更改Docker容器中的默认路由
我有一个Docker容器连接到两个网络,即默认桥和自定义桥。通过默认值,它仅在默认网络中链接到另一个容器,并且通过自定义网桥,它在本地网络中获取IP地址。
LAN -- [homenet] -- container1 -- [bridge] -- container2sudo docker network inspect homenet
[{ "Name": "homenet",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": {},
"Config": [{ "Subnet": "192.168.130.0/24",
"Gateway": "192.168.130.8",
"AuxiliaryAddresses": { "DefaultGatewayIPv4": "192.168.130.3" }}]
},
"Internal": false,
"Containers": {
"$cid1": { "Name": "container",
"EndpointID": "$eid1_1",
"MacAddress": "$mac1_1",
"IPv4Address": "192.168.130.38/24", }
},
"Options": { "com.docker.network.bridge.name": "br-homenet" },
"Labels": {}}]
和桥:
sudo docker network inspect bridge[{
"Name": "bridge",
"Scope": "local",
"Driver": "bridge",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [{ "Subnet": "172.17.0.0/16" }]
},
"Internal": false,
"Containers": {
"$cid2": {
"Name": "container2",
"EndpointID": "$eid2",
"MacAddress": "$mac2",
"IPv4Address": "172.17.0.2/16",
"IPv6Address": "" },
"$cid1": {
"Name": "container1",
"EndpointID": "$eid1_2",
"MacAddress": "$mac1_2",
"IPv4Address": "172.17.0.3/16",
"IPv6Address": "" }
},
"Options": {
"com.docker.network.bridge.default_bridge": "true",
"com.docker.network.bridge.enable_icc": "true",
"com.docker.network.bridge.enable_ip_masquerade": "true",
"com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
"com.docker.network.bridge.name": "docker0",
"com.docker.network.driver.mtu": "1500"
},
"Labels": {}
}]
这在内部网络上效果很好,但是,我遇到了路由问题:
sudo docker exec -it container1 route -nKernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.0.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.130.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
如何将默认路由更改为192.169.130.3,以使该路由持续重启?
我可以在container1运行时更改它
pid=$(sudo docker inspect -f '{{.State.Pid}}' container1) sudo mkdir -p /var/run/netns
sudo ln -s /proc/$pid/ns/net /var/run/netns/$pid
sudo ip netns exec $pid ip route del default
sudo ip netns exec $pid ip route add default via 192.168.130.3
但是重启后就消失了。我该如何改变?
显然,网络的词典顺序也可能是问题的一部分。如果有机会,我将对其进行测试。
回答:
如果我理解这个问题,问题是:
我搜索了可用选项并进行了一些测试,当容器连接到多个网桥时,我没有找到任何docker命令行选项来指定默认路由或首选网桥作为默认桥。当我重新启动连接到默认桥(bridge)和自定义桥(your
homenet)的容器时,默认路由会自动设置为使用默认桥(gateway 172.17.0.1)。这与您描述的行为相对应。
:
docker run \ --cap-add NET_ADMIN \ # to allow changing net settings inside the container
--name container1 \
--restart always \ # restart policy
your_image \
/path/to/your_start_script.sh
的your_start_script.sh:
ip route del default ip route add default via 192.168.130.3
# here goes instructions/services your container is supposed to run
该脚本必须在容器内可用,它可以在共享文件夹(-v选项)上,或者在使用Dockerfile构建映像时加载。
注意:在将容器连接到自定义网桥(docker network connect homenet
container1)之前,your_start_script.sh它将崩溃,因为默认路由与任何可用的网络都不对应。
我测试了将ip route内部container1运行的输出记录为--restart always,将其连接到自定义桥后,它具有所需的默认路由。
docker events --filter "container=container1" |\ awk '/container start/ { system("/path/to/route_setting.sh") }'
其中route_setting.sh包含有关更改容器默认路线的说明:
pid=$(sudo docker inspect -f '{{.State.Pid}}' container1)sudo mkdir -p /var/run/netns
sudo ln -s /proc/$pid/ns/net /var/run/netns/$pid
sudo ip netns exec $pid ip route del default
sudo ip netns exec $pid ip route add default via 192.168.130.3
此解决方案避免为容器授予特殊权限,并将路由更改责任转移给主机。
以上是 更改Docker容器中的默认路由 的全部内容, 来源链接: utcz.com/qa/435983.html
