mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-10-24 10:35:03 +00:00
6c83b98a40
This package contains vpnkit binaries needed inside the dockerd container that can be either copied into the container with a multistage build or used as an init-container and bind-mounted to the right locations. vpnkit-expose-port is a userland proxy that interacts with vpnkit and the vpnkit-forwarder service to open ports on the host. vpnkit-iptables-wrapper wraps iptables to launch vpnkit-expose-port automatically when ports are opened to a swarm service. Signed-off-by: Magnus Skjegstad <magnus@skjegstad.com>
vpnkit-expose-port
This init-package provides vpnkit-expose-port and vpnkit-iptables-wrapper from vpnkit. The binaries are installed on the host in /usr/local/bin and can be bind mounted into a container with dockerd.
vpnkit-expose-port is a userland proxy that opens ports on the host by demand. To enable it, start dockerd with --userland-proxy-path pointing to the bind mounted binary.
vpnkit-iptables-wrapper is a wrapper for iptables that opens ports via vpnkit for swarm services. It has to be bind mounted as iptables in $PATH before the regular iptables binary.
To coordinate with vpnkit both tools require access to the 9P port configuration mount point.