podman的网络应用
Posted 码出未来_远
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了podman的网络应用相关的知识,希望对你有一定的参考价值。
podman的网络应用
port
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7818ccff6ff docker.io/library/nginx nginx -g daemon o... 10 days ago Up 2 seconds ago 0.0.0.0:39997->80/tcp t2
[root@localhost ~]# podman port e7818ccff6ff
80/tcp -> 0.0.0.0:39997
共享网络
[root@localhost ~]# podman run -it --rm --net slirp4netns:allow_host_loopback=true bash
Resolving "bash" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/bash:latest...
Getting image source signatures
Copying blob ec83969a912d done
Copying blob 339de151aab4 done
Copying blob f0512d9ab85b done
Copying config d057f4d6e5 done
Writing manifest to image destination
Storing signatures
bash-5.1# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN qlen 1000
link/ether b6:14:33:4e:82:95 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.100/24 brd 10.0.2.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::b414:33ff:fe4e:8295/64 scope link
valid_lft forever preferred_lft forever
[root@localhost ~]# podman run -it --rm --net slirp4netns:allow_host_loopback=true bash
bash-5.1# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN qlen 1000
link/ether ce:42:fe:6e:96:f5 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.100/24 brd 10.0.2.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fe80::cc42:feff:fe6e:96f5/64 scope link
valid_lft forever preferred_lft forever
查看网络模式
[root@localhost ~]# podman network ls
NAME VERSION PLUGINS
podman 0.4.0 bridge,portmap,firewall,tuning
使用指定网段
[root@localhost ~]# podman network create mynetwork
/etc/cni/net.d/mynetwork.conflist
[root@localhost ~]# podman network ls
NAME VERSION PLUGINS
podman 0.4.0 bridge,portmap,firewall,tuning
mynetwork 0.4.0 bridge,portmap,firewall,tuning
#修改新生成的网络配置文件的子网和网关或者创建时使用--subnet 指定网段和子网掩码,--gateway指定网关
[root@localhost ~]# vim /etc/cni/net.d/mynetwork.conflist
{
"cniVersion": "0.4.0",
"name": "mynetwork",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman1",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"ranges": [
[
{
"subnet": "10.1.1.0/24",
"gateway": "10.1.1.1"
#修改/usr/share/containers/containers.conf文件设置默认网络为新创建的网络
[network]
# Path to directory where CNI plugin binaries are located.
#
# cni_plugin_dirs = ["/usr/libexec/cni"]
# Path to the directory where CNI configuration files are located.
#
# network_config_dir = "/etc/cni/net.d/"
default_network = "mynetwork"
#创建容器
[root@localhost ~]# podman run -it --rm bash
bash-5.1# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 4e:b0:de:31:b7:92 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.2/24 brd 10.1.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::4cb0:deff:fe31:b792/64 scope link
valid_lft forever preferred_lft forever
容器的导入和导出
[root@localhost ~]# vim /usr/share/containers/containers.conf
...
runtime = "runc"
...
[root@localhost ~]# podman run -dt --name httpd -p 8080:80/tcp httpd
[root@localhost ~]# podman inspect httpd | grep -i runtime
"OCIRuntime": "runc",
"--runtime",
"Runtime": "oci",
"CpuRealtimeRuntime": 0,
[root@localhost ~]# podman container checkpoint httpd -e /tmp/httpd.tar.gz
34fbc40074f1ac2c4f54a3dbf241817a9052cde340068d3d2dab3ec81072709e
[root@localhost ~]# ls /tmp/
httpd.tar.gz podman-run-1000 systemd-private-5dd59fc1c774458e9cbc863d264b0f0b-chronyd.service-48OWrh
删除容器再导入
[root@localhost ~]# podman rm 34fbc40074f1
34fbc40074f1ac2c4f54a3dbf241817a9052cde340068d3d2dab3ec81072709e
[root@localhost ~]# podman container restore -i /tmp/httpd.tar.gz
34fbc40074f1ac2c4f54a3dbf241817a9052cde340068d3d2dab3ec81072709e
[root@localhost ~]# podman ps
[root@localhost ~]# podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e7818ccff6ff docker.io/library/nginx nginx -g daemon o... 10 days ago Up 30 minutes ago 0.0.0.0:39997->80/tcp t2
2418248f0821 docker.io/library/bash:latest bash 27 minutes ago Up 27 minutes ago sad_lehmann
34fbc40074f1 docker.io/library/httpd:latest httpd-foreground 6 seconds ago Up 7 seconds ago 0.0.0.0:8080->80/tcp httpd
以上是关于podman的网络应用的主要内容,如果未能解决你的问题,请参考以下文章
使用podman创建debian/centos/ubuntu系统容器