Zun

Support port bindings when create/run container

Registered by Kevin Zhao

Since now zun support container compute in multiple hosts, it will be good for container supporting port bindings to the compute host.
Docker support :
       docker create -p 172.24.4.19:80:80
May be should add this function to Zun.

This BP consists of two parts:
1. docker create -p 80 -> create a security group and open port 80 (mutual exclusive with --security-group option that will use an existing security group)
2. docker create -p 172.24.4.19:80:80 -> part 1 + port forwarding to port 80 of floating IP 172.24.4.19

Blueprint information

Status:
Complete
Approver:
hongbin
Priority:
High
Drafter:
Kevin Zhao
Direction:
Approved
Assignee:
Kevin Zhao
Definition:
New
Series goal:
None
Implementation:
Implemented
Milestone target:
None
Started by
hongbin
Completed by
hongbin

Related branches

Sprints

Whiteboard

(hongbin 2018-05-11): Per my understanding, supporting 'docker create -p 80:80' consists of two parts: (i) open container's port 80, (ii) open compute host's port 80. I am not sure about part (ii) since it has security impacts. Part (i) makes sense since we can use it to open port 80 in container's security group.

(kevinz 2018-05-12): for (i) now it make sense and easy to do it. For (ii) since K8s have NodePort support, it will map container port to Node Port to expose the public network access, we may consider it as a long term plan(or table it). Since for Openstack , container could have a floating ip and outside user can get access to it.

(hongbin 2018-05-13): I see. In order to have NodePort support, we need this feature from Neutron https://review.openstack.org/#/c/470596/ . It basically allows us to assign a floating IP to the virtual node thus supporting part (ii).

Gerrit topic: https://review.openstack.org/#q,topic:bp/support-port-bindings,n,z

Addressed by: https://review.openstack.org/568157
    [WIP] Support opening container's port

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.