在kubernetes中运行的Docker容器内，通过编织作为网络没有互联网连接 [英] No internet connectivity inside docker container running inside kubernetes with weave as networking

问题描述

我有一个在AWS EC2实例上运行的kubernetes集群，并编织为网络(cni).我已经禁用了docker网络(ipmask和iptables)，因为它是由weave管理的(以避免网络冲突).

I have a kubernetes cluster that is running on AWS EC2 instances and weave as networking(cni). I have disabled the docker networking(ipmask and iptables) as it is managed by weave(to avoid network conflicts).

我已经将我的Jenkins作为K8s pod部署在该集群上，并且这个jenkins使用jenkins kubernetes插件基于我定义的pod和容器模板生成了动态的slave.这些从属容器中具有docker客户端，该客户端通过docker.sock连接到主机docker引擎.

I have deployed my Jenkins on this cluster as K8s pod and this jenkins uses jenkins kubernetes plugin to spawn dynamic slaves based on pod and container template which I have defined. These slaves container have docker client in it which connects to the host docker engine via docker.sock

因此，当我在Jenkins中运行任何作业时，它将启动一个从属服务器，并在此服务器上克隆git存储库，并开始构建存储库中存在的Dockerfile.

So when I run any job in Jenkins it starts a slave and on this it clones a git repo and starts building the Dockerfile present inside the repo.

我的示例dockerfile看起来像这样:

My sample dockerfile looks like this:

FROM abc:123
RUN yum update

因此，当容器开始构建容器时，它将尝试连接到redhat仓库以更新本地仓库，并在此处失败.为了调试，我登录到该容器并尝试wget/CURL一些软件包，发现该容器中没有Internet连接.

So when container starts building this it tries connecting to redhat repo to update the local repo and fails here. To debug I logged in to this container and try wget/CURL some packages and finds that there is no internet connectivity in this container.

我怀疑在构建docker时会启动中间容器，并且这些容器没有通过编织进行管理，因此它们没有Internet连接.

I suspect that while building docker starts intermediate containers and those containers are not managed by weave so they do not have internet connectivity.

需要建议.

Need suggestions.

相关问题: Kubernetes中Docker容器内部的Internet连接

推荐答案

好吧，经过很多努力，我终于找到了解决方法.
因此，每当K8s启动Pod时，它都会启动Sidecart容器，其作用主要是为Pod容器提供网络.
因此，在运行docker build时，如果我将其容器ID作为网络传递，那么我的中间上下文便开始通过此容器获得Internet连接. 因此更改看起来像这样:

Ok finally after lot of struggle I find the solution.
So when ever K8s starts a pod it starts a sidecart container whose role is basically to provide network to pod containers.
So while running docker build if I pass it's container ID as network then my intermediate contexts start getting internet connectivity via this container. So changes looks something like this:

docker build -t "some name" --network container:\$(docker ps | grep \$(hostname) | grep k8s_POD | cut -d\" \" -f1) -f infra/docker/Dockerfile .

希望这会有所帮助. :D

Hope this helps. :D

这篇关于在kubernetes中运行的Docker容器内，通过编织作为网络没有互联网连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！