nerdctl icon indicating copy to clipboard operation
nerdctl copied to clipboard
verified publisher icon containerd

`nerdctl stop` should release rootless ports (OCI `poststop` event should be called on `nerdctl stop`)

Open AkihiroSuda opened this issue 4 years ago • 4 comments 

$ nerdctl --version
nerdctl version 0.12.1-58-g757f823

$ nerdctl run -d --name nginx -p 8080:80 nginx:alpine
5debf438f4632aaf6346d022b8a98c89c36b03e729f21f5e3f89b718a370f2da

$ nerdctl stop nginx
nginx

$ lsof -i -P
COMMAND      PID USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
rootlessk 131938 suda   12u  IPv6 3543002      0t0  TCP *:8080 (LISTEN)

$ rootlessctl --socket /run/user/1001/containerd-rootless/api.sock list-ports
ID    PROTO    PARENTIP    PARENTPORT    CHILDIP    CHILDPORT    
7     tcp      0.0.0.0     8080                     8080

The port should be released after nerdctl stop.

It looks like the OCI poststop event hook is not executed for nerdctl stop.

AkihiroSuda avatar Oct 22 '21 08:10 AkihiroSuda

poststop event hook seems to be a post-delete hook.

junnplus avatar Dec 31 '21 14:12 junnplus

A workaround for this issue when using nerdctl for development, if removing the container is okay in your usecase than using nerdctl run --rm will remove all traces of the container after running including the port.

maruno avatar Oct 28 '22 08:10 maruno

It's against the definition of poststop.

IMHO, the runtime-spec is for k8s pod, and there is no stop action in k8s pod.

zhan9san avatar Nov 28 '22 13:11 zhan9san