libnetwork
libnetwork copied to clipboard
moby
Added API to set ephemeral port allocator range.
Also reduce the allowed port range as the total number of containers per host is typically less than 1K.
This change helps in scenarios where there are other services on the same host that uses ephemeral ports in iptables manipulation.
The workflow requires changes in docker engine ( https://github.com/moby/moby/pull/40055) and this change. It works as follows:
- user can now specified to docker engine an option --published-port-range="50000-60000" as cmdline argument or in daemon.json.
- docker engine read and pass this info to libnetwork via config.go:OptionDynamicPortRange.
- libnetwork uses this range to allocate dynamic port henceforth.
- --published-port-range can be set either via SIGHUP or restart docker engine
- if --published-port-range is not set by user, a OS specific default range is used for dynamic port allocation. Linux: 49153-60999, Windows: 60000-65000 6 if --published-port-range is invalid, that is, the range given is outside of allowed default range, no change takes place. libnetwork will continue to use old/existing port range for dynamic port allocation.
Signed-off-by: Su Wang [email protected]
lets test the functionality end-to-end (add changes to Moby master, add integration tests in Moby) before we cherry-pick into master ?
lets test the functionality end-to-end (add changes to
Mobymaster, add integration tests inMoby) before we cherry-pick into master ?
Arko, u wanted to add integration test to https://github.com/moby/moby/pull/40055/, right? we can do that.
wanted to make sure that the request is not associated with this PR.
Note we have migrated this codebase over to github.com/moby/moby/libnetwork. We are not accepting PR's on this repo anymore except for backports to be included in moby 20.10
