-
Bug
-
Resolution: Done
-
Minor
-
DO188 - RHOSCP4.10-en-1-20220923
-
2
-
False
-
-
False
-
2.3
-
ROLE
-
-
-
en-US (English)
Please fill in the following information:
URL: | https://rol.redhat.com/rol/app/courses/do188-4.12/pages/ch02s03 |
Reporter RHNID: | saniyer |
Section title: | Guided Exercise: Create Images with Containerfiles |
Language: | en |
Issue description
This bug is for both text and video content. In the coursebook "Red Hat OpenShift Container Platform 4.12 DO188 Red Hat OpenShift Development I: Introduction to Containers with Podman Edition 1 20230504 Publication date 20230504" we have the following excerpt, From which I understand that container in different podman networks cannot communicate with each other as there is some isolation.
~~~~~ However, you might need to create a new Podman network to better suit the increased communication needs of most applications. For example, the containers running an application API and database can use a separate Podman network to isolate their communication from other containers. Similarly, that same API container can use yet another network to isolate communication with a third container that hosts the application UI.
~~~~~ However testing it I can see containers being in different podman networks can communicate with each other successfully.
~~~~ $ uname -r; podman version 5.14.0-362.8.1.el9_3.x86_64 Client: Podman Engine Version: 4.6.1 API Version: 4.6.1 Go Version: go1.20.6 Built: Fri Aug 25 16:38:17 2023 OS/Arch: linux/amd64
~~~~ ~~~~ $ podman network ls NETWORK ID NAME DRIVER 41b545d7e2f7 net-1 bridge a309dba49152 net-2 bridge 2f259bab93aa podman bridge $ podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1052bf912993 registry.access.redhat.com/ubi9/httpd-24:latest /usr/bin/run-http... 21 hours ago Up 37 minutes 0.0.0.0:8081->8080/tcp apache1 def8f9ec4a80 registry.access.redhat.com/ubi9/httpd-24:latest /usr/bin/run-http... 21 hours ago Up 37 minutes 0.0.0.0:8082->8080/tcp apache2 3dd1adde0c24 registry.access.redhat.com/ubi9/httpd-24:latest /usr/bin/run-http... 18 hours ago Up 37 minutes 0.0.0.0:8083->8080/tcp apache3 $ podman inspect apache1 | jq '.[].NetworkSettings.Networks."net-1" | "(.IPAddress) (.NetworkID)"' "10.89.0.2 net-1" $ podman inspect apache2 | jq '.[].NetworkSettings.Networks."net-2" | "(.IPAddress) (.NetworkID)"' "10.89.1.2 net-2" $ podman exec -it apache1 curl -s --head http://10.89.1.2:8080 HTTP/1.1 200 OK Date: Wed, 29 Nov 2023 06:56:33 GMT Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 Last-Modified: Wed, 29 Nov 2023 06:55:45 GMT ETag: "1a-60b45064006d0" Accept-Ranges: bytes Content-Length: 26 Content-Type: text/html; charset=UTF-8 $ podman exec -it apache2 curl -s --head http://10.89.0.2:8080 HTTP/1.1 200 OK Date: Wed, 29 Nov 2023 06:56:50 GMT Server: Apache/2.4.57 (Red Hat Enterprise Linux) OpenSSL/3.0.7 Last-Modified: Wed, 29 Nov 2023 06:55:22 GMT ETag: "1a-60b4504de046f" Accept-Ranges: bytes Content-Length: 26 Content-Type: text/html; charset=UTF-8
~~~~ In the video content we can see the curl fail from web1->web2 for both name resolution and ip address, And this is because when a non root user(student in this case) starts a container without '--net' option by default the network is setup by slirptnetns. slirp4netns creates a tunnel from the host into the container to forward traffic and provides a non routable ip address.
~~~~~ $ id uid=1000(tom) gid=1000(tom) groups=1000(tom) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 $ podman run -dt --name web-nonroot2 -p 8089:80 quay.io/libpod/banner $ podman inspect web-nonroot | jq '.[].NetworkSettings' { "EndpointID": "", "Gateway": "", "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": [
{ "HostIp": "", "HostPort": "8084" }] }, "SandboxKey": "/run/user/1000/netns/netns-a7b5ed12-7681-a951-ea64-5354eafc0c59" }
Steps to reproduce:
Workaround:
Expected result: