Access services in other containers bound to localhost with pasta #25243
-
|
Hi, what's the recommended (pasta) alternative to "--host-lo-to-ns-lo" since it's marked deprecated? Currently using it like: "Network=pasta:-t,127.0.0.1/8123,-t,::1/8123,--host-lo-to-ns-lo"; the actual service is configured to listen on 0.0.0.0 and [::]. On another container I can then access the service by using "-T,8123" and connecting to localhost:8123. Without that it uses the interfaces LAN IP which is undesirable since it's subject to change. Is there another way to specify localhost or use a different (static) one? The service itself should not be publicly accessible (hence the -t,127.0.0.1/8123,-t,::1/8123), just internally so other containers can access it. They all run under different non-privileged users, so putting them in a single network isn't really an option. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
|
See also: rootless-containers/rootlesskit#482 (comment). It's deprecated because we would eventually like to replace it with a more generic syntax, but not because functionality will disappear. It's also deprecated for a second reason: to get reports if folks are actually using it :) and yours is not the first report, so it starts being a good indication that we should keep it. If the generic syntax we'll come up with is convenient enough, we might actually drop it, but... you know, check back in 3/4 years? We'll keep deprecated things (assuming we don't want to un-deprecate this) around for quite a while. @dgibson: probably this is a sign we should un-deprecate that. |
Beta Was this translation helpful? Give feedback.
-
|
Ah, thank you for this explanation! When I read deprecated in the pasta docs I was under the impression it meant something like "don't use this anymore, there's an alternative already, it'll be gone in a few releases". Hence I was a bit scrambling to get this working :D Perhaps it could be explained a bit further or differently in the docs? Not the deprecation notice in general, but maybe an additional note that it hasn't been replaced yet? :) |
Beta Was this translation helpful? Give feedback.
-
|
Yeah, of course, it conveys that meaning. I think we should simply un-deprecate it to be honest. :) Give us a bit. |
Beta Was this translation helpful? Give feedback.
-
|
No worries, thank you for answering so quickly. Have a great day 😊 |
Beta Was this translation helpful? Give feedback.
-
|
Already in main if anyone stumbles upon this for some reason: https://passt.top/passt/commit/?id=a5cca995dee9b4196d41c86034a4948d346266ca |
Beta Was this translation helpful? Give feedback.
See also: rootless-containers/rootlesskit#482 (comment). It's deprecated because we would eventually like to replace it with a more generic syntax, but not because functionality will disappear.
It's also deprecated for a second reason: to get reports if folks are actually using it :) and yours is not the first report, so it starts being a good indication that we should keep it.
If the generic syntax we'll come up with is convenient enough, we might actually drop it, but... you know, check back in 3/4 years?
We'll keep deprecated things (assuming we don't want to un-deprecate this) around for quite a while.
@dgibson: probably this is a sign we should un-deprecate that.