The `--userland-proxy` daemon flag makes it possible to rely on hairpin
NAT and additional iptables routes instead of userland proxy for port
publishing and inter-container communication.
Usage of the userland proxy remains the default as hairpin NAT is
unsupported by older kernels.
Signed-off-by: Arnaud Porterie <arnaud.porterie@docker.com>
We now advise people to configure docker group and
add to sudo. Mac shouldn't use sudo. Removed sudo
from command examples. Left in installation to be removed
in installation doc sweep -- removing requires finer
grain control.
Signed-off-by: Mary Anthony <mary@docker.com>
This patch adds detail on how the host's `/etc/resolv.conf` file is
filtered when creating the copy for the container.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Read `/proc/sys/net/ipv4/ip_local_port_range` kernel parameter to obtain
ephemeral port range that now sets the boundaries of port allocator
which finds free host ports for those exported by containers.
Signed-off-by: Michal Minar <miminar@redhat.com>
The overlay filesystem does not support inotify at this time. The
resolv.conf updater test was passing on overlay-based Jenkins because of
a fluke--because it was DIND, /etc/resolv.conf on the "host" was really
a bind-mounted resolv.conf from the outer container, which means a watch
directly on that file worked as it was not overlay backed. The new test
(from #10703) unmounts the bind-mounted copy to test create and modify
code-paths, which caused us to hit the issue.
This PR also adds a note to the docs about the lack of auto-update when
using the overlay storage driver.
See https://lkml.org/lkml/2012/2/28/223 for more info on inotify and
overlay.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Fixes: #10701
Updates the IPv6 documentation and images to reflect the more modern
`ip -6` command set versus `route` and `ifconfig`. Also removes the
use of the special 2002: address range as that is reserved for 6to4
addressing, as well as use of any public address range and re-works the
switched routing example to use 3 subnets of the documentation IPv6
prefix range.
Also conformed all use of addresses to the same doc range per @MalteJ's
commit.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Signed-off-by: Malte Janduda <mail@janduda.net>
Fixes a few typos in IPv6 addresses. Will make it easier for users who
actually try and copy/paste or use the example addresses directly.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
This fixes the container start issue for containers which were started
on a daemon prior to the resolv.conf updater PR. The update code will
now safely ignore these containers (given they don't have a sha256 hash
to compare against) and will not attempt to update the resolv.conf
through their lifetime.
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
Only modifies non-running containers resolv.conf bind mount, and only if
the container has an unmodified resolv.conf compared to its contents at
container start time (so we don't overwrite manual/automated changes
within the container runtime). For containers which are running when
the host resolv.conf changes, the update will only be applied to the
container version of resolv.conf when the container is "bounced" down
and back up (e.g. stop/start or restart)
Docker-DCO-1.1-Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com> (github: estesp)
