Podman internal network and name resolution

greedence · July 24, 2023, 9:51pm

Using podman, I try to host multiple containers that are gaped from the internet, but can find each other based on their container names. Using a separate network with internal: true I am able to separate them from the host system and running podman as non-root the name resolution works as well.

However, I am forced to host the containers via sudo, which breaks somehow the name resolution on my fedora server system. Investigating further, I noticed that if I disable the firewall everything works as intended. Does someone have more insight on why this is happening and how I could work around that?

More details in my overflow question: networking - Internal network container name resolution - Stack Overflow

jakfrost · July 25, 2023, 1:31am

Make all the containers the part of the same pod, so they share the pod’s network. So you create a pod using podman that has your network setup for use and any shared storage, etc… then you add each of your containers to the pod and when you want to use them together you start your pod with podman. Here is Podman’s doc’s on networking https://github.com/containers/podman/blob/main/docs/tutorials/basic_networking.md

greedence · July 25, 2023, 10:19am

Hi @jakfrost , thx for the answer.
However, isn’t that what the following compose file will do? (taken from my original overflow question)

version: '3'

networks:
  no-internet:
    driver: bridge
    internal: true
  internet:
    driver: bridge
services:
  A:
    container_name: A
    networks:
      - no-internet
    depends_on:
      - B
     // Stuff related to A
  B:
    container_name: B
    networks:
      - no-internet
     // Stuff related to B
  proxy:
   networks:
    - no-internet
    - internet
   ports:
     - 80:80
   depends_on:
     - A
      // Stuff related to proxy

jakfrost · July 25, 2023, 11:39am

I don’t know, is it for a pod? If you type podman pod --help and podman pod create --help at the command line you can see the options with pod’s. The idea is things like shared networking, shared storage, across multiple pods can be managed by making a pod with those shared resources first then adding your containers to the pod. The document link I provided for Podman does contain examples of using pod’s for this very thing as well the networking link provides alternative methods I think.

greedence · July 28, 2023, 10:54pm

Hi,
to clarify, using the podman-compose method leads to a non-pod setup. Since I already wrote a bunch of scripts for my homelab I would like to stay on that route. I now “resolved” the situation by creating a custom firewall rule for DNS. That way the container can discover each other on the same network, but can’t go outside (why this is needed is still an open topic)

Topic		Replies	Views
Podman pod questions Project Discussion silverblue-team	2	1435	July 10, 2019
How to get Podman DNS plugin/container name resolution to work in Fedora CoreOS 36? Podman-plugins (podman-dnsname) Project Discussion coreos-wg	7	23965	August 17, 2024
How create your network using rootless podman with multiple user accounts? Project Discussion containers-sig	1	1331	June 8, 2021
Connectivity problem with Podman containers Ask Fedora podman , networking , iot , f40	34	2809	July 16, 2024
Podman DNS configuration Project Discussion silverblue-team	5	8771	February 9, 2019

Podman internal network and name resolution

Related topics