Aram Akhavan
Aram Akhavan
>However, without also launching the DIND container with --pid=host, the container does not have the ability to access the namespaces of those service containers that DIND needs to administer (as...
> DIND also needs to be able to access the network namespaces for each service container it is responsible for configuring Let me dig into this a little bit this...
> For a container ``, run: > > ``` > nsenter --net=$(docker container inspect -f "{{.NetworkSettings.SandboxKey}}") > ``` Nice! That's basically what I was doing but I was doing the...
I haven't forgotten about this! Just haven't had time. Should be able to take a look this weekend.
Still on my radar, sorry! I am very excited to play around with this when I get a chance.
@struanb - Alright I finally had a chance to test this out! It worked just fine with a dummy traefik and whoami service. Here are my thoughts: * There seems...
> I think it may be appropriate to extend DIND (at least provide an option) to add a firewall rule of this sort to each host. What do you think,...
Ok so I think I found a good "workaround" that addresses some of my concern with the extra child container. (Maybe you're doing this or something similar already, but from...
Ok so the conclusion of https://github.com/moby/moby/issues/43769 is basically that we're not going to see privileged services anytime soon, but the workaround in the above comment is the generally accepted solution....
It doesn't happen with every rom though. Maybe its size based?