I'm porting Docker CE to openwrt (much more lightweight than boot2docker which use Tiny Core Linux. So far I've been able to rebuild openwrt with the required modules and I can finally run a container. BUT.
I need to run a registry, which will be spawn by an orchestrator (Docker Swarm) and then there is the problem :
I need to get match for state & ipvs working with iptable but it's not found. Docker swarm create rules to forward everything through overlay network & virtual IPs.
I don't see any module available for ipvs, is there a way for me to get it ? I already added the related kernel module now I need the user space stuff.
For state type it's a little bit different, because it is replaced by conntrack --ctstate (apparently). Unfortunatly I don't have the hand on the way Docker swarm manage its rules. Any way to get it back ? It's already there. Just not working ^^
edit: there are the two commands that fails :
iptables failed: iptables --wait -I DOCKER-INGRESS -m state -p tcp --sport 80 --state ESTABLISHED,RELATED -j ACCEPT
As said before, I have no control over the iptable commands, it's just the way Docker works so I can't change them. Is there anyway to put back the aliases ? It's just about a fair retro compatibility ^^ How can i put them back (I have restricted knowledge on Linux and i'm more like a C# dev) ?
Anything about the xt_ipvs extension ? Could I just compile iptables with static link enabled so everything would be packed in a standalone binary ?
Ps : I know openwrt is not meant to be used as a I'm doing it. I don't care about storage or disk footprint, i'm interested by the low RAM requirements. Boot2docker takes up to 2048mb with docker-machine. An initramfs with nothing running x64 version of tiny core linux on hyper-v wont even boot under 256mb ram. It-s more than I can afford.
My goal is to provide some lab appliance for test environments with a basic orchestration, just like a dev alike private cloud (I plan to do the same thing with k3s over openwrt which is a lightweight Kubernetes port).
I answered my own question, it does not.
Does anyone has an idea to make ipvs matches available with openwrt ? I really don't have a clue on how I could make it works since it seems there is no package at all for it
I'm looking for a solution to the missing iptables ipvs extension in OpenWRT. But I've already identified the cause of it. The iptables Makefile doesn't include the compiled library as a package. I'm currently investigating if the issue can be resolved by adding a new package with the library or if there are further requirements, issues that arise.
[Official] OpenWrt 22 doesn't have iptables installed [by default]