堆栈内存溢出
  简体   繁体   English

如何列出所有容器的暴露端口?

[英]How to list exposed port of all containers?

 原文  2018-04-13 16:21:07       docker/ networking/ ports/ rancher

问题描述

We have lots of containers started using Rancher with each container exposing multiple ports.我们有很多容器开始使用Rancher ,每个容器都暴露多个端口。 Since we started the containers with Rancher, no port is exposed to the host by default.由于我们使用 Rancher 启动容器,因此默认情况下没有端口暴露给主机。

$ docker container ls

shows no exposed ports for containers started by rancher.没有显示由 Rancher 启动的容器的暴露端口。 Rancher CLI rancher is not installed. Rancher CLI rancher未安装。

How to list ports which are exposed within the rancher network?如何列出在牧场主网络中暴露的端口? Is this possible using the docker command?这可以使用docker命令吗? Or do I need rancher ?还是我需要rancher

3 个解决方案

解决方案1
 36  2019-11-27 10:37:56

for show ports on one host you can try to use对于一台主机上的显示端口,您可以尝试使用

docker container ls --format "table {{.ID}}\t{{.Names}}\t{{.Ports}}" -a

more examples you can find here docker-container-ls by manpages.ubuntu.com您可以在manpages.ubuntu.com 的 docker-container-ls 中找到更多示例

解决方案2
 5  2018-04-14 04:08:45

Rancher doesn't use docker paradigm for exposing ports, hence the information is not available using any of the docker command. Rancher 不使用 docker 范式来公开端口,因此使用任何 docker 命令都无法使用该信息。

The ports are exposed on the host using custom iptables rules.使用自定义 iptables 规则在主机上公开端口。

iptables-save | grep "\\-A CATTLE_HOSTPORTS_POSTROUTING"

Though not pretty, the above command gives you a list of all rules related to exposed ports.虽然不漂亮,但上面的命令为您提供了与公开端口相关的所有规则的列表。

解决方案3
 0  2021-06-16 17:42:54

You can use the following command to see Rancher's exposed ports so that it will show you the port number highlighted.您可以使用以下命令查看 Rancher 的公开端口,以便它会向您显示突出显示的端口号。 However, it will not demonstrate to you which container exactly exposed which of the ports.但是,它不会向您展示哪个容器确切地暴露了哪些端口。 Anyway, you will be able to deduce it by the name, using the "comments" section like "ingress-nginx/default-http-backend cluster IP":无论如何,您将能够通过名称推断它,使用“评论”部分,如“ingress-nginx/default-http-backend cluster IP”:

iptables-save | grep -P "(--to-destination|--.port)" | grep -v "DROP" | grep -P ":\d+|--dport \d+"

With the above command, you will see the output like the following:使用上述命令,您将看到如下输出:

-A KUBE-SEP-2ICPNCS4ZCJFOURG -p tcp -m comment --comment "ingress-nginx/default-http-backend" -m tcp -j DNAT --to-destination 10.42.1.3:8080
-A KUBE-SEP-7KPAUC7DBZEOGEJO -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.42.0.6:53
-A KUBE-SEP-F4W6KYXNUTEPM6IK -p tcp -m comment --comment "kube-system/kube-dns:metrics" -m tcp -j DNAT --to-destination 10.42.1.2:9153
-A KUBE-SEP-J7ZDRJF2PSY5XJQS -p tcp -m comment --comment "kube-system/metrics-server:https" -m tcp -j DNAT --to-destination 10.42.0.5:4443
-A KUBE-SEP-KAJYD2TZYV7IYC6H -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.42.1.2:53
-A KUBE-SEP-LJF33VEROEJBDKWI -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp" -m tcp -j DNAT --to-destination 10.42.1.2:53
-A KUBE-SEP-PK2JJP3XEEJW3OPW -p tcp -m comment --comment "kube-system/kube-dns:metrics" -m tcp -j DNAT --to-destination 10.42.0.6:9153
-A KUBE-SEP-QMNQ4GQ2JI3QXI4N -p udp -m comment --comment "kube-system/kube-dns:dns" -m udp -j DNAT --to-destination 10.42.0.6:53
-A KUBE-SEP-U5JKF7K4YNNYXQDU -p tcp -m comment --comment "default/kubernetes:https" -m tcp -j DNAT --to-destination 138.201.139.162:6443
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:metrics cluster IP" -m tcp --dport 9153 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:metrics cluster IP" -m tcp --dport 9153 -j KUBE-SVC-JD5MR3NA4I4DYORP
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.0.10/32 -p udp -m comment --comment "kube-system/kube-dns:dns cluster IP" -m udp --dport 53 -j KUBE-SVC-TCOU7JCQXEZGVUNU
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.0.10/32 -p tcp -m comment --comment "kube-system/kube-dns:dns-tcp cluster IP" -m tcp --dport 53 -j KUBE-SVC-ERIFXISQEP7F7OF4
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.203.205/32 -p tcp -m comment --comment "kube-system/metrics-server:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.203.205/32 -p tcp -m comment --comment "kube-system/metrics-server:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-Z4ANX4WAEWEBLCTM
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.158.90/32 -p tcp -m comment --comment "ingress-nginx/default-http-backend cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.158.90/32 -p tcp -m comment --comment "ingress-nginx/default-http-backend cluster IP" -m tcp --dport 80 -j KUBE-SVC-JTFAIQOSQRKTQWS3

Therefore, you will see that multiple containers handle ports 80 and 443. You will not see the container names, but you will see their IP addresses, so you will be able to run docker inspect and find mathces.因此,您将看到多个容器处理端口 80 和 443。您不会看到容器名称,但会看到它们的 IP 地址,因此您将能够运行 docker inspect 并找到 mathces。 To see precisely who listens on certain ports, eg 80 and 443, append one more grep to the command:要准确查看谁在某些端口(例如 80 和 443)上侦听,请在命令中再附加一个 grep:

iptables-save | grep -P "(--to-destination|--.port)" | grep -v "DROP" | grep -P ":\d+|--dport \d+"|grep -P "\b(443|80)\b"

Therefore, you will see:因此,您将看到:

-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.203.205/32 -p tcp -m comment --comment "kube-system/metrics-server:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.203.205/32 -p tcp -m comment --comment "kube-system/metrics-server:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-Z4ANX4WAEWEBLCTM
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.158.90/32 -p tcp -m comment --comment "ingress-nginx/default-http-backend cluster IP" -m tcp --dport 80 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.158.90/32 -p tcp -m comment --comment "ingress-nginx/default-http-backend cluster IP" -m tcp --dport 80 -j KUBE-SVC-JTFAIQOSQRKTQWS3
-A KUBE-SERVICES ! -s 10.42.0.0/16 -d 10.43.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-MARK-MASQ
-A KUBE-SERVICES -d 10.43.0.1/32 -p tcp -m comment --comment "default/kubernetes:https cluster IP" -m tcp --dport 443 -j KUBE-SVC-NPX46M4PTMTKRN6Y

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 多个docker容器未使用端口公开? - multiple docker containers not exposed using port? 如何列出所有容器的 docker 日志大小? - How to list docker logs size for all containers? 如何访问从 docker 容器暴露的端口? - How to access a port exposed from a docker container? 我正在尝试列出所有已发布端口80或说443的容器 - I'm trying to list all containers that have port 80 or say 443 published Docker:将容器端口打开到所有其他容器 - Docker: open container port to all other containers 无法访问 Docker 公开的端口 - Port exposed by Docker not reachable Docker 端口未暴露 - Docker port not being exposed 如何列出图像及其容器 - How to list images and their containers 如何在 Docker 中列出容器 - How to list containers in Docker 如何为dockerized Rasa-NLU配置要公开的端口 - How to configure the port to be exposed for dockerized Rasa-NLU
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM