Replies: 4 comments 5 replies
-
Use |
Beta Was this translation helpful? Give feedback.
-
Maybe I am missing something but for me this only works when the containers are started by the same user. My requirement is that the containers are running under different users. I am not a network engineer, but my understanding is that this should be possible in pasta?
|
Beta Was this translation helpful? Give feedback.
-
Ah yes, sorry I overlooked the two different user part. |
Beta Was this translation helpful? Give feedback.
-
I want to voice my concern a little re: this topic since your first reply, @Luap99 kinda hits a bit home and on a sore toe. In the blog post discussing the change to pasta (https://blog.podman.io/2024/03/podman-5-0-breaking-changes-in-detail/), you write "While I do not think it is necessarily a breaking change for many [...]" ... But I promise I'm not the only one running a reverse proxy with podman using the default podman network - which does break due to this change. This change is huge and the fact that it's not really explicitly documented anywhere just boggles my mind? Like, "assuming you don't explicitly pass --network or --pod to containers, this change will break port forwarding between them" just seems like something which should've raised a red flag somewhere along the way? The neat thing - and even advertised as a kind of selling point - about rootless podman/slirp4netns was/is that you didn't need to fiddle with IPs - just publish ports to all or a specific internal interface and be done with it! Pasta breaks this expected behaviour, and that's not a small change imo. I can't be the only one running a database and an application behind a reverse proxy? Is it such an unusual use case? I don't even (yet) run them as separate users (which, as seen here, makes things even more complicated with pasta!). Could the documentation somehow be updated to be clearer about this? |
Beta Was this translation helpful? Give feedback.
-
What is the proper way to allow two rootless containers, ran by two different users on the same host, to communicate with each other on some port?
The only way I have figured out is to publish a port to the host, eg.
-p "127.0.0.1:12345:12345
and then run the other container with--network=pasta:-T,12345
Is there a way to bypass this need for publishing a port to the host, and have containers talk to each other directly?
Beta Was this translation helpful? Give feedback.
All reactions