Understanding Tunnel Origins in Containers
Summary
DxOdyssey or DxEnterprise running in containers can act as an origin node or gateway for tunnels and Vhosts (including tunnel groups such as .ACTIVE and .PART). How tunnel origins are exposed depends on the container platform in use.
- Kubernetes exposes tunnel origins using Services (LoadBalancer or NodePort).
- Container runtimes such as Docker or Podman require tunnel ports to be explicitly mapped at container startup.
Information
Kubernetes
Kubernetes allows networking to be modified independently of running pods. Tunnel origins can be added to running pods by creating or updating a Kubernetes Service and then adding the tunnel origin to your DxEnterprise or DxOdyssey configuration.
For external connectivity, use a LoadBalancer or NodePort service depending on your environment. For more information, see the Kubernetes documentation on Services.
Docker and Podman
Container runtimes such as Docker and Podman require all listening ports to be defined when the container is created. Port mappings cannot be added or modified after the container has started.
As a result:
- Tunnel origin ports must be mapped at container runtime using the
-p(publish) flag. - If required ports are not mapped when the container is created, the container must be recreated with the correct port mappings.
This behavior applies equally to Docker and Podman.
Updating Port Mappings Safely
Container port mappings can be safely updated if persistent data is stored using volume mounts.
DH2i recommends using volume mounts—particularly for the /etc/dh2i directory—to preserve configuration data across container restarts or re-creations. When a new container is started with the same /etc/dh2i volume, it can automatically rejoin its cluster or gateway group with its previous configuration intact.
If a container does not use volume mounts, the container image must be recreated using a commit operation (for example, docker commit or podman commit) before launching a new container with updated port mappings. This approach is functional but not recommended for long-term data persistence.
For step-by-step procedures, see: