Podman networking
Test network/DNS:
podman run --rm docker.io/alpine/curl -I ix.de
Proxy settings
Mount custom CA into build container:
unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY REQUESTS_CA_BUNDLE \
HTTP_PROXY_HOST HTTP_PROXY_PORT REQUESTS_CA_BUNDLE
podman build \
-v /etc/ca-certificates/extracted/tls-ca-bundle.pem:/etc/ssl/certs/ca-certificates.crt \
--env NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt .
inter-container networking
For inter-container communication all containers must be in a common Pod.
For internal DNS to work:
- Install these these packages:
apt install netavark aardvark-dns - Podman needs to be configured with
networkBackend: netavarkin/etc/containers/containers.conf(reboot afterwards)podman info -f json | jq '.host.networkBackend'
- Container must be in a dedicated network with
dns_enabled(seepodman network inspect NETWORK | jq '.[].dns_enabled')- The default
podmannetwork has"dns_enabled": false!!
- The default
host.containers.internal
The host can be reached by using the host.containers.internal mapping
in /etc/hosts, which should automatically get added:
$ podman run --rm -it alpine grep host.containers.internal /etc/hosts
10.27.13.162 host.containers.internal host.docker.internal
In case it's not automatically added for any reason, manually add the entry
to /etc/hosts:
podman run --add-host=host.containers.internal:host-gateway --rm -it alpine cat /etc/hosts
or, if host-gateway cannot get determined on the host, pass the host IP:
podman run --add-host=host.containers.internal:10.10.10.1 --rm -it alpine cat /etc/hosts
Iptables
The podman debian package
installs ìptables as a dependency of containernetworking-plugins
which somehow get installed by installing podman.
There are multiple issues/PRs for containernetworking-plugins
to not depend on iptables:
Closed:
- add an option to disable iptables
- WIP: firewall: add nftables backend
- which got closed and is now implemented in greenpau/cni-plugins