hyperd
hyperd copied to clipboard
hyperhq
hyperctl run ignored --publish=
My ENV
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.2 LTS
Release: 16.04
Codename: xenial
uname -a
Linux runv 4.8.0-51-generic #54~16.04.1-Ubuntu SMP Wed Apr 26 16:00:28 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
iptables v1.6.0:
hyperd v0.8.1
hyperd config
cat /etc/hyper/config |grep -v ^$|grep -v ^#
Root=/mnt/hyperdata
Hypervisor=qemu
Kernel=/var/lib/hyper/kernel
Initrd=/var/lib/hyper/hyper-initrd.img
Host=127.0.0.1:2375
DisableIptables=false
VmFactoryPolicy=
[Log]
After run container as
hyperctl run --memory=2048 --publish=tcp:8811:80 -d nginx
POD id is nginx-0503261496
Time to run a POD is 1485 ms
does not created iptables rules for port map
root@runv:~# iptables -L -vn
Chain INPUT (policy ACCEPT 806 packets, 67939 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * hyper0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- hyper0 * 0.0.0.0/0 0.0.0.0/0
0 0 HYPER all -- * hyper0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 396 packets, 72592 bytes)
pkts bytes target prot opt in out source destination
Chain HYPER (1 references)
pkts bytes target prot opt in out source destination
root@runv:~# iptables -L -vn -t nat
Chain PREROUTING (policy ACCEPT 134 packets, 17336 bytes)
pkts bytes target prot opt in out source destination
3 180 HYPER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 102 packets, 15748 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 HYPER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * !hyper0 192.168.123.0/24 0.0.0.0/0
Chain HYPER (2 references)
pkts bytes target prot opt in out source destination
root@runv:~#
@nickdoikov not yet. However, this is not a feature hard to be implement, just was temporarily removed during the refactor of 0.8.x developing.
@gnawux could you please provide a previous version number where this feature was worked?
@nickdoikov back to 0.7, it should work. But 0.8.x fixed many bugs of previous version, and the port mapping could be done in external systems, such as iptables, kubernetes service, and so on.
@gnawux In new version hyperd there will be native support iptables? Kubernetes is not our case) I do not want to write the wrapper for iptables myself
@gnawux I'm interested in new versions? Or in future versions there will be no more support iptables native?
@SergeyOvsienko
In the previous versions, we define port mapping in the spec of each container. While in the new version, the port mapping will become a pod level configuration, and could be update during runtime. The related work item is #382
@gnawux it is not clear for me now. do hyperd will support native iptables in future versions? It is simple question , but it is very important for us.
Why you kill functionality that allow to use hyperd without kubernetes? Sometimes it is enough to build own schedulers and use common iptables based port forwarding.
@nickdoikov it's just an API/model change, not about the backend implementation. The past is iptables, and the future is iptables too.
@gnawux thanks , so i can downgrade to 0.7 and build own ecosystem holding in mind that in future i will be capable to upgrade to 0.9 where port mapping management functionality will be added back? i mean that i will be capable to manage it via REST or cli , not only via kubelet in 0.9 ?
Yes, in the 0.9, both REST/cli and GRPC will be supported.
Note: The life cycle has changed since 0.8.x. (ref: 0.8 release note)
- Enhancement: simplify the model and state machine -- one Pod is one VM.
- Enhancement: allow add/remove containers to/from a Pod/sandbox.
- Enhancement: do not stop sandbox without an explicit stop command even if the last container is stopped (To be compatible to Kubernetes CRI).
manage port publishing ? or you mean general REST/cli management ? My question was about port publishing functionality and your response not so clear for me, sorry , cloud please clarify :)
for me is not a problem that mechanisms was changed, i`m worried about functionality (iptables REST/CLI management) .
iptables and cli will all exist in future release. But the interface may be changed.
what you mean when talking about "interface"? rest endpoints structure? or what ? not clearly understand you.
For the REST API,
- the port mapping spec will move from
containersto top level ofpod - will have new port mapping add/remove API
- will support the port range better
For command line, I think we will try to keep it unchanged.
thanks ! it is clear now . is there any chance that release 0.9 will be done in 2017 ?
It should be done in 1 or 2 months. And if we could not make a major release, we will release these not-so-big functions in a 0.8.2 release.
@cool, many thanks. Actually we had plans to use hyper in paas platform instead of currently used docker engine and containers,hyper provide simplicity and excellent resource isolation level. that's why i'm very interested in hyper release perspectives.
Thank you one more time.
Hello @gnawux a small update : We have tested 0.7 and iptables works fine, but this version contain interactive terminal issues.
so we will waiting for 0.8.2 or 0.9.0 hope this will happened soon.