github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 17:26:28 +00:00
Code Issues Projects Releases Wiki Activity

pkg: add vpnkit-expose-port

Browse Source 
This package contains vpnkit binaries needed inside the dockerd
container that can be either copied into the container with a multistage
build or used as an init-container and bind-mounted to the right
locations.

vpnkit-expose-port is a userland proxy that interacts with vpnkit and
the vpnkit-forwarder service to open ports on the host.

vpnkit-iptables-wrapper wraps iptables to launch
vpnkit-expose-port automatically when ports are opened to a swarm
service.

Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
This commit is contained in:
Magnus Skjegstad 2017-06-29 13:49:04 +02:00
parent 9add9622f7
commit 6c83b98a40
3 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/vpnkit-expose-port/Dockerfile Normal file
View File

@ -0,0 +1,15 @@
FROM linuxkit/alpine:c608d404c1cb36cce0c7d9303e30b52c9d81ccf0 AS mirror
RUN apk add --no-cache go musl-dev git build-base
ENV GOPATH=/go PATH=$PATH:/go/bin
ENV COMMIT=db7b7b0f8147f29360d69dc81af9e2877647f0de
RUN git clone https://github.com/moby/vpnkit.git /go/src/github.com/moby/vpnkit && \
cd /go/src/github.com/moby/vpnkit && \
git checkout $COMMIT && \
cd go && \
make build/vpnkit-iptables-wrapper.linux build/vpnkit-expose-port.linux
FROM scratch
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-iptables-wrapper.linux /usr/bin/vpnkit-iptables-wrapper
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-expose-port.linux /usr/bin/vpnkit-expose-port

6
pkg/vpnkit-expose-port/Makefile Normal file
View File

@ -0,0 +1,6 @@
IMAGE=vpnkit-expose-port
DEPS=$(wildcard *.go)
NETWORK=1
include ../package.mk

9
pkg/vpnkit-expose-port/README.md Normal file
View File

@ -0,0 +1,9 @@
### vpnkit-expose-port
This init-package provides `vpnkit-expose-port` and `vpnkit-iptables-wrapper` from [vpnkit](http://github.com/moby/vpnkit.git). The binaries are installed on the host in `/usr/local/bin` and can be bind mounted into a container with `dockerd`.
`vpnkit-expose-port` is a userland proxy that opens ports on the host by demand. To enable it, start `dockerd` with `--userland-proxy-path` pointing to the bind mounted binary.
`vpnkit-iptables-wrapper` is a wrapper for iptables that opens ports via vpnkit for swarm services. It has to be bind mounted as `iptables` in $PATH before the regular `iptables` binary.
To coordinate with `vpnkit` both tools require access to the 9P port configuration mount point.