Skip to content

v2.0.0
Compare
Choose a tag to compare
@github-actions github-actions released this 15 Jan 01:35
· 112 commits to master since this release
v2.0.0
This tag was signed with the committer’s verified signature.
AkihiroSuda Akihiro Suda
GPG key ID: 49524C6F9F638F1A
Learn about vigilant mode.
d99e9dd
This commit was signed with the committer’s verified signature.
AkihiroSuda Akihiro Suda
GPG key ID: 49524C6F9F638F1A
Learn about vigilant mode.

Changes

Support detach-netns (#379 , thanks to @fahedouch)

The --detach-netns mode detaches the network namespace associated with slirp4netns, etc. into $ROOTLESSKIT_STATE_DIR/netns,
and executes the child command in the host's network namespace.

The child command can enter $ROOTLESSKIT_STATE_DIR/netns by itself to create nested network namespaces inside it for CNI, etc.

This will be used for:

  • Accelerating (and deflaking) nerdctl (push|pull|build).
  • Supporting nerdctl run --net=host

See containerd/nerdctl#2723 for how nerdctl will adopt the --detach-netns mode.

New network driver: pasta (with port driver implicit) (#358)

Pasta(https://passt.top/passt/) is similar to slirp4netns but its port forwarder achieves better throughput than slirp4netns port driver.
It is still not faster than RootlessKit's builtin port driver, but unlike the builtin port driver, pasta can retain source IP address information.

Network driver Port driver Net throughput Port throughput Src IP No SUID Note
slirp4netns builtin Slow Fast ✅
slirp4netns slirp4netns Slow Slow
pasta implicit Slow Fast ✅ Experimental
lxc-user-nic builtin Fast ✅ Fast ✅ Experimental
(bypass4netns) (bypass4netns) Fast ✅ Fast ✅ Not integrated to RootlessKit

Usage: rootlesskit --net=pasta --port-driver=implicit

  • No support for explicit port forwarding (rootlessctl add-ports),
    as pasta doesn't support it yet.
    Use --port-driver=implicit to let pasta forward TCP ports implicitly.
    The forwarded ports are not visible in rootlessctl list-ports.

  • Needs very recent version of pasta (2023_12_04.b86afe3)

Add --print-semver=(major|minor|patch) (#381)

Full changes: https://github.com/rootless-containers/rootlesskit/milestone/5?closed=1

Install

mkdir -p ~/bin
curl -sSL https://github.com/rootless-containers/rootlesskit/releases/download//rootlesskit-$(uname -m).tar.gz | tar Cxzv ~/bin

About the binaries

The binaries were built automatically on GitHub Actions.
See the log to verify SHA256SUMS.
https://github.com/rootless-containers/rootlesskit/actions/runs/7523006764
The sha256sum of the SHA256SUMS file itself is 86f558c55497f1df37de1f24aee3c3ac6f3231e2262ea2910362ba3f90ef534d .

Contributors

fahedouch
Assets 10
Loading