Standardize port mapping

Open cyruseuros opened this issue 4 years ago • 1 comments

Though it's not a straightforward as bind-mounts (one step process to tweak the rootfs, vs two-step process of creating network namespaces and e.g. veth devices to connect them), it fundamentally serves the same purpose - poking holes in the isolated environment for the sake of communication.

Seeing as pretty much every high-level runtime (docker, podman, cri-o) implements this feature, it seems like a good candidate for standardization.

Thoughts?

Jul 19 '21 03:07 cyruseuros

Networking is definitely a complicated topic, and even if we take just the example of Docker, it has multiple methods by which it implements this one feature (and the ability to do so/method it uses also varies depending on which underlying networking the container uses) -- contrast that with most of the other settings in the runtime specification, which generally map one-to-one with kernel functionality (complicated mostly by cgroupv1 vs cgroupv2).

I'm not extremely well-versed in https://github.com/containernetworking/cni, but it seems like that might be a better place to discuss standardizing this? (or where it might already be :see_no_evil:)

Jul 19 '21 17:07 tianon