-
Notifications
You must be signed in to change notification settings - Fork 0
Script to create publically routable rootless podman networks
License
sshambar/setup-rootless
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Script to create publically routable rootless podman networks
Usage:
Setup public routing for podman network <name>
Usage: setup-rootless [ -r ] <name> | -x | -h
Options:
-h - show help
-r - remove (all if no <name>)
Example:
# make kind network routable from host
$ setup-rootless kind
# remove kind network routes
$ setup-rootless -r kind
# remove interface link (and associated routes)
$ setup-rootless -r
Default config:
# host (and rootless) interface name
SR_INTF=cni0
# podman network created to reserve route ips
SR_NET=reserved
# rootless network namespace name
SR_NS="${USER}-rootless"
# pod created to pin rootless namespace
SR_INFRA=rootless
Creates host interface $SR_INTF and routes for subnets in named podman
networks. If $SR_NET exists, it is used to determine single vs
dual-stack networking (default: dual). $SR_NET also determines the host
addresses for $SR_INTF and nexthop addresses for added routes.
Theory:
The script creates a infrastructure pod named in $SR_INFRA to preserve
the rootless namespace.
It then attaches the podman rootless namespace to $SR_NS
The script creates a virtual ethernet pair in the podman rootless
network namespace, and moves one peer to the host. The interface
is named in $SR_INTF
It then assigns the veth pair two "unused" network ips from
the network named in $SR_NET, and adds a default route to the host
peer for the rootless network.
Finally, for any supplied podman network, it adds a host route to
the rootless peer.
The script is idempotent, so can be run multiple times and will
attempt to configure the network as designed.
Requires:
ip - to configure inet
podman - to manage containers/networks
jq - to parse config
sudo - for privileged operations
sudo command patterns required (for SR_NS=devel-rootless, SR_INTF=cni0):
ip ^netns attach devel-rootless [0-9]+$
ip netns del devel-rootless
ip ^-n devel-rootless link set cni0-peer name cni0 netns [^ ]+$
ip ^addr add [0-9a-f:./]+ dev cni0$
ip link set cni0 up
ip ^route add [0-9a-f:./]+ via [0-9a-f:.]+ dev cni0$
ip ^route del [0-9a-f:./]+ dev cni0$
Script is self-documented (text above is copied from the leading script
comments)About
Script to create publically routable rootless podman networks
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published