Skip to content

Commit 2792bfd

Browse files
Nino-KNino-K
committed
Subscribe to container engine API for published ports
Monitor container creation and deletion events by subscribing to the container engine's API. Upon receiving a container creation or deletion event, the system immediately forwards the port mappings through the aggregated channel. This ensures that the ports are opened on the host without any latency. Signed-off-by: Nino Kodabande <[email protected]>
1 parent 2105d57 commit 2792bfd

27 files changed

+1501
-60
lines changed

cmd/lima-guestagent/daemon_linux.go

Lines changed: 28 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -28,16 +28,25 @@ func newDaemonCommand() *cobra.Command {
2828
daemonCommand.Flags().Duration("tick", 3*time.Second, "Tick for polling events")
2929
daemonCommand.Flags().Int("vsock-port", 0, "Use vsock server instead a UNIX socket")
3030
daemonCommand.Flags().String("virtio-port", "", "Use virtio server instead a UNIX socket")
31+
daemonCommand.Flags().StringSlice("docker-sockets", []string{}, "Paths to Docker socket files to monitor for exposed ports")
32+
daemonCommand.Flags().StringSlice("containerd-sockets", []string{}, "Paths to Containerd socket files to monitor for exposed ports")
33+
daemonCommand.Flags().StringSlice("kubernetes-configs", []string{}, "Path to Kubernetes config file to monitor for ports")
3134
return daemonCommand
3235
}
3336

3437
func daemonAction(cmd *cobra.Command, _ []string) error {
3538
ctx := cmd.Context()
39+
if os.Geteuid() != 0 {
40+
return errors.New("must run as the root user")
41+
}
3642
socket := "/run/lima-guestagent.sock"
3743
tick, err := cmd.Flags().GetDuration("tick")
3844
if err != nil {
3945
return err
4046
}
47+
if tick == 0 {
48+
return errors.New("tick must be specified")
49+
}
4150
vSockPort, err := cmd.Flags().GetInt("vsock-port")
4251
if err != nil {
4352
return err
@@ -46,12 +55,19 @@ func daemonAction(cmd *cobra.Command, _ []string) error {
4655
if err != nil {
4756
return err
4857
}
49-
if tick == 0 {
50-
return errors.New("tick must be specified")
58+
dockerSockets, err := cmd.Flags().GetStringSlice("docker-sockets")
59+
if err != nil {
60+
return err
5161
}
52-
if os.Geteuid() != 0 {
53-
return errors.New("must run as the root user")
62+
containerdSockets, err := cmd.Flags().GetStringSlice("containerd-sockets")
63+
if err != nil {
64+
return err
5465
}
66+
kubernetesConfig, err := cmd.Flags().GetStringSlice("kubernetes-configs")
67+
if err != nil {
68+
return err
69+
}
70+
5571
logrus.Infof("event tick: %v", tick)
5672

5773
newTicker := func() (<-chan time.Time, func()) {
@@ -62,7 +78,14 @@ func daemonAction(cmd *cobra.Command, _ []string) error {
6278
return ticker.C, ticker.Stop
6379
}
6480

65-
agent, err := guestagent.New(ctx, newTicker, tick*20)
81+
agent, err := guestagent.New(
82+
&guestagent.Config{
83+
Ticker: newTicker,
84+
IptablesIdle: tick * 20,
85+
DockerSockets: dockerSockets,
86+
ContainerdSockets: containerdSockets,
87+
KubernetesConfigs: kubernetesConfig,
88+
})
6689
if err != nil {
6790
return err
6891
}

cmd/lima-guestagent/install_systemd_linux.go

Lines changed: 32 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,9 @@ func newInstallSystemdCommand() *cobra.Command {
2626
}
2727
installSystemdCommand.Flags().Int("vsock-port", 0, "Use vsock server on specified port")
2828
installSystemdCommand.Flags().String("virtio-port", "", "Use virtio server instead a UNIX socket")
29+
installSystemdCommand.Flags().StringSlice("docker-sockets", []string{}, "Paths to Docker socket files to monitor for exposed ports")
30+
installSystemdCommand.Flags().StringSlice("containerd-sockets", []string{}, "Paths to Containerd socket files to monitor for exposed ports")
31+
installSystemdCommand.Flags().StringSlice("kubernetes-configs", []string{}, "Path to Kubernetes config files to monitor for ports")
2932
return installSystemdCommand
3033
}
3134

@@ -43,7 +46,25 @@ func installSystemdAction(cmd *cobra.Command, _ []string) error {
4346
if err != nil {
4447
return err
4548
}
46-
unit, err := generateSystemdUnit(vsockPort, virtioPort, debug)
49+
dockerSockets, err := cmd.Flags().GetStringSlice("docker-sockets")
50+
if err != nil {
51+
return err
52+
}
53+
containerdSockets, err := cmd.Flags().GetStringSlice("containerd-sockets")
54+
if err != nil {
55+
return err
56+
}
57+
kubernetesConfigs, err := cmd.Flags().GetStringSlice("kubernetes-configs")
58+
if err != nil {
59+
return err
60+
}
61+
unit, err := generateSystemdUnit(
62+
vsockPort,
63+
virtioPort,
64+
dockerSockets,
65+
containerdSockets,
66+
kubernetesConfigs,
67+
debug)
4768
if err != nil {
4869
return err
4970
}
@@ -82,7 +103,7 @@ func installSystemdAction(cmd *cobra.Command, _ []string) error {
82103
//go:embed lima-guestagent.TEMPLATE.service
83104
var systemdUnitTemplate string
84105

85-
func generateSystemdUnit(vsockPort int, virtioPort string, debug bool) ([]byte, error) {
106+
func generateSystemdUnit(vsockPort int, virtioPort string, dockerSockets, containerdSockets, kubeConfigs []string, debug bool) ([]byte, error) {
86107
selfExeAbs, err := os.Executable()
87108
if err != nil {
88109
return nil, err
@@ -98,6 +119,15 @@ func generateSystemdUnit(vsockPort int, virtioPort string, debug bool) ([]byte,
98119
if debug {
99120
args = append(args, "--debug")
100121
}
122+
if len(dockerSockets) > 0 {
123+
args = append(args, "--docker-sockets", strings.Join(dockerSockets, ","))
124+
}
125+
if len(containerdSockets) > 0 {
126+
args = append(args, "--containerd-sockets", strings.Join(containerdSockets, ","))
127+
}
128+
if len(kubeConfigs) > 0 {
129+
args = append(args, "--kubernetes-configs", strings.Join(kubeConfigs, ","))
130+
}
101131

102132
m := map[string]string{
103133
"Binary": selfExeAbs,

go.mod

Lines changed: 51 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,10 +17,13 @@ require (
1717
github.com/cpuguy83/go-md2man/v2 v2.0.7
1818
github.com/digitalocean/go-qemu v0.0.0-20221209210016-f035778c97f7
1919
github.com/diskfs/go-diskfs v1.7.0 // gomodjail:unconfined
20+
github.com/docker/docker v28.3.3+incompatible
21+
github.com/docker/go-connections v0.5.0
2022
github.com/docker/go-units v0.5.0
2123
github.com/elastic/go-libaudit/v2 v2.6.2
2224
github.com/foxcpp/go-mockdns v1.1.0
2325
github.com/goccy/go-yaml v1.18.0
26+
github.com/gogo/protobuf v1.3.2 // indirect
2427
github.com/google/go-cmp v0.7.0
2528
github.com/google/yamlfmt v0.17.2
2629
github.com/invopop/jsonschema v0.13.0
@@ -63,22 +66,22 @@ require (
6366
github.com/bmatcuk/doublestar/v4 v4.7.1 // indirect
6467
github.com/buger/jsonparser v1.1.1 // indirect
6568
github.com/containerd/log v0.1.0 // indirect
69+
github.com/creack/pty v1.1.18 // indirect
6670
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
6771
github.com/digitalocean/go-libvirt v0.0.0-20220804181439-8648fbde413e // indirect
6872
github.com/dimchansky/utfbom v1.1.1 // indirect
6973
github.com/djherbis/times v1.6.0 // indirect
7074
github.com/elliotchance/orderedmap v1.8.0 // indirect
7175
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
7276
github.com/fatih/color v1.18.0 // indirect
73-
// gomodjail:unconfined
7477
github.com/fsnotify/fsnotify v1.8.0 // indirect
7578
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
7679
github.com/go-logr/logr v1.4.3 // indirect
7780
github.com/go-openapi/jsonpointer v0.21.0 // indirect
7881
github.com/go-openapi/jsonreference v0.21.0 // indirect
7982
github.com/go-openapi/swag v0.23.0 // indirect
8083
github.com/goccy/go-json v0.10.5 // indirect
81-
github.com/gogo/protobuf v1.3.2 // indirect
84+
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
8285
github.com/google/btree v1.1.3 // indirect
8386
github.com/google/gnostic-models v0.7.0 // indirect
8487
github.com/google/gopacket v1.1.19 // indirect
@@ -101,7 +104,11 @@ require (
101104
github.com/mitchellh/mapstructure v1.5.0 // indirect
102105
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
103106
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
107+
github.com/morikuni/aec v1.0.0 // indirect
104108
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
109+
github.com/opencontainers/image-spec v1.1.1 // indirect
110+
github.com/opencontainers/runtime-spec v1.1.0 // indirect
111+
github.com/opencontainers/selinux v1.11.0 // indirect
105112
github.com/pelletier/go-toml/v2 v2.2.4 // indirect
106113
github.com/pierrec/lz4/v4 v4.1.22 // indirect
107114
github.com/pkg/errors v0.9.1 // indirect
@@ -113,11 +120,15 @@ require (
113120
github.com/u-root/uio v0.0.0-20240224005618-d2acac8f3701 // indirect
114121
github.com/x448/float16 v0.8.4 // indirect
115122
github.com/yuin/gopher-lua v1.1.1 // indirect
123+
go.opentelemetry.io/otel v1.37.0 // indirect
124+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.37.0 // indirect
125+
go.opentelemetry.io/otel/metric v1.37.0 // indirect
126+
go.opentelemetry.io/otel/trace v1.37.0 // indirect
116127
golang.org/x/crypto v0.41.0 // indirect
117128
golang.org/x/mod v0.27.0 // indirect
118129
golang.org/x/oauth2 v0.30.0 // indirect
119130
golang.org/x/term v0.34.0 // indirect
120-
golang.org/x/time v0.9.0 // indirect
131+
golang.org/x/time v0.12.0 // indirect
121132
golang.org/x/tools v0.36.0 // indirect
122133
google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect
123134
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
@@ -141,3 +152,40 @@ require (
141152
sigs.k8s.io/randfill v1.0.0 // indirect
142153
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
143154
)
155+
156+
require github.com/containerd/containerd v1.7.28
157+
158+
require (
159+
github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
160+
github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
161+
github.com/Microsoft/hcsshim v0.11.7 // indirect
162+
github.com/containerd/cgroups v1.1.0 // indirect
163+
github.com/containerd/containerd/api v1.9.0
164+
github.com/containerd/errdefs v0.3.0 // indirect
165+
github.com/containerd/fifo v1.1.0 // indirect
166+
github.com/containerd/platforms v0.2.1 // indirect
167+
github.com/containerd/ttrpc v1.2.7 // indirect
168+
github.com/containerd/typeurl/v2 v2.2.0 // indirect
169+
github.com/distribution/reference v0.6.0 // indirect
170+
github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
171+
github.com/felixge/httpsnoop v1.0.3 // indirect
172+
github.com/go-logr/stdr v1.2.2 // indirect
173+
github.com/klauspost/compress v1.17.4 // indirect
174+
github.com/moby/locker v1.0.1 // indirect
175+
github.com/moby/sys/mountinfo v0.6.2 // indirect
176+
github.com/moby/sys/sequential v0.6.0 // indirect
177+
github.com/moby/sys/signal v0.7.0 // indirect
178+
github.com/moby/sys/user v0.3.0 // indirect
179+
github.com/moby/sys/userns v0.1.0 // indirect
180+
go.opencensus.io v0.24.0 // indirect
181+
go.opentelemetry.io/auto/sdk v1.1.0 // indirect
182+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
183+
google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect
184+
)
185+
186+
require (
187+
github.com/containerd/errdefs/pkg v0.3.0 // indirect
188+
github.com/moby/docker-image-spec v1.3.1 // indirect
189+
github.com/moby/sys/atomicwriter v0.1.0 // indirect
190+
github.com/moby/term v0.5.2 // indirect
191+
)

0 commit comments

Comments
 (0)