原因是 firewalld 的没有信任 docker 的 ip 地址,stackoverflower 中也有类似的问题。
将所有 docker 的 ip 添加都白名单即可。

解决过程如下:

ifconfig
br-0e1da8b59f79: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.19.0.1  netmask 255.255.0.0  broadcast 172.19.255.255
        ether 02:42:2d:4c:80:73  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

br-c35db444ec17: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        inet6 fe80::42:97ff:fe8a:b5f  prefixlen 64  scopeid 0x20<link>
        ether 02:42:97:8a:0b:5f  txqueuelen 0  (Ethernet)
        RX packets 9  bytes 252 (252.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 115  bytes 12618 (12.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:0e:b4:47:5b  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

将 ip 添加到信任区域

firewall-cmd  --zone=trusted --add-source=172.17.0.1/16 --permanent
firewall-cmd  --zone=trusted --add-source=172.18.0.1/16 --permanent
firewall-cmd  --zone=trusted --add-source=172.19.0.1/16 --permanent
firewall-cmd --reload
Logo

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐