Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Add destination ports to used ports when allocating ports #2169

Merged
merged 1 commit into from
Apr 13, 2023
Merged

fix: Add destination ports to used ports when allocating ports #2169

merged 1 commit into from
Apr 13, 2023

Conversation

vsiravar
Copy link
Contributor

Fixes: #2164

sudo nerdctl run -p <container-port> <image> always chooses 49153 as host port. Due to multiple containers using the same forwarding port on the host, it becomes impossible to reach them from the host.

Before this change.

# Run 2 containers with -p option. 
$ sudo nerdctl run -d --name my-nginx -p 80 nginx
59f081b2459bdb41bd2a0a024959b6627fa937d74d2d4775f4ab1803a253d76c
$  sudo nerdctl run -d --name my-httpd -p 80 httpd
b280792d4aa2554af45b5aaff7f26b019c8558fe48d8e8e698d62620b593d350

# Host port is always mapped to 49153
$ sudo nerdctl ps -a
CONTAINER ID    IMAGE                             COMMAND                   CREATED           STATUS    PORTS                    NAMES
59f081b2459b    docker.io/library/nginx:latest    "/docker-entrypoint.…"    35 seconds ago    Up        0.0.0.0:49153->80/tcp    my-nginx
b280792d4aa2    docker.io/library/httpd:latest    "httpd-foreground"        4 seconds ago     Up        0.0.0.0:49153->80/tcp    my-httpd

Both the containers have host port 49153.
Can't reach nginx from host. Forwarding port now maps to httpd.

$ curl localhost:49153
<html><body><h1>It works!</h1></body></html>

After this change

$ sudo nerdctl run -d --name my-nginx -p 80 nginx
adb1a0b4e7a88849ffbb78c445d9eec7d4d32ee6ce06e6abed92be02d940235b

$ sudo nerdctl run -d --name my-httpd -p 80 httpd
dd83e29209f6646bb095942feb3039916c445d7eb7a08648ada02f8130663cba

# Second container httpd uses unique port
$  sudo nerdctl ps -a
CONTAINER ID    IMAGE                             COMMAND                   CREATED           STATUS    PORTS                    NAMES
adb1a0b4e7a8    docker.io/library/nginx:latest    "/docker-entrypoint.…"    13 seconds ago    Up        0.0.0.0:49153->80/tcp    my-nginx
dd83e29209f6    docker.io/library/httpd:latest    "httpd-foreground"        6 seconds ago     Up        0.0.0.0:49154->80/tcp    my-httpd

Can reach both my-nginx and my-httpd from host.

$ curl localhost:49153
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

$ curl localhost:49154
<html><body><h1>It works!</h1></body></html>

@AkihiroSuda
Copy link
Member

@AkihiroSuda AkihiroSuda added this to the v1.4.0 milestone Apr 12, 2023
@vsiravar vsiravar force-pushed the vsiravar/fix-port-assignment branch from ed7b19f to 07d495a Compare April 13, 2023 02:49
@vsiravar
Copy link
Contributor Author

Updated.

@vsiravar
Add destination ports from iptables to used ports while allocating ho…
5bdcee8 
…st ports

Signed-off-by: Vishwas Siravara <vsiravara@gmail.com>
@vsiravar vsiravar force-pushed the vsiravar/fix-port-assignment branch from 07d495a to 5bdcee8 Compare April 13, 2023 03:45
AkihiroSuda
AkihiroSuda reviewed Apr 13, 2023
View reviewed changes
go.mod
@@ -68,6 +68,7 @@ require (
github.com/containerd/ttrpc v1.2.1 // indirect
github.com/containerd/typeurl v1.0.3-0.20220422153119-7f6e6d160d67 // indirect
github.com/containers/ocicrypt v1.1.6 // indirect
github.com/coreos/go-iptables v0.6.0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be in the first require() block

AkihiroSuda
AkihiroSuda approved these changes Apr 13, 2023
View reviewed changes
Copy link
Member

@AkihiroSuda AkihiroSuda left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@AkihiroSuda AkihiroSuda merged commit 6da9283 into containerd:main Apr 13, 2023
@AkihiroSuda AkihiroSuda mentioned this pull request Jun 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.3.1
Development

Successfully merging this pull request may close these issues.

sudo nerdctl run -p <container port> <image> always defaults to 49153 host port.
2 participants
@vsiravar @AkihiroSuda