Hi Markus, the upgrade to Podman 5 with Rocky Linux 9.5 introduces some breaking changes. This article describes what’s happening in detail Podman 5.0 breaking changes in detail.
In short, with the new default rootless network implementation (Pasta) of Rocky Linux 9.5, your containers cannot contact the host’s IP address directly because it is already assigned to the container’s network stack.
It is a rare use case in our platform, because containers are usually servers, not clients. However, if a container wants to reach a service running on the local node, like Ldapproxy, our docs suggests:
--network=slirp4netns:allow_host_loopback=true
Then, there are many other alternatives to fix the issue.
- As Steph’s pointed out in another MariaDB-related thread, the VPN IP address is a good choice to reach both the local node and other cluster nodes, e.g. “10.5.4.1”
- You could run the container with the old implementation
--network=slirp4netns. It seems it is available also in new installations (but we must check).
IMO, we should avoid the automatic update of applications with Certification Level 1 and 2, in case custom repositories are enabled in a cluster with an active subscription.