1. docker
  2. Commit 34f4729bc097f5d8fa0a8942d80889e0e8d32a67
Browse code

rootless: allow exposing dockerd TCP socket easily

eg.

$ DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp" \
dockerd-rootless.sh --experimental \
-H tcp://0.0.0.0:2376 \
--tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem

This commit bumps up RootlessKit from v0.4.1 to v0.6.0:
https://github.com/rootless-containers/rootlesskit/compare/27a0c7a2483732b33d4192c1d178c83c6b9e202d...2fcff6ceae968a1d895e6205e5154b107247356f

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>

Akihiro Suda authored on 2019/07/11 10:01:24
Showing 2 changed files
docs/rootless.md
History View file @ 34f4729
... ... 
@@ -75,6 +75,17 @@ You can just use the upstream Docker client but you need to set the socket path
75 75 
 $ docker -H unix://$XDG_RUNTIME_DIR/docker.sock run -d nginx
76 76 
 ```
77 77
78 
+### Expose Docker API socket via TCP
79 
+
80 
+To expose the Docker API socket via TCP, you need to launch `dockerd-rootless.sh` with `DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp"`.
81 
+
82 
+```console
83 
+$ DOCKERD_ROOTLESS_ROOTLESSKIT_FLAGS="-p 0.0.0.0:2376:2376/tcp" \
84 
+ dockerd-rootless.sh --experimental \
85 
+ -H tcp://0.0.0.0:2376 \
86 
+ --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem
87 
+```
88 
+
78 89 
 ### Routing ping packets
79 90
80 91 
 To route ping packets, you need to set up `net.ipv4.ping_group_range` properly as the root.
... ... 
@@ -86,8 +97,8 @@ $ sudo sh -c "echo 0   2147483647  > /proc/sys/net/ipv4/ping_group_range"
86 86 
 ### Changing network stack
87 87
88 88 
 `dockerd-rootless.sh` uses [slirp4netns](https://github.com/rootless-containers/slirp4netns) (if installed) or [VPNKit](https://github.com/moby/vpnkit) as the network stack by default.
89 
-These network stacks run in userspace and might have performance overhead. See [RootlessKit documentation](https://github.com/rootless-containers/rootlesskit/tree/v0.4.0#network-drivers) for further information.
89 
+These network stacks run in userspace and might have performance overhead. See [RootlessKit documentation](https://github.com/rootless-containers/rootlesskit/tree/v0.6.0#network-drivers) for further information.
90 90
91 91 
 Optionally, you can use `lxc-user-nic` instead for the best performance.
92 
-To use `lxc-user-nic`, you need to edit [`/etc/lxc/lxc-usernet`](https://github.com/rootless-containers/rootlesskit/tree/v0.4.0#--netlxc-user-nic-experimental) and set `$DOCKERD_ROOTLESS_ROOTLESSKIT_NET=lxc-user-nic`.
92 
+To use `lxc-user-nic`, you need to edit [`/etc/lxc/lxc-usernet`](https://github.com/rootless-containers/rootlesskit/tree/v0.6.0#--netlxc-user-nic-experimental) and set `$DOCKERD_ROOTLESS_ROOTLESSKIT_NET=lxc-user-nic`.
93 93
hack/dockerfile/install/rootlesskit.installer
History View file @ 34f4729
... ... 
@@ -1,7 +1,7 @@
1 1 
 #!/bin/sh
2 2
3 
-# v0.4.1
4 
-ROOTLESSKIT_COMMIT=27a0c7a2483732b33d4192c1d178c83c6b9e202d
3 
+# v0.6.0
4 
+ROOTLESSKIT_COMMIT=2fcff6ceae968a1d895e6205e5154b107247356f
5 5
6 6 
 install_rootlesskit() {
7 7 
 	case "$1" in