Enable setting DNS options through global nerdctl config

[swagatbora90]

This PR adds support for configuring DNS settings globally through the nerdctl configuration file (nerdctl.toml), allowing users to set default DNS servers, search domains, and options that apply to all containers unless explicitly overridden by command-line flags.

This is for a usecase where I want all containers to use a specific dns server instead of system default. Currently, I have to use --dns flag with every container create/run commands. This functionality is available in docker which allows setting global dns config value in the daemon config file.

Testing

Added a end to end test TestDNSWithGlobalConfig() that checks 4 scenarios:

1. Global DNS settings used when no command-line options provided
2. Command-line DNS options override global config (precedence test)
3. Global DNS settings apply with host networking
4. Global DNS settings apply with none networking

[apostasie]

Hey @swagatbora90

Noting that:

docker run -ti --dns="" debian cat /etc/resolv.conf
nerdctl run -ti --dns="" debian cat /etc/resolv.conf

Different behaviors on this ^.
(also same difference on dns-search="")

Appreciate your PR is not about that, but maybe, if you wish, this PR could fix that discrepancy as well since it is touching that part?

[apostasie]

Tigron has a helper for that:

Just add this to your testCase instead of the Env:

			Config:      test.WithConfig(nerdtest.NerdctlToml, configContent),

(also takes care of writing the file in a temp location for you, and make it easier to retrieve)

[apostasie]

Is this going to work as you think?
os.Getenv points to global env, not the test / commands env.

If you use the config from above ^^^

helpers.Read(nerdtest.NerdctlToml)

Should give you what you want?

[swagatbora90]

If I read it correctly, the Env var should be passed to all Subtest. I need all the Subtest to use the global env, so it does work.

However, your suggestion to use Config should work too. Let me change it like you suggested.

[apostasie]

Yes, testCase.Env is propagated to subtests, but this is not the global os.Environ (otherwise, you would pollute other unrelated tests), so os.Getenv will not give you the test environment...

[apostasie]

Not completely sure I was clear, so, in a shell:

• do not rely on os.Getenv or os.Setenv - that will cross pollute other tests and is specifically frowned-upon
• the testCase Env is private to the test, but it is inherited by subtests
• every test has a custom nerdctl.toml, regardless of the fact you want one explicitly or not (this is to guarantee that we are isolated from a possible, pre-existing, host nerdctl.toml)

[swagatbora90]

Okay, I see your point. I did check that the NERDCTL_TOML config values are correct when running the test. Anyways, I have changed to use the Config attribute like you suggested.

[apostasie]

More compact, using the test.Expects helper and comparators instead of naked asserts (better debugging info):

Expected: test.Expects(expect.ExitCodeSuccess, nil, expect.All(
   expect.Contains("foo"),
   expect.Contains("bla"),
)),

[apostasie]

@swagatbora90 left a few comments on tests.

Tigron testing has some (semblance of) documentation here: https://github.com/containerd/nerdctl/blob/main/docs/testing/tools.md

Very much work in progress, so, it is what it is... but then, am always happy to cosplay "testing-helper-AI-bot" until the doc and API are settled :-) (also, feedback on Tigron is always welcome)

[swagatbora90]

Hey @swagatbora90

Noting that:

docker run -ti --dns="" debian cat /etc/resolv.conf
nerdctl run -ti --dns="" debian cat /etc/resolv.conf

Different behaviors on this ^. (also same difference on dns-search="")

Appreciate your PR is not about that, but maybe, if you wish, this PR could fix that discrepancy as well since it is touching that part?

Looks like there is no validation today on the DNS servers and domain names that are being passed. I can add a follow up PR to add validation, I would prefer to keep this PR only for adding the global config.

[apostasie]

Looks like there is no validation today on the DNS servers and domain names that are being passed. I can add a follow up PR to add validation, I would prefer to keep this PR only for adding the global config.

Fair.