[feature] Bind to Unix Socket

[AstraLuma]

/kind feature

Description

Would it be reasonable to add support for mapping ports inside a container to unix domain sockets on the host?

This would make things like managing many containers much easier, as you don't have to contend with port juggling.

Output of podman version:

Version:            1.6.4
RemoteAPI Version:  1
Go Version:         go1.13.5
Git Commit:         5cc92849f7fc9dd734ca2fd8f3ae8830b9a7eb26
Built:              Sat Dec 21 13:13:24 2019
OS/Arch:            linux/amd64

Output of podman info --debug:

debug:
  compiler: gc
  git commit: 5cc92849f7fc9dd734ca2fd8f3ae8830b9a7eb26
  go version: go1.13.5
  podman version: 1.6.4
host:
  BuildahVersion: 1.12.0-dev
  CgroupVersion: v1
  Conmon:
    package: 'conmon: /usr/libexec/podman/conmon'
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.0.9, commit: unknown'
  Distribution:
    distribution: debian
    version: unknown
  IDMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  MemFree: 1791565824
  MemTotal: 16730222592
  OCIRuntime:
    name: runc
    package: 'runc: /usr/sbin/runc'
    path: /usr/sbin/runc
    version: |-
      runc version 1.0.0~rc10+dfsg1
      commit: 1.0.0~rc10+dfsg1-1
      spec: 1.0.1-dev
  SwapFree: 16836718592
  SwapTotal: 17113804800
  arch: amd64
  cpus: 4
  eventlogger: journald
  hostname: inara
  kernel: 5.3.0-3-amd64
  os: linux
  rootless: true
  slirp4netns:
    Executable: /usr/bin/slirp4netns
    Package: 'slirp4netns: /usr/bin/slirp4netns'
    Version: |-
      slirp4netns version 0.4.1
      commit: 4d38845e2e311b684fc8d1c775c725bfcd5ddc27
  uptime: 959h 50m 41.06s (Approximately 39.96 days)
registries:
  blocked: null
  insecure: null
  search:
  - docker.io
  - quay.io
store:
  ConfigFile: /home/astraluma/.config/containers/storage.conf
  ContainerStore:
    number: 48
  GraphDriverName: vfs
  GraphOptions: {}
  GraphRoot: /home/astraluma/.local/share/containers/storage
  GraphStatus: {}
  ImageStore:
    number: 77
  RunRoot: /run/user/1000
  VolumePath: /home/astraluma/.local/share/containers/storage/volumes

Package info (e.g. output of rpm -q podman or apt list podman):

podman/unknown,now 1.7.0~6 amd64 [installed]
podman/unknown 1.7.0~6 arm64
podman/unknown 1.7.0~6 armhf
podman/unknown 1.7.0~6 ppc64el

Additional environment details (AWS, VirtualBox, physical, etc.):

Home desktop

[AstraLuma]

I have no idea how to do this with rootfull containers without something like socat.

With rootless, I think this would need some additions to slirp4ns as well as tooling additions to support the new port specification.

[baude]

why would the container runtime have to do this? vs you doing it manually

[AstraLuma]

Yes, you can bind mount the socket. But that requires special support in the container. (And not all services support listening on a UDS.)

Adding it to the container runtime means that you can do it generically--the container doesn't know it's being routed through a UDS. It's just listening on a port and the operator has complete flexibility about how to wire things up.

I want this for small hosting--not big enough to reach for tools like kubernetes, but still enough that juggling ports is just kinda annoying. Using an UDS instead of loopback port means that I can assign container sockets to actual meaningful names.

[tobwen]

Maybe this can help? https://www.freedesktop.org/software/systemd/man/systemd-socket-proxyd.html

[AstraLuma]

That'll get you the uds, but doesn't alleviate the port juggling. So it's kind of a mixed bag.

[rhatdan]

@astronouth7303 If you want this, you probably need to start working on PRs. Not sure anyone else is going to work on it.

[github-actions[bot]]

A friendly reminder that this issue had no activity for 30 days.

[rhatdan]

Closing because of lack of activity.