Kubernetes中Docker容器内部的Internet连接 [英] Internet connection inside Docker container in Kubernetes
问题描述
我有一个基于jenkins/slave容器的Kubernetes容器,我以特权模式将docker套接字和docker二进制文件与必要的内核模块一起安装到了该容器.在该容器内,我基于运行Docker容器的基础上构建Docker映像.在该容器中,我根本没有Internet连接,因为Pod容器使用法兰绒网络(198.x.x.x),而该容器使用桥接docker网络(172.x.x.x),这在Pod容器中不可用.如何使Internet在Kubernetes Pod容器内创建的第二个容器内可用?在Jenkins管道中使用Docker API并不是我的解决方案,只要它限制了错误日志的输出,并且由于构建后立即删除了该容器,我无法提交在第二个容器中所做的更改.
I have a Kubernetes pod based on jenkins/slave container to which I mount docker socket and docker binary file with necessary kernel module in privileged mode. Inside that pod I build Docker image basing on which I run docker container. Inside that container I don't have Internet connection at all because pod container uses flannel network (198.x.x.x) and that container uses bridged docker network (172.x.x.x) which is not available inside pod container. How can I make Internet to be available inside the second container which is being created inside Kubernetes pod container? Using Docker API in Jenkins pipeline is not a solution for me as long as it limits output of error logs and I can not commit changes made in the second container because of immediate removing of that container after build.
推荐答案
Not sure if this article will help you with this issue, JENKINS DECLARATIVE PIPELINES WITH KUBERNETES . This article shows a full stack on how to setup Jenkins in Kubernetes and also involves idea about Docker in Docker.
根据我的想法,我们可以将Pod容器标记为container1,将Pod中的容器标记为container2.
Based on my thought, we could mark as pod container as container1 and container in pod as container2.
我认为container1和container2应该位于同一主机中并共享同一docker引擎.因此,法兰网和docker网络应该一起设置.
I think container1 and container2 should locate in the same host and shared the same docker engine. So flannel network with docker network should setup together.
按照我的想法,container2的网络流应该来自container2-> docker0-> host,而不应该与container1无关.
As my idea, network flow for container2 should be from container2 -> docker0 -> host, should be not with container1.
请让我知道这是否合理,或者我们可以一起讨论,我认为这个问题非常有趣.
Just let me know if this should be reasonable, or we could discuss together, I think this question is very interesting.
这篇关于Kubernetes中Docker容器内部的Internet连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
