From 20736ee294c244d466b12a3fe5ed9d00f596411a Mon Sep 17 00:00:00 2001 From: Marc Barry <4965634+marc-barry@users.noreply.github.com> Date: Thu, 9 Nov 2023 15:00:45 -0500 Subject: [PATCH 1/2] Add support for port mappings. --- docker-entrypoint.sh | 31 +++++++++++++++++-------------- example2.yaml | 2 ++ 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 0c8a951..1ea2581 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -5,17 +5,22 @@ set -e # Default values for ACCEPT_UIDS and ACCEPT_GIDS DEFAULT_ACCEPT_UIDS="1010" # Default UID of Qtap DEFAULT_ACCEPT_GIDS="1010" # Default GID of Qtap - -DEFAULT_TO_PORT="10000" # Default listen port of Qtap +DEFAULT_PORT_MAPPING="10080:80,10443:443,10000:" # Set default values for ACCEPT_UIDS and ACCEPT_GIDS if they are not provided ACCEPT_UIDS="${ACCEPT_UIDS:-$DEFAULT_ACCEPT_UIDS}" ACCEPT_GIDS="${ACCEPT_GIDS:-$DEFAULT_ACCEPT_GIDS}" -TO_PORT="${TO_PORT:-$DEFAULT_TO_PORT}" +PORT_MAPPING="${PORT_MAPPING:-$DEFAULT_PORT_MAPPING}" apply_rules() { - local PORT_SPECIFIER="$1" + local TO_PORT="$1" + local DEST_PORT="$2" + + local PORT_SPECIFIER="" + if [[ -n "$DEST_PORT" ]]; then + PORT_SPECIFIER="--dport $DEST_PORT" + fi # Apply rules for UIDs IFS=',' read -ra UIDS <<< "$ACCEPT_UIDS" @@ -37,16 +42,14 @@ apply_rules() { fi } -# If DESTINATION_PORTS is set, split it into an array and apply rules for each port -if [[ -n "$DESTINATION_PORTS" ]]; then - IFS=',' read -ra DEST_PORTS <<< "$DESTINATION_PORTS" - for PORT in "${DEST_PORTS[@]}"; do - apply_rules "--dport $PORT" - done -else - # Apply rules without specifying dport - apply_rules "" -fi +IFS=',' read -ra MAPPINGS <<< "$PORT_MAPPING" +for MAPPING in "${MAPPINGS[@]}"; do + IFS=':' read -ra PORTS <<< "$MAPPING" + TO_PORT="${PORTS[0]}" + DEST_PORT="${PORTS[1]}" + + apply_rules "$TO_PORT" "$DEST_PORT" +done # Ensure the rules are set iptables -t nat -L -n -v diff --git a/example2.yaml b/example2.yaml index a3f58f3..b4d38ca 100644 --- a/example2.yaml +++ b/example2.yaml @@ -28,6 +28,8 @@ spec: image: us-docker.pkg.dev/qpoint-edge/public/qtap: ports: - containerPort: 10000 + - containerPort: 10080 + - containerPort: 10443 command: ["qtap"] args: ["gateway", "--no-hot-restart"] env: From d3395ebeb6341f637881eec20bb31c5c138843c1 Mon Sep 17 00:00:00 2001 From: Marc Barry <4965634+marc-barry@users.noreply.github.com> Date: Thu, 9 Nov 2023 15:52:13 -0500 Subject: [PATCH 2/2] Support setting TO_ADDR. --- Dockerfile | 2 +- docker-entrypoint.sh | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ab868e8..44c4e83 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.18 -RUN apk add --no-cache iptables bash && rm -rf /var/cache/apk/* +RUN apk add --no-cache bash bind-tools iptables && rm -rf /var/cache/apk/* COPY docker-entrypoint.sh /usr/local/bin/ diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 1ea2581..99da509 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -2,6 +2,10 @@ set -e +if [[ -n "$TO_DOMAIN" ]]; then + TO_ADDR=$(dig +short "$TO_DOMAIN" | head -n 1) +fi + # Default values for ACCEPT_UIDS and ACCEPT_GIDS DEFAULT_ACCEPT_UIDS="1010" # Default UID of Qtap DEFAULT_ACCEPT_GIDS="1010" # Default GID of Qtap