当前位置: 首页 > news >正文

containerd手动配置容器网络

news 2025/7/8 5:00:53

containerd手动配置容器网络

  • 机器详情
  • nerdctl启动一个不带网络的容器
  • 获取容器ID、PID与network namespace路径
  • 准备bridge插件的执行配置文件
  • 通过下面的命令调用bridge插件
  • 准备tuning插件文件
  • 执行下面的命令调用tuning插件
  • 准备portmap插件文件
  • 执行下面的命令调用portmap插件
  • 删除网络

机器详情

操作系统:Ubuntu 22.04.4 LTS
内核版本:5.15.0-112-generic
containerd版本:v1.7.1
nerdctl版本:1.0.0

nerdctl启动一个不带网络的容器

nerdctl  run -d --network none swr.cn-north-4.myhuaweicloud.com/ctl456/nginx:latest

获取容器ID、PID与network namespace路径

nerdctl ps

在这里插入图片描述

nerdctl inspect 容器ID -f '{{ .State.Pid }}'

在这里插入图片描述此时可以查看容器网络命名空间中的网络接口,可以看到网络命名空间内只有一个网络回环接口lo,并没有其他任何配置

nsenter -t PID -n ip a

在这里插入图片描述network namespace路径

/proc/PID/ns/net

准备bridge插件的执行配置文件

vim bridge.json

{"cniVersion": "1.0.0","name": "dbnet","type": "bridge","bridge": "mycni0","isGateway": true,"keyA": ["some more","plugin specific","configuration"],"ipam": {"type": "host-local","subnet": "10.1.0.0/16","routes": [{"dst": "0.0.0.0/0"}]},"dns": {"nameservers": ["10.1.0.1"]}
}

通过下面的命令调用bridge插件

CNI_COMMAND=ADD CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/bridge < ~/bridge.json

成功返回如下的内容

root@ubuntu:~# CNI_COMMAND=ADD CNI_CONTAINERID=3cc3646b6e9c CNI_NETNS=/proc/1377/ns/net CNI_IFNAME=eth0 CNI_PATHcni/bin /opt/cni/bin/bridge < ~/bridge.json
{"cniVersion": "1.0.0","interfaces": [{"name": "mycni0","mac": "12:15:f7:e2:95:cd"},{"name": "veth9bfbdf99","mac": "22:0d:c2:3d:48:ca"},{"name": "eth0","mac": "3a:98:85:45:f5:af","sandbox": "/proc/1377/ns/net"}],"ips": [{"interface": 2,"address": "10.1.0.2/16","gateway": "10.1.0.1"}],"routes": [{"dst": "0.0.0.0/0"}],"dns": {"nameservers": ["10.1.0.1"]}
root@ubuntu:~#

可以再次提供如下的命令查看容器IP

nsenter -t PID -n ip a

在这里插入图片描述查看物理机的IP
在这里插入图片描述查看物理机路由
在这里插入图片描述
可以通过容器的IP访问到nginx服务
在这里插入图片描述

准备tuning插件文件

vim tuning.json​​

{"cniVersion": "1.0.0","name": "dbnet","type": "tuning","sysctl": {"net.core.somaxconn": "500"},"runtimeConfig": {"mac": "00:11:22:33:44:66"}, /*替换capabilities,将eth0的mac值调整为测试值*/"prevResult": { /*调用bridge插件放回的内容*/"interfaces": [{"name": "mycni0","mac": "12:15:f7:e2:95:cd"},{"name": "veth9bfbdf99","mac": "22:0d:c2:3d:48:ca"},{"name": "eth0","mac": "3a:98:85:45:f5:af","sandbox": "/proc/1377/ns/net"}],"ips": [{"interface": 2,"address": "10.1.0.2/16","gateway": "10.1.0.1"}],"routes": [{"dst": "0.0.0.0/0"}],"dns": {"nameservers": ["10.1.0.1"]}}
}

执行下面的命令调用tuning插件

CNI_COMMAND=ADD CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/tuning < ~/tuning.json

成功返回如下的内容

root@ubuntu:~# CNI_COMMAND=AD​​D​​ CNI_CONTAI​​NERID=3cc3646b6e9c CNI_NETNS=/proc/1377/ns/net CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/tuning < ~/tuning.json​​ 
{"cniVersion": "1.0.0","interfaces": [{"name": "mycni0","mac": "12:15:f7:e2:95:cd"},{"name": "veth9bfbdf99","mac": "22:0d:c2:3d:48:ca"},{"name": "eth0","mac": "00:11:22:33:44:66","sandbox": "/proc/1377/ns/net"}],"ips": [{"interface": 2,"address": "10.1.0.2/16","gateway": "10.1.0.1"}],"routes": [{"dst": "0.0.0.0/0"}],"dns": {"nameservers": ["10.1.0.1"]}
}root@ubuntu:~#

可以通过如下的命令查看容器IP的mac地址是否修改

nsenter -t PID -n ip a

在这里插入图片描述

准备portmap插件文件

vim portmap.json

{"cniVersion": "1.0.0","name": "dbnet","type": "portmap","runtimeConfig": {"portMappings": [{"hostPort": 8080,"containerPort": 80,"protocol": "tcp"}]},"prevResult": {"interfaces": [{"name": "mycni0","mac": "12:15:f7:e2:95:cd"},{"name": "veth9bfbdf99","mac": "22:0d:c2:3d:48:ca"},{"name": "eth0","mac": "00:11:22:33:44:66","sandbox": "/proc/1377/ns/net"}],"ips": [{"interface": 2,"address": "10.1.0.2/16","gateway": "10.1.0.1"}],"routes": [{"dst": "0.0.0.0/0"}],"dns": {"nameservers": ["10.1.0.1"]}}
}

执行下面的命令调用portmap插件

CNI_COMMAND=ADD CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/portmap < ~/portmap.json

成功返回如下的内容

root@ubuntu:~# CNI_COMMAND=ADD CNI_CONTAINERID=3cc3646b6e9c CNI_NETNS=/proc/1377/ns/net CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/portmap <​​ ~/portmap.json 
{"cniVersion": "1.0.0","interfaces": [{"name": "mycni0","mac": "12:15:f7:e2:95:cd"},{"name": "veth9bfbdf99","mac": "22:0d:c2:3d:48:ca"},{"name": "eth0","mac": "00:11:22:33:44:66","sandbox": "/proc/1377/ns/net"}],"ips": [{"interface": 2,"address": "10.1.0.2/16","gateway": "10.1.0.1"}],"routes": [{"dst": "0.0.0.0/0"}],"dns": {"nameservers": ["10.1.0.1"]}
}root@ubuntu:~#

可以通过物理及的IP:8080访问到容器的nginx服务
在这里插入图片描述

删除网络

创建网络时,容器运行时按照顺序依次调用bridge、tuning、portmap插件,而删除网络时,则按照相反的顺序依次调用portmap、tuning、bridge插件。

CNI_COMMAND=DEL CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/portmap < ~/portmap.json

CNI_COMMAND=DEL CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/tuning < ~/tuning.json

vim bridge-del.json

{"cniVersion": "1.0.0","name": "dbnet","type": "bridge","bridge": "mycni0","isGateway": true,"keyA": ["some more","plugin specific","configuration"],"ipam": {"type": "host-local","subnet": "10.1.0.0/16","routes": [{"dst": "0.0.0.0/0"}]},"dns": {"nameservers": ["10.1.0.1"]},"prevResult": {"interfaces": [{"name": "mycni0","mac": "12:15:f7:e2:95:cd"},{"name": "veth9bfbdf99","mac": "22:0d:c2:3d:48:ca"},{"name": "eth0","mac": "3a:98:85:45:f5:af","sandbox": "/proc/1377/ns/net"}],"ips": [{"interface": 2,"address": "10.1.0.2/16","gateway": "10.1.0.1"}],"routes": [{"dst": "0.0.0.0/0"}],"dns": {"nameservers": ["10.1.0.1"]}}
}

CNI_COMMAND=DEL CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/bridge < ~/bridge-del.json
http://www.lryc.cn/news/379769.html

相关文章:

  • 数据迁移到 Django 模型表:详尽指南
  • 代码随想三刷二叉树篇4
  • 『大模型笔记』如何让小型语言模型发挥作用!
  • jnp.diag
  • bert文本分类微调笔记
  • 运维:k8s常用命令大全
  • PHP基础之错误与异常
  • 详解Spring AOP(一)
  • 读者写者问题(读者优先、公平竞争、写者优先)
  • Springboot开发之 Excel 处理工具(二)-- Easyexcel
  • 6月27日云技术研讨会 | 中央集中架构新车型功能和网络测试解决方案
  • 微信小程序生命周期
  • 【JS重点15】原型对象概述
  • Java之Hutool/Guava/Apache Commons工具包项目实践
  • 哈喽GPT-4o——对GPT-4o 提示词的思考与看法
  • 《计算机英语》 Unit 3 Software Engineering 软件工程
  • 2024-6-18(沉默Spring,Springboot)
  • Java热部署:让应用更新如丝般顺滑,告别繁琐重启!
  • 微信小程序毕业设计-小区疫情防控系统项目开发实战(附源码+论文)
  • PyTorch -- RNN 快速实践
  • SpringBoot 快速入门(保姆级详细教程)
  • 【第18章】Vue实战篇之登录界面
  • [C++]使用C++部署yolov10目标检测的tensorrt模型支持图片视频推理windows测试通过
  • 分享uniapp + Springboot3+vue3小程序项目实战
  • Ubuntu 24.04安装zabbix7.0.0图形中文乱码
  • MybatisPlus 调用 原生SQL
  • 1.SG90
  • 【yolov8语义分割】跑通:下载yolov8+预测图片+预测视频
  • 基于STM8系列单片机驱动74HC595驱动两个3位一体的数码管
  • Jlink下载固件到RAM区