mirror of
https://github.com/containers/podman.git
synced 2025-06-20 17:13:43 +08:00
Merge pull request #9057 from baude/dnsnameinternal
disable dnsname when --internal
This commit is contained in:
@ -41,7 +41,8 @@ Define a gateway for the subnet. If you want to provide a gateway address, you m
|
|||||||
|
|
||||||
#### **--internal**
|
#### **--internal**
|
||||||
|
|
||||||
Restrict external access of this network
|
Restrict external access of this network. Note when using this option, the dnsname plugin will be
|
||||||
|
automatically disabled.
|
||||||
|
|
||||||
#### **--ip-range**
|
#### **--ip-range**
|
||||||
|
|
||||||
|
@ -14,6 +14,7 @@ import (
|
|||||||
"github.com/containers/podman/v2/pkg/rootless"
|
"github.com/containers/podman/v2/pkg/rootless"
|
||||||
"github.com/containers/podman/v2/pkg/util"
|
"github.com/containers/podman/v2/pkg/util"
|
||||||
"github.com/pkg/errors"
|
"github.com/pkg/errors"
|
||||||
|
"github.com/sirupsen/logrus"
|
||||||
)
|
)
|
||||||
|
|
||||||
// Create the CNI network
|
// Create the CNI network
|
||||||
@ -226,8 +227,12 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
|
|||||||
// if we find the dnsname plugin or are rootless, we add configuration for it
|
// if we find the dnsname plugin or are rootless, we add configuration for it
|
||||||
// the rootless-cni-infra container has the dnsname plugin always installed
|
// the rootless-cni-infra container has the dnsname plugin always installed
|
||||||
if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS {
|
if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS {
|
||||||
// Note: in the future we might like to allow for dynamic domain names
|
if options.Internal {
|
||||||
plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
|
logrus.Warnf("dnsname and --internal networks are incompatible. dnsname plugin not configured for network %s", name)
|
||||||
|
} else {
|
||||||
|
// Note: in the future we might like to allow for dynamic domain names
|
||||||
|
plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
ncList["plugins"] = plugins
|
ncList["plugins"] = plugins
|
||||||
b, err := json.MarshalIndent(ncList, "", " ")
|
b, err := json.MarshalIndent(ncList, "", " ")
|
||||||
|
@ -375,4 +375,21 @@ var _ = Describe("Podman network create", func() {
|
|||||||
Expect(nc).To(ExitWithError())
|
Expect(nc).To(ExitWithError())
|
||||||
})
|
})
|
||||||
|
|
||||||
|
It("podman network create with internal should not have dnsname", func() {
|
||||||
|
net := "internal-test" + stringid.GenerateNonCryptoID()
|
||||||
|
nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
|
||||||
|
nc.WaitWithDefaultTimeout()
|
||||||
|
defer podmanTest.removeCNINetwork(net)
|
||||||
|
Expect(nc.ExitCode()).To(BeZero())
|
||||||
|
// Not performing this check on remote tests because it is a logrus error which does
|
||||||
|
// not come back via stderr on the remote client.
|
||||||
|
if !IsRemote() {
|
||||||
|
Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and --internal networks are incompatible"))
|
||||||
|
}
|
||||||
|
nc = podmanTest.Podman([]string{"network", "inspect", net})
|
||||||
|
nc.WaitWithDefaultTimeout()
|
||||||
|
Expect(nc.ExitCode()).To(BeZero())
|
||||||
|
Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname"))
|
||||||
|
})
|
||||||
|
|
||||||
})
|
})
|
||||||
|
Reference in New Issue
Block a user