diff options
author | baude <bbaude@redhat.com> | 2021-01-21 12:04:59 -0600 |
---|---|---|
committer | baude <bbaude@redhat.com> | 2021-01-25 08:51:15 -0600 |
commit | 393a8f02612518e9715669d1cf2d7ceb101f5079 (patch) | |
tree | c862d7eb137315cd3efe3f961d8705d8f816d0da | |
parent | 6cef7c78dd5f8e2e8e1fe91bd2c7d1298f7e4df9 (diff) | |
download | podman-393a8f02612518e9715669d1cf2d7ceb101f5079.tar.gz podman-393a8f02612518e9715669d1cf2d7ceb101f5079.tar.bz2 podman-393a8f02612518e9715669d1cf2d7ceb101f5079.zip |
disable dnsname when --internal
when doing a network creation, the dnsname plugin should be disabled
when the --internal bool is set. a warning is displayed if this
happens and docs are updated.
Signed-off-by: baude <bbaude@redhat.com>
-rw-r--r-- | docs/source/markdown/podman-network-create.1.md | 3 | ||||
-rw-r--r-- | libpod/network/create.go | 9 | ||||
-rw-r--r-- | test/e2e/network_create_test.go | 17 |
3 files changed, 26 insertions, 3 deletions
diff --git a/docs/source/markdown/podman-network-create.1.md b/docs/source/markdown/podman-network-create.1.md index 16e4e3bdb..2fafd1e31 100644 --- a/docs/source/markdown/podman-network-create.1.md +++ b/docs/source/markdown/podman-network-create.1.md @@ -41,7 +41,8 @@ Define a gateway for the subnet. If you want to provide a gateway address, you m #### **--internal** -Restrict external access of this network +Restrict external access of this network. Note when using this option, the dnsname plugin will be +automatically disabled. #### **--ip-range** diff --git a/libpod/network/create.go b/libpod/network/create.go index e7f65358b..a8f985af9 100644 --- a/libpod/network/create.go +++ b/libpod/network/create.go @@ -14,6 +14,7 @@ import ( "github.com/containers/podman/v2/pkg/rootless" "github.com/containers/podman/v2/pkg/util" "github.com/pkg/errors" + "github.com/sirupsen/logrus" ) // Create the CNI network @@ -226,8 +227,12 @@ func createBridge(name string, options entities.NetworkCreateOptions, runtimeCon // if we find the dnsname plugin or are rootless, we add configuration for it // the rootless-cni-infra container has the dnsname plugin always installed if (HasDNSNamePlugin(runtimeConfig.Network.CNIPluginDirs) || rootless.IsRootless()) && !options.DisableDNS { - // Note: in the future we might like to allow for dynamic domain names - plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName)) + if options.Internal { + logrus.Warnf("dnsname and --internal networks are incompatible. dnsname plugin not configured for network %s", name) + } else { + // Note: in the future we might like to allow for dynamic domain names + plugins = append(plugins, NewDNSNamePlugin(DefaultPodmanDomainName)) + } } ncList["plugins"] = plugins b, err := json.MarshalIndent(ncList, "", " ") diff --git a/test/e2e/network_create_test.go b/test/e2e/network_create_test.go index 73e18cbce..1bf2a2691 100644 --- a/test/e2e/network_create_test.go +++ b/test/e2e/network_create_test.go @@ -375,4 +375,21 @@ var _ = Describe("Podman network create", func() { Expect(nc).To(ExitWithError()) }) + It("podman network create with internal should not have dnsname", func() { + net := "internal-test" + stringid.GenerateNonCryptoID() + nc := podmanTest.Podman([]string{"network", "create", "--internal", net}) + nc.WaitWithDefaultTimeout() + defer podmanTest.removeCNINetwork(net) + Expect(nc.ExitCode()).To(BeZero()) + // Not performing this check on remote tests because it is a logrus error which does + // not come back via stderr on the remote client. + if !IsRemote() { + Expect(nc.ErrorToString()).To(ContainSubstring("dnsname and --internal networks are incompatible")) + } + nc = podmanTest.Podman([]string{"network", "inspect", net}) + nc.WaitWithDefaultTimeout() + Expect(nc.ExitCode()).To(BeZero()) + Expect(nc.OutputToString()).ToNot(ContainSubstring("dnsname")) + }) + }) |