diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-08-26 09:16:06 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-26 09:16:06 -0400 |
| commit | 3a9d5248ac65358e7a4f123c2cdbe93584084d6a (patch) | |
| tree | c20774d8cf355fdd6abdf3d2685780ba9d9c0d5d /troubleshooting.md | |
| parent | 6a069446fbb23d7fd16ce14305fda1a7b2b8f925 (diff) | |
| parent | 65b8bf795b22dac1c63bdb2e8878497bf74ce8a5 (diff) | |
| download | podman-3a9d5248ac65358e7a4f123c2cdbe93584084d6a.tar.gz podman-3a9d5248ac65358e7a4f123c2cdbe93584084d6a.tar.bz2 podman-3a9d5248ac65358e7a4f123c2cdbe93584084d6a.zip | |
Merge pull request #7364 from TomSweeneyRedHat/dev/tsweeney/exposeport
Note port publishing needs in pods for create/run
Diffstat (limited to 'troubleshooting.md')
| -rw-r--r-- | troubleshooting.md | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/troubleshooting.md b/troubleshooting.md index 4c452404c..7e8f9bcb0 100644 --- a/troubleshooting.md +++ b/troubleshooting.md @@ -558,3 +558,37 @@ _eof In order to effect root running containers and all users, modify the system wide defaults in /etc/containers/containers.conf + + +### 23) Container with exposed ports won't run in a pod + +A container with ports that have been published with the `--publish` or `-p` option +can not be run within a pod. + +#### Symptom + +``` +$ podman pod create --name srcview -p 127.0.0.1:3434:3434 -p 127.0.0.1:7080:7080 -p 127.0.0.1:3370:3370 4b2f4611fa2cbd60b3899b936368c2b3f4f0f68bc8e6593416e0ab8ecb0a3f1d + +$ podman run --pod srcview --name src-expose -p 3434:3434 -v "${PWD}:/var/opt/localrepo":Z,ro sourcegraph/src-expose:latest serve /var/opt/localrepo +Error: cannot set port bindings on an existing container network namespace +``` + +#### Solution + +This is a known limitation. If a container will be run within a pod, it is not necessary +to publish the port for the containers in the pod. The port must only be published by the +pod itself. Pod network stacks act like the network stack on the host - you have a +variety of containers in the pod, and programs in the container, all sharing a single +interface and IP address, and associated ports. If one container binds to a port, no other +container can use that port within the pod while it is in use. Containers in the pod can +also communicate over localhost by having one container bind to localhost in the pod, and +another connect to that port. + +In the example from the symptom section, dropping the `-p 3434:3434` would allow the +`podman run` command to complete, and the container as part of the pod would still have +access to that port. For example: + +``` +$ podman run --pod srcview --name src-expose -v "${PWD}:/var/opt/localrepo":Z,ro sourcegraph/src-expose:latest serve /var/opt/localrepo +``` |