docker - 没有来自容器的网络连接在 MacOS 上的 Docker-in-Docker 容器中运行
问题描述
dind我已经根据https://hub.docker.com/_/docker上的说明设置了图像
如何配置网络,以便从容器内运行的 docker 容器dind可以访问互联网?
目前,wget,curl和apk update直接在从dind映像运行的容器中正常工作,但是当使用 a 运行某些内容时,docker run它无法获取外部源
例如,使用标准ubuntu:latest运行apt-get update
bash-5.1# docker container run -it --rm --net=host ubuntu apt-get update
Err:1 http://archive.ubuntu.com/ubuntu focal InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu focal-security InRelease
Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease
Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-backports/InRelease Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/focal-security/InRelease Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
bash-5.1#
curl一件事是,wget在https://hub.docker.com/r/curlimages/curl和https://hub.docker.com/r/cirrusci/wget使用预先构建的容器,SSL 似乎是适合允许各自的命令运行除了标准apk update或apk add <package>
Docker 客户端和服务器都是 20.10.8(dind 是标签:docker:20.10.8-dind)。在主机上运行 Docker Desktop for MacOS v20.10.8。
Client:
Version: 20.10.8
API version: 1.41
Go version: go1.16.6
Git commit: 3967b7d
Built: Fri Jul 30 19:50:40 2021
OS/Arch: linux/amd64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.8
API version: 1.41 (minimum version 1.12)
Go version: go1.16.6
Git commit: 75249d8
Built: Fri Jul 30 19:55:09 2021
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.4.9
GitCommit: e25210fe30a0a703442421b0f60afac609f950a3
runc:
Version: 1.0.1
GitCommit: v1.0.1-0-g4144b638
docker-init:
Version: 0.19.0
GitCommit: de40ad0
使用Docker Hub 主页面中的指令dind启动容器:docker-composedind
orchestrator:
privileged: true
image: orchestrator
stdin_open: false
tty: true
networks:
main_network:
aliases:
- docker
build:
context: .
dockerfile: Dockerfile
init: true
volumes:
- .:/opt/app
- basestack_docker_certs_ca:/certs/ca
- basestack_docker_certs_client:/certs/client:ro
environment:
DOCKER_TLS_CERTDIR: "/certs"
command: "--dns 8.8.8.8"
restart: unless-stopped
container_name: orchestrator
经过一番挖掘,我发现(MacOS 的 Docker 桌面)https://docs.docker.com/desktop/mac/networking/ config 不会像 Linux 那样创建 docker0 网桥,这可能是问题吗?
另一件需要注意的事情是,如果我使用--net=host它,它将分配与 DinD 容器相同的 IP,这将起作用(apt-get 在来自 DinD 的 ubuntu 实例中)。
我已经测试了从 Win10 和 Ubuntu20 中的 DinD 映像运行的容器的桥接(默认)网络,并且网络连接工作正常。例如在 Linux 上:
br-8c25f65c698a: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255
ether 02:42:f5:5f:39:a6 txqueuelen 0 (Ethernet)
RX packets 6189 bytes 343616 (343.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9717 bytes 86927032 (86.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br-defc39de0a0f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
ether 02:42:7d:14:ef:2b txqueuelen 0 (Ethernet)
RX packets 14 bytes 852 (852.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33 bytes 3274 (3.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255
ether 02:42:26:4c:b3:fa txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
并且来自 DinD的/etc/hostsfor run 与桥对齐ubuntudocker0
root@cb37b9fb3b85:/# cat /etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 cb37b9fb3b85
这主要是由于 SSL 问题吗?如果是这样,是否可以使用dind网络将证书正确安装到容器中?
或者,有没有办法在从 DinD 运行容器时使用默认桥接网络,并且仍然可以使用 Docker Desktop for MacOS 访问互联网?
解决方案
推荐阅读
- go - Go,用价值理解上下文
- amazon-web-services - ping S3 静态托管存储桶每次返回不同的 IP 地址
- c# - 有没有办法将 Break 应用于此 For 循环?
- java - 如何通过进入我在 Visual Studio Code 中拥有源代码的 jar 文件代码来调试代码?
- c++ - 名称有空格的文件没有被编译
- java - Intellij 突出显示不存在的错误,认为未导入 LWJGL
- python - TypeError:字符串索引必须是整数 describe_vpc_endpoints boto3
- c++ - 强制 Excel 将数字视为字符串
- mysql - 如何在 MySQL 中选择冠军得主
- javascript - “Uncaught TypeError: seat[Symbol.iterator] is not a function”是什么意思?