bash -c "iptables -t nat -L | grep 223"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
@test "expose host port 80 to container port 8000" {
|
||||
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt -p 80:8000 ${ALPINE} /bin/sh
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run bash -c "iptables -t nat -L | grep 8000"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
|
||||
@test "expose ports in image" {
|
||||
run ${PODMAN_BINARY} ${PODMAN_OPTIONS} run -dt -P docker.io/library/nginx:latest
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
run bash -c "${PODMAN_BINARY} ${PODMAN_OPTIONS} inspect -l | grep ': 80,'"
|
||||
echo "$output"
|
||||
[ "$status" -eq 0 ]
|
||||
}
|
||||
Reference in New Issue
Block a user