2:38 p.m.
I'd like to use containers for services that overlap in the ports they
use. For example, I'd like to run FreeIPA and also a caching DNS
server. (Or FreeIPA with Windows auth and Samba, which both use 137-139
and 445.)
My preferred setup for this is bridged networking without NAT, and I've
got that set up. I manually configured a bridge device with the
Ethernet interface as a member, and I've configured a CNI network with
"host-local" IPAM. I can create containers attached to that network,
and they'll get an address that's on the host's network. Clients can
connect to them. All of that is working as expected.
However, especially in the case of running a DNS server, I'd really like
to have a fixed address for the container, and I don't see a way to do
that (other than creating another network definition with "static" IPAM,
which would require a network definition for every container with a
fixed address). The documentation for podman-run says that --ip can't
be used when a container is joined to an "additional" network, and I
don't understand that. The container is only connected to one network,
as indicated by the output of "podman inspect".
So, to the question in the subject, why is --ip only allowed on the
default network? Is there any other mechanism for assigning a fixed IP
address to a container that's on a user-defined network?