使用主机 DNS 服务器的 Docker-compose 容器 [英] Docker-compose container using host DNS server

问题描述

我在自定义"桥接网络中的Ubuntu 16.10 服务器"上运行多个容器，使用 compose 2.9(在 yml 版本 2.1 中).我的大多数容器在内部使用相同的端口，因此我无法使用主机"网络驱动程序.我的容器都是链接在一起的，使用专用的 links 属性.

I'm running several containers on my "Ubuntu 16.10 Server" in a "custom" bridge network with compose 2.9 (in a yml version 2.1). Most of my containers are internally using the same ports, so there is no way for me to use the "host" network driver. My containers are all links together, using the dedicated links attribute.

但是，我还需要访问暴露在我的容器之外的服务.这些服务具有专用 URL，名称在我公司的 DNS 服务器中注册.虽然我可以使用公共 DNS 并从我的容器内访问任何公共服务，但我无法访问我的私有 DNS.

But, I also need to access services exposed outside of my containers. These services have dedicated URL with names registered in my company's DNS server. While I have no problem to use public DNS and reach any public service from within my containers, I just can't reach my private DNS.

您知道从容器中使用私有 DNS 的可行解决方案吗?或者更好的是，使用主机的网络 DNS 配置?

Do you know a working solution to use private DNS from a container? Or even better, use host's network DNS configuration?

PS:当然，我可以使用 docker-compose.yml 文件中服务中的 extra_hosts 属性链接到我公司的服务.但是……这绝对不是拥有 DNS 的目标.我不想在我的 YML 文件中注册我所有的服务，也不想在我公司每次更新服务的 IP 时更新它.

PS: Of course, I can link to my company's services using the extra_hosts attribute in my services in my docker-compose.yml file. But... that's definitively not the goal of having a DNS. I don't want to register all my services in my YML file, and I don't want to update it each time services' IP are updated in my company.

上下文:

• 主机:Ubuntu 16.10 服务器
• Docker 引擎:1.12.6
• Docker Compose:1.9.0
• docker-compose.yml: 2.1
• 网络:自己的网桥.

docker-compose.yml 文件(摘录):

version: '2.1'
  services:
    nexus:
    image: sonatype/nexus3:$NEXUS_VERSION
    container_name: nexus
    restart: always
    hostname: nexus.$URL
    ports:
      - "$NEXUS_81:8081"
      - "$NEXUS_443:8443"
    extra_hosts:
      - "repos.private.network:192.168.200.200"
    dns:
      - 192.168.3.7
      - 192.168.111.1
      - 192.168.10.5
      - 192.168.10.15
    volumes_from:
      - nexus-data
    networks:
      - pic

  networks:
    pic:
      driver: bridge
      ipam:
        driver: default
        config:
          - subnet: 172.18.0.0/16
            gateway: 172.18.0.1

我尝试使用和不使用 pic 网络的 ipam 配置，但没有任何运气.

I tried with and without the ipam configuration for the pic network, without any luck.

测试和测试结果:docker exec -ti nexus curl repos.private.network正确返回此服务提供的 HTML 页面

Tests & Results: docker exec -ti nexus curl repos.private.network returns properly the HTML page served by this service

docker exec -ti nexus curl another-service.private.network返回 curl: (6) 无法解析主机:another-service.private.network;名称或服务未知而 curl another-service.private.network 从主机返回适当的 HTML 页面.

docker exec -ti nexus curl another-service.private.network Returns curl: (6) Could not resolve host: another-service.private.network; Name or service not known While curl another-service.private.network from the host returns the appropriate HTML page.

当然"another-service.private.network 在我的 4 个 DNS 服务器(192.168.3.7、192.168.111.1、192.168.10.5、192.168.10.15)中是已知的.

And "of course" another-service.private.network is known in my 4 DNS servers (192.168.3.7, 192.168.111.1, 192.168.10.5, 192.168.10.15).

推荐答案

你没有指定你在 Mac、Windows 或 Unix 中运行 docker-compose 的环境，所以这将取决于有什么变化需要.您也没有指定是否在用户创建的桥接网络上使用 docker 中的默认桥接网络.

You don't specify which environment you're running docker-compose in e.g Mac, Windows or Unix, so it will depend a little bit on what changes are needed. You also don't specify if you're using the default bridge network in docker on a user created bridge network.

无论哪种情况，默认情况下，Docker 都应该尝试将 DNS 解析从 Docker 主机映射到您的容器中.因此，如果您的 Docker 主机可以解析私有 DNS 地址，那么理论上您的容器也应该能够解析.

In either case, by default, Docker should try and map DNS resolution from the Docker Host into your containers. So if your Docker Host can resolve the private DNS addresses, then in theory your containers should be able to as well.

我建议阅读这个官方 Docker DNS 文档，因为它非常合理.此处是默认的 Docker 网桥网络，此处 用于用户创建的桥接网络.

I'd recommend reading this official Docker DNS documentation as it is pretty reasonable. Here for the default Docker bridge network, here for user created bridge networks.

一个小问题是，如果您使用 Docker for Mac、Docker Machine 或 Docker for Windows 运行，您需要记住，您的 Docker 主机实际上是在您的机器上运行的虚拟机，而不是物理机器本身，因此您需要确保 VM 设置了正确的 DNS 解析选项.您将需要重新启动容器，以便它们获取对 DNS 解析的更改.

A slight gotcha is if you're running using Docker for Mac, Docker Machine or Docker for Windows you need to remember that your Docker Host is actually the VM running on your machine and not the physical box itself, so you need to ensure that the VM has the correct DNS resolution options set. You will need to restart your containers for changes to DNS resolution to be picked up by them.

您当然可以使用 docker-compose 覆盖所有默认设置.它具有用于显式设置 DNS 服务器、DNS 搜索选项等的完整选项.例如:

You can of course override all the default settings using docker-compose. It has full options for explicitly setting DNS servers, DNS search options etc. As an example:

version: 2
services:
 application:
  dns:
   - 8.8.8.8
   - 4.4.4.4
   - 192.168.9.45

您可以在此处找到有关这些功能的文档.

You'll find the documentation for those features here.

这篇关于使用主机 DNS 服务器的 Docker-compose 容器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！