一、容器与宿主机之间的连通性
查看宿主机防火墙状态
如果能够敞开宿主机防火墙即可通信。
如果不能敞开防火墙,可凋谢宿主机相干接口,及容许拜访id
留神:凋谢ip肯定是容器在宿主机上的虚构ip,而不是宿主机的ip地址
#通过命令查看宿主机下容器的虚构网络ipip a# 查看宿主机防火墙对外开放的ip及端口cat /etc/firewalld/zones/public.xml# 以root身份进入容器docker exec -it -u root 61da8089ca0a /bin/sh# 查看是否能够通信ping 宿主机ip#从新加载防火墙firewall-cmd --reload问题1【Docker】启动container的时候呈现iptables: No chain/target/match by that name
#具体错误信息Error response from daemon: driver failed programming external connectivity on endpoint jenkins (a8ea15bf9b3dbed599d059d638f79f9dd5e875556c39bfb41e6563d3feedb81b): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 50000 -j DNAT --to-destination 172.18.0.6:50000 ! -i br-031aa3930383: iptables: No chain/target/match by that name.谬误是因为网关重新启动了,导致docker network无奈对新container进行网络配置,也就是没有网管的操作权限,做重启解决
解决形式:重启docker
service docker restart# 或systemctl restart docker二、容器之间的连通性(同一宿主机)
容器之间联通,次要是将须要互通的容器放到同一网络内即可
1.通过docker间接启动的容器
#1.启动时设置docker run -itd --name c3 --net backend centosdocker run -itd --name c2 --net backend centosdocker run -itd --name c1 --net frontend centos#2.启动后设置docker network connect backend c1#查看docker exec -it c2 /bin/bashyum install -y net-tools #装置网络工具包ping c2 #处于backend 通ping c3 #处于backend 通2.通过docker-compose启动的容器
version: '2'services: c1: image: c1:base1.0 container_name: c1 restart: always dns_search: .# networks:# - nets volumes: ports: - 10090:9090 tty: true c2: image: c2:base1.0 container_name: c2 restart: always dns_search: . external_links: - prometheus volumes: ports: - 13000:13000 environment: GF_RENDERING_SERVER_URL: http://renderer:8081/render GF_RENDERING_CALLBACK_URL: http://grafana:13000/ GF_LOG_FILTERS: rendering:debug tty: true c3: image: c3:base1.0 container_name: c3 dns_search: . external_links: - c1 restart: always ports: - 10081:8081 environment: ENABLE_METRICS: 'true'networks: default: external: name: c_nets留神:external_links、networks
参考链接
【Docker】启动container的时候呈现iptables: No chain/target/match by that name
docker设置不同网络和迁徙到指定网络