-
Notifications
You must be signed in to change notification settings - Fork 243
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] Running a container using system
mode networking with exposed port failed in linux
#3515
Comments
The use of gateway.containers.internal does not seem to be possible to disable from podman-machine without code changes: |
The container.conf file has a setting called machine_enabled in the engine section, which lets the podman client know that a command is running on an instance created with the podman machine command. This allows the use of gvisor-tap-vsock when a container is created with an exposed port. However, this setting should be disabled for system mode networking, so that it doesn't prevent the creation of containers that need to expose a port. With this patch user can able to use microshift/podman preset with system mode networking and start containers with exposed port but not able to access that service from the host. workaround for crc-org#3515
crc-org/snc#675 and crc-org/snc#676 adds a marker file (podman/microshift bundle) and as workaround we do need to delete it during system mode networking. |
The container.conf file has a setting called machine_enabled in the engine section, which lets the podman client know that a command is running on an instance created with the podman machine command. This allows the use of gvisor-tap-vsock when a container is created with an exposed port. However, this setting should be disabled for system mode networking, so that it doesn't prevent the creation of containers that need to expose a port. With this patch user can able to use microshift/podman preset with system mode networking and start containers with exposed port but not able to access that service from the host. workaround for crc-org#3515
The container.conf file has a setting called machine_enabled in the engine section, which lets the podman client know that a command is running on an instance created with the podman machine command. This allows the use of gvisor-tap-vsock when a container is created with an exposed port. However, this setting should be disabled for system mode networking, so that it doesn't prevent the creation of containers that need to expose a port. With this patch user can able to use microshift/podman preset with system mode networking and start containers with exposed port but not able to access that service from the host. workaround for #3515
Try to make |
I am not reproducing this locally (on f38), using default
For comparison, this is what I get if I switch to
|
@jsliacan This is using openshift bundle or microshift one? if it is openshift then try using microshift one. |
In linux default network-mode is
system
so if a user try to run the podman preset and then try to create/run a container which expose the port it fails with following error.because podman bundle expect that
gateway.containers.internal
should be resolve able since it is podman machine requirement when exposing the port and forsystem
mode networking we don't have it ( no gvsior stack running ). So either we need to check we can make it work forsystem
mode networking or switch to user-mode networking for podman preset.The text was updated successfully, but these errors were encountered: