-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[v5.2-rhel] Fix exposed ports #24397
[v5.2-rhel] Fix exposed ports #24397
Conversation
when net=host Previously, we didn't bother including exposed ports in the container config when creating a container with --net=host. Per Docker this isn't really correct; host-net containers are still considered to have exposed ports, even though that specific container can be guaranteed to never use them. We could just fix this for host container, but we might as well make it generic. This patch unconditionally adds exposed ports to the container config - it was previously conditional on a network namespace being configured. The behavior of `podman inspect` with exposed ports when using `--net=container:` has also been corrected. Previously, we used exposed ports from the container sharing its network namespace, which was not correct. Now, we use regular port bindings from the namespace container, but exposed ports from our own container. Fixes https://issues.redhat.com/browse/RHEL-60382 Signed-off-by: Matt Heon <[email protected]> (cherry picked from commit a619c03) Signed-off-by: tomsweeneyredhat <[email protected]>
A field we missed versus Docker. Matches the format of our existing Ports list in the NetworkConfig, but only includes exposed ports (and maps these to struct{}, as they never go to real ports on the host). Fixes https://issues.redhat.com/browse/RHEL-60382 Signed-off-by: Matt Heon <[email protected]> (cherry picked from commit edc3dc5) Signed-off-by: tomsweeneyredhat <[email protected]>
Undoing some of my own work here from containers#24090 now that we have the ExposedPorts field implemented in inspect. I considered a revert of that patch, but it's still needed as without it we'd be including exposed ports when --net=container which is not correct. Basically, exposed ports for a container should always go in the new ExposedPorts field we added. They sometimes go in the Ports field in NetworkSettings, but only when the container is not net=host and not net=container. We were always including exposed ports, which was not correct, but is an easy logical fix. Also required is a test change to correct the expected behavior as we were testing for incorrect behavior. Fixes https://issues.redhat.com/browse/RHEL-60382 Signed-off-by: Matt Heon <[email protected]> (cherry picked from commit 8061553) Signed-off-by: tomsweeneyredhat <[email protected]>
An additional tweak from @Luap99 in containers#24333 regarding the looping in libpod/container_inspect.go. The range over int syntax was only added in go 1.22, this branch is currently build with go 1.21 in RHEL so we need to convert it back to the old syntax. And add the missing "fmt" import in the test file. Signed-off-by: tomsweeneyredhat <[email protected]>
Podman v4.9-rhel PR for reference: #24333 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Luap99, TomSweeneyRedHat The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
39171ac
into
containers:v5.2-rhel
This fixes an exposed ports issue in RHEL 5.2-rhel for RHEL 9.5.
FIxes: https://issues.redhat.com/browse/RHEL-62566
This includes the fixes from the following PRs:
First PR: #24090
Second PR: #24110
Third PR: #24164
With an additional tweak from @Luap99 in 0889c74
regarding the looping in libpod/container_inspect.go.
These changes are needed in the 5.2-rhel branch to ensure a successful
upgrades as the same patches have been used for the following issues
in the Podman v4.9-rhel branch for these issues:
Fixes: https://issues.redhat.com/browse/ACCELFIX-299
Fixes: https://issues.redhat.com/browse/ACCELFIX-300
Does this PR introduce a user-facing change?