Dockerfile: update RootlessKit to v2.0.0

https://github.com/rootless-containers/rootlesskit/releases/tag/v2.0.0 === Pasta === RootlessKit v2 adds the support for pasta (https://passt.top/passt/). Pasta is similar to slirp4netns but its port forwarder achieves better throughput than slirp4netns port driver. It is still not faster than RootlessKit's `builtin` port driver, but unlike the `builtin` port driver, pasta can retain source IP address information. Network driver | Port driver | Net throughput | Port throughput | Src IP | No SUID | Note ---------------|----------------|----------------|-----------------|--------|---------|-------------------------------------------- slirp4netns | builtin | Slow | Fast ✅ | ❌ | ✅ | Default in typical setup vpnkit | builtin | Slow | Fast ✅ | ❌ | ✅ | Default when slirp4netns is not installed slirp4netns | slirp4netns | Slow | Slow | ✅ | ✅ | **pasta** | **implicit** | Slow | Fast ✅ | ✅ | ✅ | Experimental lxc-user-nic | builtin | Fast ✅ | Slow | ❌ | ❌ | Experimental (bypass4netns) | (bypass4netns) | Fast ✅ | Fast ✅ | ✅ | ✅ | (Not integrated to RootlessKit) === Detach-netns === Aside from pasta, RootlessKit v2 also brings the support for "detach-netns" mode, which leaves the runtime in the host network namespace to eliminate the slirp overhead for pull/push and to allow accessing the "real" 127.0.0.1. See containerd/nerdctl PR 2723 for how detach-netns is being adopted in nerdctl v2. Integrating detach-netns into Docker/Moby will need an extra work and will be deferred to Docker v26 (or later). Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-01-15 11:02:13 +09:00 · 2024-01-15 11:02:13 +09:00 · f5d05b43d7
commit f5d05b43d7
parent ba86626642
2 changed files with 3 additions and 3 deletions
--- a/2
+++ b/2
@ -352,7 +352,7 @@ FROM base AS rootlesskit-src
 WORKDIR /usr/src/rootlesskit
 RUN git init . && git remote add origin "https://github.com/rootless-containers/rootlesskit.git"
 # When updating, also update vendor.mod and hack/dockerfile/install/rootlesskit.installer accordingly.
-ARG ROOTLESSKIT_VERSION=v1.1.1
+ARG ROOTLESSKIT_VERSION=v2.0.0
 RUN git fetch -q --depth 1 origin "${ROOTLESSKIT_VERSION}" +refs/tags/*:refs/tags/* && git checkout -q FETCH_HEAD

 FROM base AS rootlesskit-build
--- a/hack/dockerfile/install/rootlesskit.installer
+++ b/hack/dockerfile/install/rootlesskit.installer
@ -1,7 +1,7 @@
 #!/bin/sh

 # When updating, also update vendor.mod and Dockerfile accordingly.
-: "${ROOTLESSKIT_VERSION:=v1.1.1}"
+: "${ROOTLESSKIT_VERSION:=v2.0.0}"

 install_rootlesskit() {
 	case "$1" in
@ -28,6 +28,6 @@ install_rootlesskit_dynamic() {
 _install_rootlesskit() (
 	echo "Install rootlesskit version ${ROOTLESSKIT_VERSION}"
 	for f in rootlesskit rootlesskit-docker-proxy; do
-		GOBIN="${PREFIX}" GO111MODULE=on go install ${BUILD_MODE} -ldflags="$ROOTLESSKIT_LDFLAGS" "github.com/rootless-containers/rootlesskit/cmd/${f}@${ROOTLESSKIT_VERSION}"
+		GOBIN="${PREFIX}" GO111MODULE=on go install ${BUILD_MODE} -ldflags="$ROOTLESSKIT_LDFLAGS" "github.com/rootless-containers/rootlesskit/v2/cmd/${f}@${ROOTLESSKIT_VERSION}"
 	done
 )