Open hholst80 opened 2 years ago
RootlessKit per se has rootlesskit --net=host
mode, but it is incompatible with Docker
We moved off the assumption that localhost is localhost, if that makes sense. Instead we use a pod like setup where many containers share that network namespace of that pod container.
Ping me here if you need details on workarounds and I'll write it up off issue.
That said, I am still curious if there's a way to make this work with Docker. I do not see why there would be any need for iptables rules for a host network container.
I have been banging my head on the problem that docker, podman et al all use namespace for localhost so even if I specify --network=host it will have its own network namespace which does not expose the ports available on localhost.
I am currently quite stuck in my workflow unless I can find a way around this. Is there a way to allow --network=host in the "legacy" behavior with rootless that it indeed uses the host network?
I tried removing
--disable-host-loopback
from the docker scripts that use slip4netns but that does not seem to have any effect becausess -tlpn
still does not show up the ports served by other services connected to localhost network.