* k3s server is started - calls into rootlesskit https://github.com/k3s-io/k3s/blob/38a0b91c1a917d2866aee265bc7815424af3e701/pkg/rootless/rootless.go#L37
* k3s server then forks itself(where?) to handle parent(outside netns) and child(inside netns) operations.
* does not allow us to change from slirp4netns to something else like lxc-nic(easier to patch).
-* Rootlesskit creates external(slirp4netns) process to attach tun interface - https://github.com/rootless-containers/rootlesskit/blob/master/pkg/network/slirp4netns/slirp4netns.go#L176
+* Rootlesskit creates external(slirp4netns) process to attach tap interface - https://github.com/rootless-containers/rootlesskit/blob/master/pkg/network/slirp4netns/slirp4netns.go#L176
* slirp4netns is called with specific options, theres no intelligent return mechanism for interface config, hence we have to reuse whats there
* Rootlesskit does child network configuration - https://github.com/rootless-containers/rootlesskit/blob/master/pkg/child/child.go#L156
- * where does the tap0 device comes from?
+ * where does the tap0 device comes from? https://github.com/rootless-containers/rootlesskit/blob/master/pkg/network/slirp4netns/slirp4netns.go#L182
+ * we will need to remove this and redo some of the network configuration
Wrote slirp4netns wrapper(crude & insecure, will need to harden):
* how to handle ipv6?
* how to conjure all of this securely?
+* what provides dns?
+ * in slirp4netns?
+ * can i reuse avard-dns? netavard? postman?
+ * resort do dnsmasq?
+Interesting Reads:
+ * https://linux-blog.anracom.com/2017/10/30/fun-with-veth-devices-in-unnamed-linux-network-namespaces-i/
projects / stejau-blog.git / commitdiff