The option --dns and --net=host should not be mutually exclusive.

[yongtang]

- What I did

This fix tries to address the issue raised in #21976 and allows the options of --add-host, --dns, --dns-search, --dns-opt and --net=host to work at the same time.

- How I did it

The validation functions for options has been updated.

- How to verify it

The documentation has been updated and additional tests have been added to cover this change.

- Description for the changelog

Allows --add-host, --dns, --dns-search and --dns-opt to be used with --net=host at the same time when container runs.

- A picture of a cute animal (not mandatory but encouraged)

This fix fixes #21976.

Signed-off-by: Yong Tang yong.tang.github@outlook.com

[thaJeztah]

ping @mavenugo @estesp

[thaJeztah]

ping @mavenugo @estesp wdyt?

[mavenugo]

There seems to be some historical context that I may be missing when it comes to supporting --dns with --net=host. But @mrjana should know if there are any gotchas that I may be missing.

[icecrime]

Ping @mrjana: WDYT?

[mrjana]

+1 on the design. LGTM

[thaJeztah]

moving to code review. @yongtang this needs a rebase now, can you rebase?

[yongtang]

Thanks @mrjana @icecrime @thaJeztah @mavenugo for the review. I rebased the Pull Request. Please let me know if there are any issues.

[cpuguy83]

Is there a reason we wouldn't support --add-host and --dns-search as well?

[estesp]

@mavenugo I think the historical restriction was that in net=host mode, the resolv.conf link was readonly direct to /etc/resolv.conf on the host. Now that it is a bind mount of the copy in container metadata, it is already editable (in both net = host and "normal" modes), and therefore the restriction really isn't required.

I agree with @cpuguy83 that if we are removing this restriction, then any option which modifies resolv.conf or /etc/hosts might as well be allowed as well for consistency. The documentation should be clear that this is not modifying the host copies of these files, and maybe even a warning that this is slightly opposed to the concept of sharing the "host's networking configuration/stack". But given the use cases, I'm ok with allowing the capability.

[thaJeztah]

Thanks @estesp, and agreed on proper documentation as well (to prevent confusion)

[yongtang]

Thanks @cpuguy83 @estesp and @thaJeztah for the review and suggestions. I will update the PR to address the issues raised.

[yongtang]

@thaJeztah @cpuguy83 @estesp @icecrime @mavenugo I updated the pull request so that now --add-host, --dns, --dns-search and --dns-opt could be used with --net=host at the same time. The documentation and tests have also be updated. Please let me know if there are any issues.

[cpuguy83]

LGTM

[LK4D4]

LGTM

[vdemeester]

docs LGTM 👼
/cc @thaJeztah @SvenDowideit

[thaJeztah]

Perhaps something like;

Similar to `--hostname`, the `--add-host`, `--dns`, `--dns-search`, and
`--dns-opt` options can be used in `host` network mode. These options update
`/etc/hosts` or `/etc/resolv.conf` inside the container. No change are made to
`/etc/hosts` and `/etc/resolv.conf` on the host.

[yongtang]

Thanks @thaJeztah, the documentation has been updated.

[thaJeztah]

LGTM, thanks @yongtang

[thaJeztah]

oh, so sorry @yongtang, looks like it needs a rebase 😢

[yongtang]

Thanks @thaJeztah the PR has been rebased.

[ketzacoatl]

TY, TY, TY, to all involved!