sdc-nat
This repository is part of the Joyent SmartDataCenter project (SDC). For contribution guidelines, issues, and general documentation, visit the main SDC project page.
A per-user NAT zone to support egress from otherwise internal zones. While not necessarily Docker-specific, the only starting user of this will be sdc-docker.
Current State
This is still very much alpha. Use at your own risk!
Overview
The basic idea is that a Docker container that exposes no ports should
still be able to reach out to the internet (e.g. a docker build
that
does a apt-get install ...
). We'll have a (lazily provisioned) "nat"
zone for each user that will be the default gateway on that user's
VLAN (see VXLAN). This nat zone should be an implementation detail from
the user's point of view.
VMs that have a public interface won't require this gateway, so the code path that does the lazy provision can skip these cases.
A plan for when to remove these zones is TBD. It should have some hysteresis so that a repeated cycle of 1 VM, 0 VMs, 1 VM for a given customer doesn't result in deletion and re-creation of their 'nat' zone.