Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker/containerd in netns #29

Open
antage opened this issue Apr 4, 2022 · 1 comment
Open

docker/containerd in netns #29

antage opened this issue Apr 4, 2022 · 1 comment
Labels
help wanted

Comments

@antage
Copy link

antage commented Apr 4, 2022

Did anyone try to run docker.service/containerd.service with systemd-named-nets in own namespace?

I tried and commands like docker pull works fine but docker run can't start any container.

I hope someone knows a fix.
@Jamesits
Copy link
Owner

Jamesits commented Apr 5, 2022

Docker must be able to manage net namespaces to work (unless you start every container with --network=host which I guess is not your use case). Thus Docker daemon itself cannot be in a net namespace.

There are a few workarounds I can think of:

  • Set up a HTTP proxy for docker pull, and make all traffic from that proxy go through a net namespace
  • Use weird nested namespace implementation, also known as docker-in-docker (one I can think of is https://www.nestybox.com/, but I'm not sure if it works for your use case)

I'll leave this issue open to see if anyone comes with a better idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@antage @Jamesits