diff --git a/Makefile b/Makefile index 62339a6..c6c53ce 100644 --- a/Makefile +++ b/Makefile @@ -36,6 +36,13 @@ NODE_SHELL := $(COMPOSE) exec \ -e U7S_NODE_IP=$(U7S_NODE_IP) \ $(NODE_SERVICE_NAME) +ifeq ($(CONTAINER_ENGINE),nerdctl) +ifneq (,$(wildcard $(XDG_RUNTIME_DIR)/bypass4netnsd.sock)) + export U7S_B4NN := true + export U7S_B4NN_IGNORE_SUBNETS := ["10.96.0.0/16", "10.244.0.0/16", "$(U7S_NODE_SUBNET)"] +endif +endif + .PHONY: help help: @echo '# Bootstrap a cluster' @@ -64,6 +71,10 @@ help: check-preflight: ./Makefile.d/check-preflight.sh +.PHONY: render +render: check-preflight + $(COMPOSE) config + .PHONY: up up: check-preflight $(COMPOSE) up --build -d diff --git a/README.md b/README.md index cd585a2..404a675 100644 --- a/README.md +++ b/README.md @@ -119,5 +119,16 @@ To change the container engine, set `export CONTAINER_ENGINE=podman` or `export - Some [volume drivers](https://kubernetes.io/docs/concepts/storage/volumes/) such as `nfs` do not work. ## Advanced topics +### Network +When `CONTAINER_ENGINE` is set to `nerdctl`, [bypass4netns](https://github.com/rootless-containers/bypass4netns) can be enabled for accelerating `connect(2)` syscalls. +The acceleration currently does not apply to VXLAN packets. + +```bash +containerd-rootless-setuptool.sh install-bypass4netnsd +export CONTAINER_ENGINE=nerdctl +make up +``` + +### Misc - Although Usernetes (Gen2) is designed to be used with Rootless Docker, it should work with the regular "rootful" Docker too. This might be useful for some people who are looking for "multi-host" version of [`kind`](https://kind.sigs.k8s.io/) and [minikube](https://minikube.sigs.k8s.io/). diff --git a/docker-compose.yaml b/docker-compose.yaml index 2ae7291..15d8e9f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -39,6 +39,11 @@ services: # In addition, `net.ipv4.conf.default.rp_filter` # has to be set to 0 (disabled) or 2 (loose) # in the daemon's network namespace. + annotations: + # Accelerate network for nerdctl >= 2.0.0-beta.4 with bypass4netns >= 0.4.1 + "nerdctl/bypass4netns": "${U7S_B4NN:-false}" + "nerdctl/bypass4netns-ignore-bind": "true" + "nerdctl/bypass4netns-ignore-subnets": "${U7S_B4NN_IGNORE_SUBNETS:-}" networks: default: ipam: