-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Need dnsmasq for podman to create CNI networks #519
Comments
Thanks for the report @Ma124 |
Uhm, we don't really want to see users starting to rely on the on-host CNI plugins in general are meant to decouple container networking from host networking in a self-contained way. |
The dnsname plugin requires it. We need the plugin to provide name resolution within user-created networks. We debated launching the resolver within a container, but the complexity of that compared with just launching it on the host was too high to justify (though this was around a year ago, so I'm forgetting exact details |
Forwarded to containers/dnsname#22. For reference, while looking at this I also found containernetworking/plugins#380 where the CNI maintainers themselves were also pushing back on such plugin (for other reasons). It looks like there are a bunch of design issues here, which would be nice to see addressed upstream. |
Just dont install the dnsplugin if you don't want to deal with this. You will loose the dns function but the things that are struggling with will go away. |
I guess one option is to invent A specific problem with dnsmasq too is it's had a bunch of CVEs in the past that we'd be on the hook for shipping even though in this use case most of them haven't been relevant. |
Since podman 2.1.0 now has a
This PR is starting the discussion down the path of breaking the |
I dug in and found that dnsmasq itself doesn't seem to pull in any other dependencies. The |
Requested by another user on the Discourse forum: https://discussion.fedoraproject.org/t/please-consider-reinstating-dnsmasq-in-coreos/23615 |
Thank you. I posted that. I thought about posting here, but this is about podman. I need dnsmasq for Docker Swarm. I fear that people won't actually click the link. Should I copy/paste it here? |
This was made a weak dep, so we need to be explicit about it: ``` Author: Jonathan Lebon <[email protected]> Commit: Lokesh Mandvekar <[email protected]> spec: make podman-plugins a weak dep That way someone who wants just podman doesn't also get dnsmasq. This is a point of contention in FCOS currently: coreos/fedora-coreos-tracker#519 (cherry picked from commit 217f4344ec796dd1134a5ba54a8ce2fb5a32a5b6) Signed-off-by: Lokesh Mandvekar <[email protected]> ``` Signed-off-by: Tom Gundersen <[email protected]>
We discussed this in the meeting today.
|
We've found that there is some demand for host applications (podman, NetworkManager, etc) using dnsmasq the binary for some various utility operations. Let's add it back to the base so those host applications can use the binary but let's mask the systemd service because we really prefer if users are going to be hosting a DNS server for external clients they use a container for that. Closes coreos/fedora-coreos-tracker#519
We've found that there is some demand for host applications (podman, NetworkManager, etc) using dnsmasq the binary for some various utility operations. Let's add it back to the base so those host applications can use the binary but let's mask the systemd service because we really prefer if users are going to be hosting a DNS server for external clients they use a container for that. Closes coreos/fedora-coreos-tracker#519
docs PR coreos/fedora-coreos-docs#197 |
The fix for this went into testing stream release |
The fix for this went into stable stream release |
We've found that there is some demand for host applications (podman, NetworkManager, etc) using dnsmasq the binary for some various utility operations. Let's add it back to the base so those host applications can use the binary but let's mask the systemd service because we really prefer if users are going to be hosting a DNS server for external clients they use a container for that. Closes coreos/fedora-coreos-tracker#519
coreos/fedora-coreos-config#98 removed
dnsmasq
which is required by podman to create user-defined bridges.Steps to reproduce:
The text was updated successfully, but these errors were encountered: