From 65b8bf795b22dac1c63bdb2e8878497bf74ce8a5 Mon Sep 17 00:00:00 2001
From: TomSweeneyRedHat <tsweeney@redhat.com>
Date: Tue, 18 Aug 2020 17:05:29 -0400
Subject: Note port publishing needs in pods for create/run

Add notes to the podman-create and podman-run man pages
to note that ports do not need to be published and should not
be, for containers that will be part of a pod.

Addresses: #6769

Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
---
 docs/source/markdown/podman-create.1.md | 8 ++++++++
 docs/source/markdown/podman-run.1.md    | 8 ++++++++
 2 files changed, 16 insertions(+)

(limited to 'docs/source')

diff --git a/docs/source/markdown/podman-create.1.md b/docs/source/markdown/podman-create.1.md
index 976a1e681..cbf51dd2e 100644
--- a/docs/source/markdown/podman-create.1.md
+++ b/docs/source/markdown/podman-create.1.md
@@ -648,6 +648,14 @@ Host port does not have to be specified (e.g. `podman run -p 127.0.0.1::80`).
 If it is not, the container port will be randomly assigned a port on the host.
 Use `podman port` to see the actual mapping: `podman port CONTAINER $CONTAINERPORT`
 
+**Note:** if a container will be run within a pod, it is not necessary to publish the port for
+the containers in the pod. The port must only be published by the pod itself.  Pod network
+stacks act like the network stack on the host - you have a variety of containers in the pod,
+and programs in the container, all sharing a single interface and IP address, and
+associated ports. If one container binds to a port, no other container can use that port
+within the pod while it is in use. Containers in the pod can also communicate over localhost
+by having one container bind to localhost in the pod, and another connect to that port.
+
 **--publish-all**, **-P**=*true|false*
 
 Publish all exposed ports to random ports on the host interfaces. The default is *false*.
diff --git a/docs/source/markdown/podman-run.1.md b/docs/source/markdown/podman-run.1.md
index b6c1fab17..09df87b2b 100644
--- a/docs/source/markdown/podman-run.1.md
+++ b/docs/source/markdown/podman-run.1.md
@@ -662,6 +662,14 @@ If it is not, the container port will be randomly assigned a port on the host.
 
 Use **podman port** to see the actual mapping: **podman port $CONTAINER $CONTAINERPORT**.
 
+**Note:** if a container will be run within a pod, it is not necessary to publish the port for
+the containers in the pod. The port must only be published by the pod itself.  Pod network
+stacks act like the network stack on the host - you have a variety of containers in the pod,
+and programs in the container, all sharing a single interface and IP address, and
+associated ports. If one container binds to a port, no other container can use that port
+within the pod while it is in use. Containers in the pod can also communicate over localhost
+by having one container bind to localhost in the pod, and another connect to that port.
+
 **--publish-all**, **-P**=**true**|**false**
 
 Publish all exposed ports to random ports on the host interfaces. The default is **false**.
-- 
cgit v1.2.3-54-g00ecf