diff options
author | Matthew Heon <mheon@redhat.com> | 2020-08-03 13:33:08 -0400 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2020-08-03 14:32:16 -0400 |
commit | 7bedff96356eb1a4c14a0c86b41a70a8d4f41950 (patch) | |
tree | e4726cd3209526a9817c495a3765e7a5e706f494 /docs/source | |
parent | 1709335cf04e947117d4ae4dca72f24f4095511b (diff) | |
download | podman-7bedff96356eb1a4c14a0c86b41a70a8d4f41950.tar.gz podman-7bedff96356eb1a4c14a0c86b41a70a8d4f41950.tar.bz2 podman-7bedff96356eb1a4c14a0c86b41a70a8d4f41950.zip |
Do not set host IP on ports when 0.0.0.0 requested
Docker and CNI have very different ideas of what 0.0.0.0 means.
Docker takes it to be 0.0.0.0/0 - that is, bind to every IPv4
address on the host. CNI (and, thus, root Podman) take it to mean
the literal IP 0.0.0.0. Instead, CNI interprets the empty string
("") as "bind to all IPs".
We could ask CNI to change, but given this is established
behavior, that's unlikely. Instead, let's just catch 0.0.0.0 and
turn it into "" when we parse ports.
Fixes #7014
Signed-off-by: Matthew Heon <mheon@redhat.com>
Diffstat (limited to 'docs/source')
-rw-r--r-- | docs/source/markdown/podman-create.1.md | 3 | ||||
-rw-r--r-- | docs/source/markdown/podman-run.1.md | 2 |
2 files changed, 4 insertions, 1 deletions
diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md index b4456225e..fd96d8a53 100644 --- a/docs/source/markdown/podman-create.1.md +++ b/docs/source/markdown/podman-create.1.md @@ -634,7 +634,8 @@ Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. (e.g., `podman run -p 1234-1236:1222-1224 --name thisWorks -t busybox` but not `podman run -p 1230-1236:1230-1240 --name RangeContainerPortsBiggerThanRangeHostPorts -t busybox`) -With ip: `podman run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage` +With host IP: `podman run -p 127.0.0.1:$HOSTPORT:$CONTAINERPORT --name CONTAINER -t someimage` +If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). If it is not, the container port will be randomly assigned a port on the host. Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT` diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md index 4fdb7f81b..eaeb7dbdb 100644 --- a/docs/source/markdown/podman-run.1.md +++ b/docs/source/markdown/podman-run.1.md @@ -647,6 +647,8 @@ Both hostPort and containerPort can be specified as a range of ports. When specifying ranges for both, the number of container ports in the range must match the number of host ports in the range. +If host IP is set to 0.0.0.0 or not set at all, the port will be bound on all IPs on the host. + Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`). If it is not, the container port will be randomly assigned a port on the host. |