github.com/containers/podman/v2@v2.2.2-0.20210501105131-c1e07d070c4c/contrib/rootless-cni-infra/README.md (about)

     1  # rootless-cni-infra
     2  
     3  Infra container for CNI-in-slirp4netns. This is required for rootless CNI networking.
     4  
     5  To build the rootless CNI infra container image, please download both the Containerfile and `rootless-cni-infra` files to an otherwise empty directory.
     6  Then, run `podman build -t rootless-cni-infra .` on that directory as the user who will be running rootless Podman.
     7  
     8  Once the image has been built, Podman will automatically use it as required to create CNI networks.
     9  
    10  ## How it works
    11  
    12  When a CNI network is specified for `podman run` in rootless mode, Podman launches the `rootless-cni-infra` container to execute CNI plugins inside slirp4netns.
    13  
    14  The infra container is created per user, by executing an equivalent of:
    15  `podman run -d --name rootless-cni-infra --pid=host --privileged -v $HOME/.config/cni/net.d:/etc/cni/net.d rootless-cni-infra`.
    16  The infra container is automatically deleted when no CNI network is in use.
    17  
    18  Podman then allocates a CNI netns in the infra container, by executing an equivalent of:
    19  `podman exec rootless-cni-infra rootless-cni-infra alloc $CONTAINER_ID $NETWORK_NAME $POD_NAME`.
    20  
    21  The allocated netns is deallocated when the container is being removed, by executing an equivalent of:
    22  `podman exec rootless-cni-infra rootless-cni-infra dealloc $CONTAINER_ID $NETWORK_NAME`.
    23  
    24  The container images live on `quay.io/libpod/rootless-cni-infra`.  The tags have the format `$version-$architecture`.  Please make sure to increase the version number in the Containerfile (i.e., `ROOTLESS_CNI_INFRA_VERSION`) when applying changes to this directory.  After committing the changes, upload the image(s) with the corresponding tag.
    25  
    26  ## Directory layout
    27  
    28  * `/run/rootless-cni-infra/${CONTAINER_ID}/pid`: PID of the `sleep infinity` process that corresponds to the allocated netns
    29  * `/run/rootless-cni-infra/${CONTAINER_ID}/attached/${NETWORK_NAME}`: CNI result
    30  * `/run/rootless-cni-infra/${CONTAINER_ID}/attached-args/${NETWORK_NAME}`: CNI args