mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-10-24 00:27:14 +00:00
pkg: add vpnkit-expose-port
This package contains vpnkit binaries needed inside the dockerd container that can be either copied into the container with a multistage build or used as an init-container and bind-mounted to the right locations. vpnkit-expose-port is a userland proxy that interacts with vpnkit and the vpnkit-forwarder service to open ports on the host. vpnkit-iptables-wrapper wraps iptables to launch vpnkit-expose-port automatically when ports are opened to a swarm service. Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
This commit is contained in:
15
pkg/vpnkit-expose-port/Dockerfile
Normal file
15
pkg/vpnkit-expose-port/Dockerfile
Normal file
@@ -0,0 +1,15 @@
|
||||
FROM linuxkit/alpine:c608d404c1cb36cce0c7d9303e30b52c9d81ccf0 AS mirror
|
||||
|
||||
RUN apk add --no-cache go musl-dev git build-base
|
||||
ENV GOPATH=/go PATH=$PATH:/go/bin
|
||||
ENV COMMIT=db7b7b0f8147f29360d69dc81af9e2877647f0de
|
||||
|
||||
RUN git clone https://github.com/moby/vpnkit.git /go/src/github.com/moby/vpnkit && \
|
||||
cd /go/src/github.com/moby/vpnkit && \
|
||||
git checkout $COMMIT && \
|
||||
cd go && \
|
||||
make build/vpnkit-iptables-wrapper.linux build/vpnkit-expose-port.linux
|
||||
|
||||
FROM scratch
|
||||
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-iptables-wrapper.linux /usr/bin/vpnkit-iptables-wrapper
|
||||
COPY --from=mirror /go/src/github.com/moby/vpnkit/go/build/vpnkit-expose-port.linux /usr/bin/vpnkit-expose-port
|
6
pkg/vpnkit-expose-port/Makefile
Normal file
6
pkg/vpnkit-expose-port/Makefile
Normal file
@@ -0,0 +1,6 @@
|
||||
IMAGE=vpnkit-expose-port
|
||||
DEPS=$(wildcard *.go)
|
||||
NETWORK=1
|
||||
|
||||
include ../package.mk
|
||||
|
9
pkg/vpnkit-expose-port/README.md
Normal file
9
pkg/vpnkit-expose-port/README.md
Normal file
@@ -0,0 +1,9 @@
|
||||
### vpnkit-expose-port
|
||||
|
||||
This init-package provides `vpnkit-expose-port` and `vpnkit-iptables-wrapper` from [vpnkit](http://github.com/moby/vpnkit.git). The binaries are installed on the host in `/usr/local/bin` and can be bind mounted into a container with `dockerd`.
|
||||
|
||||
`vpnkit-expose-port` is a userland proxy that opens ports on the host by demand. To enable it, start `dockerd` with `--userland-proxy-path` pointing to the bind mounted binary.
|
||||
|
||||
`vpnkit-iptables-wrapper` is a wrapper for iptables that opens ports via vpnkit for swarm services. It has to be bind mounted as `iptables` in $PATH before the regular `iptables` binary.
|
||||
|
||||
To coordinate with `vpnkit` both tools require access to the 9P port configuration mount point.
|
Reference in New Issue
Block a user