github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-07-19 01:06:27 +00:00
Code Issues Projects Releases Wiki Activity
master
linuxkit/pkg/vpnkit-expose-port/README.md
Magnus Skjegstad 6c83b98a40 pkg: add vpnkit-expose-port 
This package contains vpnkit binaries needed inside the dockerd
container that can be either copied into the container with a multistage
build or used as an init-container and bind-mounted to the right
locations.

vpnkit-expose-port is a userland proxy that interacts with vpnkit and
the vpnkit-forwarder service to open ports on the host.

vpnkit-iptables-wrapper wraps iptables to launch
vpnkit-expose-port automatically when ports are opened to a swarm
service.

Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
2017-06-30 19:26:02 +02:00

731 B
Raw Permalink Blame History

vpnkit-expose-port

This init-package provides vpnkit-expose-port and vpnkit-iptables-wrapper from vpnkit. The binaries are installed on the host in /usr/local/bin and can be bind mounted into a container with dockerd.

vpnkit-expose-port is a userland proxy that opens ports on the host by demand. To enable it, start dockerd with --userland-proxy-path pointing to the bind mounted binary.

vpnkit-iptables-wrapper is a wrapper for iptables that opens ports via vpnkit for swarm services. It has to be bind mounted as iptables in $PATH before the regular iptables binary.

To coordinate with vpnkit both tools require access to the 9P port configuration mount point.