Accelerate networking with bypass4netns

Depends on: - rootless-containers/bypass4netns PR 68 - containerd/nerdctl PR 2916 Signed-off-by: Akihiro Suda <[email protected]>
rootless-containers · Apr 9, 2024 · a7a8b24 · a7a8b24
1 parent b5e19ab
commit a7a8b24
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -36,6 +36,13 @@ NODE_SHELL := $(COMPOSE) exec \
 	-e U7S_NODE_IP=$(U7S_NODE_IP) \
 	$(NODE_SERVICE_NAME)
 
+ifeq ($(CONTAINER_ENGINE),nerdctl)
+ifneq (,$(wildcard $(XDG_RUNTIME_DIR)/bypass4netnsd.sock))
+	export U7S_B4NN := true
+	export U7S_B4NN_IGNORE_SUBNETS := ["10.96.0.0/16", "10.244.0.0/16", "$(U7S_NODE_SUBNET)"]
+endif
+endif
+
 .PHONY: help
 help:
 	@echo '# Bootstrap a cluster'
@@ -64,6 +71,10 @@ help:
 check-preflight:
 	./Makefile.d/check-preflight.sh
 
+.PHONY: render
+render: check-preflight
+	$(COMPOSE) config
+
 .PHONY: up
 up: check-preflight
 	$(COMPOSE) up --build -d

diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -39,6 +39,11 @@ services:
       # In addition, `net.ipv4.conf.default.rp_filter`
       # has to be set to 0 (disabled) or 2 (loose)
       # in the daemon's network namespace.
+    annotations:
+      # Accelerate network for nerdctl >= 2.0.0-beta.4 with bypass4netns >= 0.4.1
+      "nerdctl/bypass4netns": "${U7S_B4NN:-false}"
+      "nerdctl/bypass4netns-ignore-bind": "true"
+      "nerdctl/bypass4netns-ignore-subnets": "${U7S_B4NN_IGNORE_SUBNETS:-}"
 networks:
   default:
     ipam: