Ahoj,
na zaklade
https://www.edc4it.com/blog/rootless-docker testuji vykon site pro rootless vs rootfull docker (debian 12+docker repo). Jen si chci overit, ze to testuji spravne resp. ze propustnost v rootless pres slirp4netns mezi container<->host je fakt takhle mala:
Rootless container<->host
dockeruser@docker-01:~$ docker run -it --rm networkstatic/iperf3 -c 192.168.X.Y
Connecting to host 192.168.X.Y, port 5201
[ 5] local 172.17.0.3 port 45974 connected to 192.168.X.Y port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 28.8 MBytes 241 Mbits/sec 0 68.4 KBytes
[ 5] 1.00-2.00 sec 28.8 MBytes 241 Mbits/sec 0 68.4 KBytes
[ 5] 2.00-3.00 sec 35.0 MBytes 294 Mbits/sec 0 68.4 KBytes
[ 5] 3.00-4.00 sec 27.5 MBytes 231 Mbits/sec 0 68.4 KBytes
[ 5] 4.00-5.00 sec 33.8 MBytes 283 Mbits/sec 0 68.4 KBytes
[ 5] 5.00-6.00 sec 32.5 MBytes 273 Mbits/sec 0 68.4 KBytes
[ 5] 6.00-7.00 sec 38.8 MBytes 325 Mbits/sec 0 68.4 KBytes
[ 5] 7.00-8.00 sec 50.0 MBytes 419 Mbits/sec 0 68.4 KBytes
[ 5] 8.00-9.00 sec 20.0 MBytes 168 Mbits/sec 0 68.4 KBytes
[ 5] 9.00-10.00 sec 40.0 MBytes 335 Mbits/sec 0 68.4 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 335 MBytes 281 Mbits/sec 0 sender
[ 5] 0.00-10.04 sec 332 MBytes 277 Mbits/sec receiver
dockeruser@docker-01:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
a0f2efa2d404 bridge bridge local
3c4866d0a70e host host local
c5ed0bee3739 none null local
b2be15dd6e13 redis_default bridge local
Rootless container<->container
dockeruser@docker-01:~$ docker run -it --rm networkstatic/iperf3 -c $SERVER_IP
Connecting to host 172.17.0.2, port 5201
[ 5] local 172.17.0.3 port 58482 connected to 172.17.0.2 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.25 GBytes 10.7 Gbits/sec 0 1.71 MBytes
[ 5] 1.00-2.00 sec 1.33 GBytes 11.5 Gbits/sec 0 2.53 MBytes
[ 5] 2.00-3.00 sec 1.54 GBytes 13.3 Gbits/sec 0 3.07 MBytes
[ 5] 3.00-4.00 sec 1.68 GBytes 14.5 Gbits/sec 0 3.07 MBytes
[ 5] 4.00-5.00 sec 2.07 GBytes 17.8 Gbits/sec 0 3.07 MBytes
[ 5] 5.00-6.00 sec 2.11 GBytes 18.1 Gbits/sec 0 3.07 MBytes
[ 5] 6.00-7.00 sec 2.19 GBytes 18.8 Gbits/sec 0 3.07 MBytes
[ 5] 7.00-8.00 sec 2.20 GBytes 18.9 Gbits/sec 0 3.07 MBytes
[ 5] 8.00-9.00 sec 2.14 GBytes 18.4 Gbits/sec 0 3.07 MBytes
[ 5] 9.00-10.00 sec 2.17 GBytes 18.6 Gbits/sec 0 3.07 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 18.7 GBytes 16.1 Gbits/sec 0 sender
[ 5] 0.00-10.04 sec 18.7 GBytes 16.0 Gbits/sec receiver
dockeruser@docker-01:~$ docker network ls
NETWORK ID NAME DRIVER SCOPE
a0f2efa2d404 bridge bridge local
3c4866d0a70e host host local
c5ed0bee3739 none null local
b2be15dd6e13 redis_default bridge local
Rootfull container<->host
root@docker-01:~# docker run -it --rm networkstatic/iperf3 -c 192.168.X.Y
Connecting to host 192.168.X.Y, port 5201
[ 5] local 172.17.0.3 port 50708 connected to 192.168.X.Y port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.98 GBytes 17.0 Gbits/sec 0 3.10 MBytes
[ 5] 1.00-2.00 sec 1.89 GBytes 16.2 Gbits/sec 0 3.10 MBytes
[ 5] 2.00-3.00 sec 2.06 GBytes 17.7 Gbits/sec 0 3.10 MBytes
[ 5] 3.00-4.00 sec 1.72 GBytes 14.8 Gbits/sec 0 3.10 MBytes
[ 5] 4.00-5.00 sec 1.93 GBytes 16.6 Gbits/sec 0 3.10 MBytes
[ 5] 5.00-6.00 sec 1.73 GBytes 14.9 Gbits/sec 275 3.10 MBytes
[ 5] 6.00-7.00 sec 1.88 GBytes 16.2 Gbits/sec 0 3.10 MBytes
[ 5] 7.00-8.00 sec 2.18 GBytes 18.7 Gbits/sec 117 3.10 MBytes
[ 5] 8.00-9.00 sec 2.06 GBytes 17.7 Gbits/sec 0 3.10 MBytes
[ 5] 9.00-10.00 sec 1.89 GBytes 16.3 Gbits/sec 0 3.10 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 19.3 GBytes 16.6 Gbits/sec 392 sender
[ 5] 0.00-10.04 sec 19.3 GBytes 16.5 Gbits/sec receiver
root@docker-01:~# docker network ls
NETWORK ID NAME DRIVER SCOPE
cedfc6a7236a bridge bridge local
583daee39b67 host host local
Predpokladam, ze ty testy byly typu network=host. Zatim mi unika, proc u redis_default je network=bridge, to jsem myslel, ze v rootless mode nejde. Zahledl jsem, ze podman by uz mel podporovat network=pasta, ale ke konfiguraci/vyzkouseni jsem se zatim nedostal. Ma nekdo rootless mode v nejakem provozu a muze potvrdit, ze propad vykonu je proti rootfull skutecne az takhle?
Diky