github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-21 01:59:07 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2124 from MagnusS/add-vpnkit-init

Browse Source 
DfM: Add support for exposing swarm service ports
This commit is contained in:
Justin Cormack 2017-07-01 10:52:57 +01:00 committed by GitHub
commit 58201d3d3c
7 changed files with 45 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
blueprints/docker-for-mac/base.yml
View File

@ -3,6 +3,7 @@ kernel:
image: "linuxkit/kernel:4.9.35" image: "linuxkit/kernel:4.9.35"
cmdline: "console=ttyS0 page_poison=1" cmdline: "console=ttyS0 page_poison=1"
init: init:
- linuxkit/vpnkit-expose-port:b9bbd9b79c4682daec991c71934341b50772de00 # install vpnkit-expose-port and vpnkit-iptables-wrapper on host
- linuxkit/init:36c56f0664d49c5a6adc1120d1bf5ba6ac30b389 - linuxkit/init:36c56f0664d49c5a6adc1120d1bf5ba6ac30b389
- linuxkit/runc:291131ec026430371e7c36165c3f43734fbc2541 - linuxkit/runc:291131ec026430371e7c36165c3f43734fbc2541
- linuxkit/containerd:1e3e8f207421de8deac8cedc26a138d6b1661a0d - linuxkit/containerd:1e3e8f207421de8deac8cedc26a138d6b1661a0d
@ -52,7 +53,7 @@ services:
# vpnkit-forwarder forwards network traffic to/from the host via VSOCK port 62373. # vpnkit-forwarder forwards network traffic to/from the host via VSOCK port 62373.
# It needs access to the vpnkit 9P coordination share # It needs access to the vpnkit 9P coordination share
- name: vpnkit-forwarder - name: vpnkit-forwarder
image: "linuxkit/vpnkit-forwarder:e2776b82ddfe82ed7f90e55d7a2b424e62e9a279" image: "linuxkit/vpnkit-forwarder:79aaeefac19b396396a3d3073c0a082735e86673"
binds: binds:
- /var/vpnkit:/port - /var/vpnkit:/port
net: host net: host

3
blueprints/docker-for-mac/docker-17.06-ce.yml
View File

@ -14,8 +14,11 @@ services:
- /var/lib/docker:/var/lib/docker - /var/lib/docker:/var/lib/docker
- /lib/modules:/lib/modules - /lib/modules:/lib/modules
- /var/vpnkit:/port - /var/vpnkit:/port
- /var/vpnkit:/port # vpnkit control 9p mount
- /var/run:/var/run - /var/run:/var/run
- /var/config/docker:/var/config/docker - /var/config/docker:/var/config/docker
- /usr/bin/vpnkit-expose-port:/usr/bin/vpnkit-expose-port # userland proxy
- /usr/bin/vpnkit-iptables-wrapper:/usr/bin/iptables # iptables wrapper
command: [ "/usr/bin/docker-init", "/usr/bin/dockerd", "--", command: [ "/usr/bin/docker-init", "/usr/bin/dockerd", "--",
"--config-file", "/var/config/docker/daemon.json", "--config-file", "/var/config/docker/daemon.json",
"--swarm-default-advertise-addr=eth0", "--swarm-default-advertise-addr=eth0",

15
pkg/vpnkit-expose-port/Dockerfile Normal file
View File

@ -0,0 +1,15 @@
FROM linuxkit/alpine:c608d404c1cb36cce0c7d9303e30b52c9d81ccf0 AS mirror
RUN apk add --no-cache go musl-dev git build-base
ENV GOPATH=/go PATH=$PATH:/go/bin
ENV COMMIT=db7b7b0f8147f29360d69dc81af9e2877647f0de
RUN git clone https://github.com/moby/vpnkit.git /go/src/github.com/moby/vpnkit && \
cd /go/src/github.com/moby/vpnkit && \
git checkout $COMMIT && \
cd go && \
make build/vpnkit-iptables-wrapper.linux build/vpnkit-expose-port.linux
FROM scratch
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-iptables-wrapper.linux /usr/bin/vpnkit-iptables-wrapper
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-expose-port.linux /usr/bin/vpnkit-expose-port

6
pkg/vpnkit-expose-port/Makefile Normal file
View File

@ -0,0 +1,6 @@
IMAGE=vpnkit-expose-port
DEPS=$(wildcard *.go)
NETWORK=1
include ../package.mk

9
pkg/vpnkit-expose-port/README.md Normal file
View File

@ -0,0 +1,9 @@
### vpnkit-expose-port
This init-package provides `vpnkit-expose-port` and `vpnkit-iptables-wrapper` from [vpnkit](http://github.com/moby/vpnkit.git). The binaries are installed on the host in `/usr/local/bin` and can be bind mounted into a container with `dockerd`.
`vpnkit-expose-port` is a userland proxy that opens ports on the host by demand. To enable it, start `dockerd` with `--userland-proxy-path` pointing to the bind mounted binary.
`vpnkit-iptables-wrapper` is a wrapper for iptables that opens ports via vpnkit for swarm services. It has to be bind mounted as `iptables` in $PATH before the regular `iptables` binary.
To coordinate with `vpnkit` both tools require access to the 9P port configuration mount point.

5
pkg/vpnkit-forwarder/Dockerfile
View File

@ -2,15 +2,14 @@ FROM linuxkit/alpine:c608d404c1cb36cce0c7d9303e30b52c9d81ccf0 AS mirror
RUN apk add --no-cache go musl-dev git build-base RUN apk add --no-cache go musl-dev git build-base
ENV GOPATH=/go PATH=$PATH:/go/bin ENV GOPATH=/go PATH=$PATH:/go/bin
ENV COMMIT=2d6d82167cf81c665c05d1425a79adfbc1a71177 ENV COMMIT=db7b7b0f8147f29360d69dc81af9e2877647f0de
RUN git clone https://github.com/moby/vpnkit.git /go/src/github.com/moby/vpnkit && \ RUN git clone https://github.com/moby/vpnkit.git /go/src/github.com/moby/vpnkit && \
cd /go/src/github.com/moby/vpnkit && \ cd /go/src/github.com/moby/vpnkit && \
git checkout $COMMIT && \ git checkout $COMMIT && \
cd go && \ cd go && \
make all make build/vpnkit-forwarder.linux
FROM scratch FROM scratch
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-forwarder.linux /vpnkit-forwarder COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-forwarder.linux /vpnkit-forwarder
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-expose-port.linux /vpnkit-expose-port
CMD ["/vpnkit-forwarder"] CMD ["/vpnkit-forwarder"]

6
pkg/vpnkit-forwarder/README.md
View File

@ -1,9 +1,7 @@
### vpnkit-forwarder ### vpnkit-forwarder
This package provides `vpnkit-forwarder` and `vpnkit-expose-port` from [vpnkit](http://github.com/moby/vpnkit.git). This package provides `vpnkit-forwarder` from [vpnkit](http://github.com/moby/vpnkit.git).
`vpnkit-forwarder` is a forwarding daemon used by Docker for Desktop to forward ports from Docker containers to the host via VSOCK. `vpnkit-forwarder` is a forwarding daemon used by Docker for Desktop to forward ports from Docker containers to the host via VSOCK.
`vpnkit-expose-port` is a userland proxy that opens ports by demand. To coordinate with `vpnkit` it requires access to the 9P port configuration mount point.
To coordinate with `vpnkit` both tools require access to the 9P port configuration mount point.