summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbaude <bbaude@redhat.com>2021-01-21 12:04:59 -0600
committerbaude <bbaude@redhat.com>2021-01-25 08:51:15 -0600
commit393a8f02612518e9715669d1cf2d7ceb101f5079 (patch)
treec862d7eb137315cd3efe3f961d8705d8f816d0da
parent6cef7c78dd5f8e2e8e1fe91bd2c7d1298f7e4df9 (diff)
downloadpodman-393a8f02612518e9715669d1cf2d7ceb101f5079.tar.gz
podman-393a8f02612518e9715669d1cf2d7ceb101f5079.tar.bz2
podman-393a8f02612518e9715669d1cf2d7ceb101f5079.zip
disable dnsname when --internal
when doing a network creation, the dnsname plugin should be disabled when the --internal bool is set. a warning is displayed if this happens and docs are updated. Signed-off-by: baude <bbaude@redhat.com>
-rw-r--r--docs/source/markdown/podman-network-create.1.md3
-rw-r--r--libpod/network/create.go9
-rw-r--r--test/e2e/network_create_test.go17
3 files changed, 26 insertions, 3 deletions
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md
index 16e4e3bdb..2fafd1e31 100644
--- a/docs/source/markdown/podman-network-create.1.md
+++ b/docs/source/markdown/podman-network-create.1.md
@@ -41,7 +41,8 @@ Define a gateway for the subnet. If you want to provide a gateway address, you m
#### **--internal**
-Restrict external access of this network
+Restrict external access of this network. Note when using this option, the dnsname plugin will be
+automatically disabled.
#### **--ip-range**
diff --git a/libpod/network/create.go b/libpod/network/create.go
index e7f65358b..a8f985af9 100644
--- a/libpod/network/create.go
+++ b/libpod/network/create.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/podman/v2/pkg/rootless"
"github.com/containers/podman/v2/pkg/util"
"github.com/pkg/errors"
+ "github.com/sirupsen/logrus"
)
// Create the CNI network
@@ -226,8 +227,12 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon
// if we find the dnsname plugin or are rootless, we add configuration for it
// the rootless-cni-infra container has the dnsname plugin always installed
if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS {
- // Note: in the future we might like to allow for dynamic domain names
- plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
+ if options.Internal {
+ logrus.Warnf("dnsname and --internal networks are incompatible. dnsname plugin not configured for network %s", name)
+ } else {
+ // Note: in the future we might like to allow for dynamic domain names
+ plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName))
+ }
}
ncList["plugins"] = plugins
b, err := json.MarshalIndent(ncList, "", " ")
diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go
index 73e18cbce..1bf2a2691 100644
--- a/test/e2e/network_create_test.go
+++ b/test/e2e/network_create_test.go
@@ -375,4 +375,21 @@ var _ = Describe("Podman network create", func() {
Expect(nc).To(ExitWithError())
})
+ It("podman network create with internal should not have dnsname", func() {
+ net := "internal-test" + stringid.GenerateNonCryptoID()
+ nc := podmanTest.Podman([]string{"network", "create", "--internal", net})
+ nc.WaitWithDefaultTimeout()
+ defer podmanTest.removeCNINetwork(net)
+ Expect(nc.ExitCode()).To(BeZero())
+ // Not performing this check on remote tests because it is a logrus error which does
+ // not come back via stderr on the remote client.
+ if !IsRemote() {
+ Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and --internal networks are incompatible"))
+ }
+ nc = podmanTest.Podman([]string{"network", "inspect", net})
+ nc.WaitWithDefaultTimeout()
+ Expect(nc.ExitCode()).To(BeZero())
+ Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname"))
+ })
+
})