Runc配置容器ip并且配置对外转发
一 配置网络环境我们需要brctl来创建网桥yum install -y bridge-utilsbrctl show创建网桥 并且给网桥配置ip 这个网桥可以理解为就是一个交换机brctl addbr test0ip link set test0 upip addr add 10.12.0.1/24 dev test0在网桥创建两个网卡 并且veth0-host绑定在 test0的网桥上面ip
·
一 配置网络环境
我们需要brctl来创建网桥
yum install -y bridge-utils
brctl show
创建网桥 并且给网桥配置ip 这个网桥可以理解为就是一个交换机
brctl addbr test0
ip link set test0 up
ip addr add 10.12.0.1/24 dev test0
在网桥创建两个网卡 并且veth0-host绑定在 test0的网桥上面
ip link add name veth0-host type veth peer name veth0-ns
ip link set veth0-host up
brctl addif test0 veth0-host
创建网络ns
ip netns add mycontainer
ip link set veth0-ns netns mycontainer
配置容器内部网卡
添加路由
并且启动
ip netns exec mycontainer ip link set veth0-ns name eth0
ip netns exec mycontainer ip addr add 10.12.0.2/24 dev eth0
ip netns exec mycontainer ip link set eth0 up
ip netns exec mycontainer ip addr add 127.0.0.1 dev lo
ip netns exec mycontainer ip link set lo up
ip netns exec mycontainer ip route add default via 10.12.0.1
二 启动容器
//网络这块的配置主要是配置你的 网络ns的名称
{
"type": "network",
"path": "/var/run/netns/mycontainer"
},
{
"ociVersion": "1.0.2-dev",
"process": {
"terminal": false,
"user": {
"uid": 0,
"gid": 0
},
"args": [
"/app/httpserver"
],
"env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
"TERM=xterm"
],
"cwd": "/",
"capabilities": {
"bounding": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"effective": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"inheritable": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"permitted": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
],
"ambient": [
"CAP_AUDIT_WRITE",
"CAP_KILL",
"CAP_NET_BIND_SERVICE"
]
},
"rlimits": [
{
"type": "RLIMIT_NOFILE",
"hard": 1024,
"soft": 1024
}
],
"noNewPrivileges": true
},
"root": {
"path": "rootfs",
"readonly": false
},
"hostname": "runc",
"mounts": [
{
"destination": "/app",
"type": "bind",
"source": "/app",
"options": ["rbind","rw"]
},
{
"destination": "/proc",
"type": "proc",
"source": "proc"
},
{
"destination": "/dev",
"type": "tmpfs",
"source": "tmpfs",
"options": [
"nosuid",
"strictatime",
"mode=755",
"size=65536k"
]
},
{
"destination": "/dev/pts",
"type": "devpts",
"source": "devpts",
"options": [
"nosuid",
"noexec",
"newinstance",
"ptmxmode=0666",
"mode=0620",
"gid=5"
]
},
{
"destination": "/dev/shm",
"type": "tmpfs",
"source": "shm",
"options": [
"nosuid",
"noexec",
"nodev",
"mode=1777",
"size=65536k"
]
},
{
"destination": "/dev/mqueue",
"type": "mqueue",
"source": "mqueue",
"options": [
"nosuid",
"noexec",
"nodev"
]
},
{
"destination": "/sys",
"type": "sysfs",
"source": "sysfs",
"options": [
"nosuid",
"noexec",
"nodev",
"ro"
]
},
{
"destination": "/sys/fs/cgroup",
"type": "cgroup",
"source": "cgroup",
"options": [
"nosuid",
"noexec",
"nodev",
"relatime",
"ro"
]
}
],
"linux": {
"resources": {
"devices": [
{
"allow": false,
"access": "rwm"
}
]
},
"namespaces": [
{
"type": "pid"
},
{
"type": "network",
"path": "/var/run/netns/mycontainer"
},
{
"type": "ipc"
},
{
"type": "uts"
},
{
"type": "mount"
}
],
"maskedPaths": [
"/proc/acpi",
"/proc/asound",
"/proc/kcore",
"/proc/keys",
"/proc/latency_stats",
"/proc/timer_list",
"/proc/timer_stats",
"/proc/sched_debug",
"/sys/firmware",
"/proc/scsi"
],
"readonlyPaths": [
"/proc/bus",
"/proc/fs",
"/proc/irq",
"/proc/sys",
"/proc/sysrq-trigger"
]
}
}
rc run -d test > test.out 2>&1
rc list
三 配置iptables规则对外做dnat转发
iptables -t nat -I PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.12.0.2:9090
#这里需要注意在sysctl重开启转发
net.ipv4.ip_forward = 1
四 共享网络ns
修改config.json 的args换个端口
"args": [
"/app/httpserver","-port","9091"
],
rc run -d test02> test2.out 2>&1
权威|前沿|技术|干货|国内首个API全生命周期开发者社区
更多推荐
0
0- 0
已为社区贡献3条内容
所有评论(0)