mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-07-19 09:16:29 +00:00
6c83b98a40
This package contains vpnkit binaries needed inside the dockerd container that can be either copied into the container with a multistage build or used as an init-container and bind-mounted to the right locations. vpnkit-expose-port is a userland proxy that interacts with vpnkit and the vpnkit-forwarder service to open ports on the host. vpnkit-iptables-wrapper wraps iptables to launch vpnkit-expose-port automatically when ports are opened to a swarm service. Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
10 lines
731 B
Markdown
10 lines
731 B
Markdown
### vpnkit-expose-port
|
|
|
|
This init-package provides `vpnkit-expose-port` and `vpnkit-iptables-wrapper` from [vpnkit](http://github.com/moby/vpnkit.git). The binaries are installed on the host in `/usr/local/bin` and can be bind mounted into a container with `dockerd`.
|
|
|
|
`vpnkit-expose-port` is a userland proxy that opens ports on the host by demand. To enable it, start `dockerd` with `--userland-proxy-path` pointing to the bind mounted binary.
|
|
|
|
`vpnkit-iptables-wrapper` is a wrapper for iptables that opens ports via vpnkit for swarm services. It has to be bind mounted as `iptables` in $PATH before the regular `iptables` binary.
|
|
|
|
To coordinate with `vpnkit` both tools require access to the 9P port configuration mount point.
|