You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Disclaimer: I've asked this same question on reddit before, but got no useful answers, so I'm trying my luck over here.
Ever since I moved from docker to rootless podman many moons ago my container networking stack is working somehow, but not exactly how I want it, and every time I try to solve it again there's always a snag or roadblock. Maybe I'm just looking at it the wrong way.
What I have:
containers isolated on several networks (so serviceX-db can only be reached from serviceX)
containers can reach each other via their container hostname if they share a network
containers behind the traefik reverse proxy can reach each other via their "external hostname" through the proxy
traefik is completely configured through container labels
I'm using the slirp4netns network stack because when I switch to pasta some of the above subtly breaks without me knowing why.
For unrelated reasons there is a DNS server running as a rootful container, so aardvark-dns cannot have <host>:53.
What I want but don't have:
containers currently cannot see the IP address of an external client
I have, amongst other things, a container that starts several services via s6, listening on 6 ports in total and several of those are not socket activation capable, so that's a dead end.
I have read about using slirp4netns as a port handler instead of rootlessport, but no explanation how to do this with a quadlet.
I would prefer to hand the whole thing off to pasta, but from what I understand then I cannot have named .networks isolating services. While I could live with that, I'm unclear on how to facilitate inter-container communication at all with this. From what little I understand, I basically have to wait for #8193? Since not all containers need to see the external IP, can I work around the issue somehow?
networkNetworking related issue or featurepastapasta(1) bugs or features
1 participant
Heading
Bold
Italic
Quote
Code
Link
Numbered list
Unordered list
Task list
Attach files
Mention
Reference
Menu
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Disclaimer: I've asked this same question on reddit before, but got no useful answers, so I'm trying my luck over here.
Ever since I moved from docker to rootless podman many moons ago my container networking stack is working somehow, but not exactly how I want it, and every time I try to solve it again there's always a snag or roadblock. Maybe I'm just looking at it the wrong way.
What I have:
I'm using the slirp4netns network stack because when I switch to pasta some of the above subtly breaks without me knowing why.
For unrelated reasons there is a DNS server running as a rootful container, so aardvark-dns cannot have
<host>:53.What I want but don't have:
I have, amongst other things, a container that starts several services via s6, listening on 6 ports in total and several of those are not socket activation capable, so that's a dead end.
I have read about using slirp4netns as a port handler instead of rootlessport, but no explanation how to do this with a quadlet.
I would prefer to hand the whole thing off to pasta, but from what I understand then I cannot have named
.networks isolating services. While I could live with that, I'm unclear on how to facilitate inter-container communication at all with this. From what little I understand, I basically have to wait for #8193? Since not all containers need to see the external IP, can I work around the issue somehow?Beta Was this translation helpful? Give feedback.
All reactions