containerd手动配置容器网络
- 机器详情
- nerdctl启动一个不带网络的容器
- 获取容器ID、PID与network namespace路径
- 准备bridge插件的执行配置文件
- 通过下面的命令调用bridge插件
- 准备tuning插件文件
- 执行下面的命令调用tuning插件
- 准备portmap插件文件
- 执行下面的命令调用portmap插件
- 删除网络
机器详情
操作系统:Ubuntu 22.04.4 LTS
内核版本:5.15.0-112-generic
containerd版本:v1.7.1
nerdctl版本:1.0.0
nerdctl启动一个不带网络的容器
nerdctl run -d --network none swr.cn-north-4.myhuaweicloud.com/ctl456/nginx:latest
获取容器ID、PID与network namespace路径
nerdctl ps
nerdctl inspect 容器ID -f '{{ .State.Pid }}'
此时可以查看容器网络命名空间中的网络接口,可以看到网络命名空间内只有一个网络回环接口lo,并没有其他任何配置
nsenter -t PID -n ip a
network namespace路径
/proc/PID/ns/net
准备bridge插件的执行配置文件
vim bridge.json
{
"cniVersion": "1.0.0",
"name": "dbnet",
"type": "bridge",
"bridge": "mycni0",
"isGateway": true,
"keyA": ["some more","plugin specific","configuration"],
"ipam": {
"type": "host-local",
"subnet": "10.1.0.0/16",
"routes": [{"dst": "0.0.0.0/0"}]
},
"dns": {"nameservers": ["10.1.0.1"]}
}
通过下面的命令调用bridge插件
CNI_COMMAND=ADD CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/bridge < ~/bridge.json
成功返回如下的内容
root@ubuntu:~# CNI_COMMAND=ADD CNI_CONTAINERID=3cc3646b6e9c CNI_NETNS=/proc/1377/ns/net CNI_IFNAME=eth0 CNI_PATHcni/bin /opt/cni/bin/bridge < ~/bridge.json
{
"cniVersion": "1.0.0",
"interfaces": [
{
"name": "mycni0",
"mac": "12:15:f7:e2:95:cd"
},
{
"name": "veth9bfbdf99",
"mac": "22:0d:c2:3d:48:ca"
},
{
"name": "eth0",
"mac": "3a:98:85:45:f5:af",
"sandbox": "/proc/1377/ns/net"
}
],
"ips": [
{
"interface": 2,
"address": "10.1.0.2/16",
"gateway": "10.1.0.1"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"dns": {
"nameservers": [
"10.1.0.1"
]
}
root@ubuntu:~#
可以再次提供如下的命令查看容器IP
nsenter -t PID -n ip a
查看物理机的IP
查看物理机路由
可以通过容器的IP访问到nginx服务
准备tuning插件文件
vim tuning.json
{
"cniVersion": "1.0.0",
"name": "dbnet",
"type": "tuning",
"sysctl": {"net.core.somaxconn": "500"},
"runtimeConfig": {"mac": "00:11:22:33:44:66"}, /*替换capabilities,将eth0的mac值调整为测试值*/
"prevResult": { /*调用bridge插件放回的内容*/
"interfaces": [
{
"name": "mycni0",
"mac": "12:15:f7:e2:95:cd"
},
{
"name": "veth9bfbdf99",
"mac": "22:0d:c2:3d:48:ca"
},
{
"name": "eth0",
"mac": "3a:98:85:45:f5:af",
"sandbox": "/proc/1377/ns/net"
}
],
"ips": [
{
"interface": 2,
"address": "10.1.0.2/16",
"gateway": "10.1.0.1"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"dns": {
"nameservers": ["10.1.0.1"]
}
}
}
执行下面的命令调用tuning插件
CNI_COMMAND=ADD CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/tuning < ~/tuning.json
成功返回如下的内容
root@ubuntu:~# CNI_COMMAND=ADD CNI_CONTAINERID=3cc3646b6e9c CNI_NETNS=/proc/1377/ns/net CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/tuning < ~/tuning.json
{
"cniVersion": "1.0.0",
"interfaces": [
{
"name": "mycni0",
"mac": "12:15:f7:e2:95:cd"
},
{
"name": "veth9bfbdf99",
"mac": "22:0d:c2:3d:48:ca"
},
{
"name": "eth0",
"mac": "00:11:22:33:44:66",
"sandbox": "/proc/1377/ns/net"
}
],
"ips": [
{
"interface": 2,
"address": "10.1.0.2/16",
"gateway": "10.1.0.1"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"dns": {
"nameservers": [
"10.1.0.1"
]
}
}root@ubuntu:~#
可以通过如下的命令查看容器IP的mac地址是否修改
nsenter -t PID -n ip a
准备portmap插件文件
vim portmap.json
{
"cniVersion": "1.0.0",
"name": "dbnet",
"type": "portmap",
"runtimeConfig": {"portMappings": [{"hostPort": 8080,"containerPort": 80,"protocol": "tcp"}]},
"prevResult": {
"interfaces": [
{
"name": "mycni0",
"mac": "12:15:f7:e2:95:cd"
},
{
"name": "veth9bfbdf99",
"mac": "22:0d:c2:3d:48:ca"
},
{
"name": "eth0",
"mac": "00:11:22:33:44:66",
"sandbox": "/proc/1377/ns/net"
}
],
"ips": [
{
"interface": 2,
"address": "10.1.0.2/16",
"gateway": "10.1.0.1"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"dns": {
"nameservers": ["10.1.0.1"]
}
}
}
执行下面的命令调用portmap插件
CNI_COMMAND=ADD CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/portmap < ~/portmap.json
成功返回如下的内容
root@ubuntu:~# CNI_COMMAND=ADD CNI_CONTAINERID=3cc3646b6e9c CNI_NETNS=/proc/1377/ns/net CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/portmap < ~/portmap.json
{
"cniVersion": "1.0.0",
"interfaces": [
{
"name": "mycni0",
"mac": "12:15:f7:e2:95:cd"
},
{
"name": "veth9bfbdf99",
"mac": "22:0d:c2:3d:48:ca"
},
{
"name": "eth0",
"mac": "00:11:22:33:44:66",
"sandbox": "/proc/1377/ns/net"
}
],
"ips": [
{
"interface": 2,
"address": "10.1.0.2/16",
"gateway": "10.1.0.1"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"dns": {
"nameservers": [
"10.1.0.1"
]
}
}root@ubuntu:~#
可以通过物理及的IP:8080访问到容器的nginx服务
删除网络
创建网络时,容器运行时按照顺序依次调用bridge、tuning、portmap插件,而删除网络时,则按照相反的顺序依次调用portmap、tuning、bridge插件。
CNI_COMMAND=DEL CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/portmap < ~/portmap.json
CNI_COMMAND=DEL CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/tuning < ~/tuning.json
vim bridge-del.json
{
"cniVersion": "1.0.0",
"name": "dbnet",
"type": "bridge",
"bridge": "mycni0",
"isGateway": true,
"keyA": ["some more","plugin specific","configuration"],
"ipam": {
"type": "host-local",
"subnet": "10.1.0.0/16",
"routes": [{"dst": "0.0.0.0/0"}]
},
"dns": {"nameservers": ["10.1.0.1"]},
"prevResult": {
"interfaces": [
{
"name": "mycni0",
"mac": "12:15:f7:e2:95:cd"
},
{
"name": "veth9bfbdf99",
"mac": "22:0d:c2:3d:48:ca"
},
{
"name": "eth0",
"mac": "3a:98:85:45:f5:af",
"sandbox": "/proc/1377/ns/net"
}
],
"ips": [
{
"interface": 2,
"address": "10.1.0.2/16",
"gateway": "10.1.0.1"
}
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"dns": {
"nameservers": ["10.1.0.1"]
}
}
}
CNI_COMMAND=DEL CNI_CONTAINERID=容器ID CNI_NETNS=network namespace路径 CNI_IFNAME=eth0 CNI_PATH=/opt/cni/bin /opt/cni/bin/bridge < ~/bridge-del.json
![日本新入管法通过:2027年起实施[育成就劳]制度,新制度更适合外国劳工在日本工作和生活!](https://img-blog.csdnimg.cn/direct/b31318cbf74741ca98481e4551636e12.png)
