common: add support for default_host_ip in containers.conf
#422
Conversation
This adds support for configuring a default host IP via containers.conf to bind published container ports to when no host IP is explicitly specified (e.g. -p 8000:8000). Note that explicit host IP still overrides the default option set in containers.conf. Refers containers/podman#27186 Signed-off-by: Danish Prakash <[email protected]>
|
✅ A new PR has been created in buildah to vendor these changes: containers/buildah#6458 |
|
LGTM |
|
Just out of curiosity: was DefaultHostIP already a thing and it just needed to be exposed as default_host_ip in containers.conf? |
Luap99
left a comment
Luap99
left a comment
There was a problem hiding this comment.
This also needs a basic unit test to confirm the option is getting parsed properly.
|
|
||
| The default host IP address to bind published container ports to when no host IP | ||
| is explicitly specified (e.g., `-p 8000:8000`). If empty, the default behavior is to | ||
| bind to all network interfaces (`0.0.0.0`). For instance, setting this to `127.0.0.1` restricts |
There was a problem hiding this comment.
but 0.0.0.0 isn't right? We bind to all address for v4 and v6, at least once we merge your PR and given this will go only into v6 we might document it right from the beginning
There was a problem hiding this comment.
Since containers/podman#27311 is still in progress, I didn't include it here. Would it be alright if we do that right away, and not wait until that PR is merged?
| // DefaultHostIP is the default host IP to bind published container ports | ||
| // to when no host IP is explicitly specified in the -p flag (e.g., -p 80:80). | ||
| // If empty, the default behavior is to bind to all interfaces (0.0.0.0). | ||
| DefaultHostIP string `toml:"default_host_ip,omitempty"` |
There was a problem hiding this comment.
I wonder should this be an array instead? Why limit to only one address? I could see someone wanting to use 127.0.0.1 and ::1 or maybe another local interface that is not exposed externally.
There was a problem hiding this comment.
Sounds reasonable. But that would translate to two separate binds on the same port on different addresses iiuc.
There was a problem hiding this comment.
right which seem reasonable. So basically a config like ["127.0.0.1","::1"] and port specified as -p 8080:80 will then get turned into two port mappings in podman so we treat it as 127.0.0.1:8080:80 and [::1]:8080:80
6 participants
This adds support for configuring a default host IP via containers.conf to bind published container ports to when no host IP is explicitly specified (e.g. -p 8000:8000). Note that explicit host IP still overrides the default option set in containers.conf.
Refers containers/podman#27186