问题描述
我有一个基于jenkins/slave容器的Kubernetes容器,我以特权模式将docker套接字和docker二进制文件与必要的内核模块一起安装到了该容器.在该容器内,我基于运行Docker容器的基础上构建Docker映像.在该容器中,我根本没有Internet连接,因为Pod容器使用法兰绒网络(198.x.x.x),而该容器使用桥接docker网络(172.x.x.x),这在Pod容器中不可用.如何使Internet在Kubernetes Pod容器内创建的第二个容器内可用?在Jenkins管道中使用Docker API并不是我的解决方案,只要它限制了错误日志的输出,并且由于构建后立即删除了该容器,我无法提交在第二个容器中所做的更改.
I have a Kubernetes pod based on jenkins/slave container to which I mount docker socket and docker binary file with necessary kernel module in privileged mode. Inside that pod I build Docker image basing on which I run docker container. Inside that container I don't have Internet connection at all because pod container uses flannel network (198.x.x.x) and that container uses bridged docker network (172.x.x.x) which is not available inside pod container. How can I make Internet to be available inside the second container which is being created inside Kubernetes pod container? Using Docker API in Jenkins pipeline is not a solution for me as long as it limits output of error logs and I can not commit changes made in the second container because of immediate removing of that container after build.
推荐答案
不确定本文是否对您有帮助,詹金斯使用kubernetes的定义管道.本文展示了有关如何在Kubernetes中设置Jenkins的完整文章,还涉及了有关在Docker中使用Docker的想法.
Not sure if this article will help you with this issue, JENKINS DECLARATIVE PIPELINES WITH KUBERNETES . This article shows a full stack on how to setup Jenkins in Kubernetes and also involves idea about Docker in Docker.
根据我的想法,我们可以将Pod容器标记为container1,将Pod中的容器标记为container2.
Based on my thought, we could mark as pod container as container1 and container in pod as container2.
我认为container1和container2应该位于同一主机中并共享同一docker引擎.因此,法兰网和docker网络应该一起设置.
I think container1 and container2 should locate in the same host and shared the same docker engine. So flannel network with docker network should setup together.
按照我的想法,container2的网络流应该来自container2-> docker0-> host,而不应该与container1无关.
As my idea, network flow for container2 should be from container2 -> docker0 -> host, should be not with container1.
请让我知道这是否合理,或者我们可以一起讨论,我认为这个问题非常有趣.
Just let me know if this should be reasonable, or we could discuss together, I think this question is very interesting.
这篇关于Kubernetes中Docker容器内部的Internet连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!