Podman users, get ready for exciting networking improvements! The upcoming Podman 5.3 release will introduce enhancements that will simplify container networking, particularly for rootless containers using pasta. Here’s what it’s all about.
Since version 5.0, Podman has used pasta (passt) as the default rootless networking tool to provide connectivity for rootless containers. Unlike the previous default, slirp4netns, pasta operates without NAT by default (more about that here), giving both the host and container namespace the same IP address.
However, while this approach simplifies some networking aspects, it also creates confusion for users who try to connect from the container to the host. In those cases, using the host IP address from within the container actually points back to itself, not the host.
To address this, pasta developers added a new option: “–map-guest-addr <ip_address>.” This feature allows users to set a specific IP address within the container namespace that points to the actual host IP in the host namespace.
Starting with Podman 5.3, the address 169.254.1.2 will be used by default for this purpose. As a result, users will find it much easier to establish connectivity between their containers and hosts.
Moreover, Podman will automatically ensure that the “host.containers.internal” entry in containers is correctly set to this IP address. This change means that connectivity between hosts and containers will just workโno more manual tweaks or missing entries.
For those who prefer more customization, thereโs also good news. You can still specify a different IP address by passing it directly to Podman using pastaโs options. The system will adjust accordingly, ensuring the hostname uses the right IP.
Now, move on to another major issue that plagued users – the failure of rootless systemd units created by Quadlet (a feature that helps convert Podman configuration files to systemd service unit files) to start during boot.
Previously, systemd units generated by Quadlet would include the line “After=network-online.target,” but this wasnโt effective because the systemd user session couldnโt see system units like “network-online.target.”
Consequently, the containers would start before the network was ready, leading to random startup failures. But that is no longer the case.
With Podman 5.3, a new unit file, “podman-user-wait-network-online.service,” will now be included in the user directory rather than the system directory. This unit polls the network status every half second, ensuring that Quadlet waits until the network is fully up and running before containers are started.
As a result, the “After=network-online.target” directive for user units has been replaced with “After=podman-user-wait-network-online.service,” effectively preventing containers from starting prematurely.
All of these changes will be in Podman 5.3, which is scheduled to roll out the week of November 11th. As you know, the software has switched to a new scheme of timed releases, which we informed you about just a few days ago.
For more on all the changes on the topic above, visit the official announcement.
