为什么 Docker 会阻止将容器附加到主机和用户定义的桥接网络?
[英]Why does Docker prevent attaching a container to both host and user defined bridge network?
问题描述
Why is it that Docker prohibits attaching a container to both the host and user defined bridge network?
为什么 Docker 禁止将容器附加到主机和用户定义的桥接网络?
Secondly, for deployments that require disabling IP forwarding on the host machine does docker recommend deploying docker containers with host networking only, since based on what i understand that seems to be the only option left.其次,对于需要在主机上禁用 IP 转发的部署,docker 是否建议仅使用主机网络部署 docker 容器,因为根据我的理解,这似乎是唯一的选择。
Any insights on the above two?对以上两个有什么见解吗?
Thanks谢谢
1 个解决方案
解决方案1
1 已采纳 2020-09-11 21:30:37
Why is it that Docker prohibits attaching a container to both the host and user defined bridge network?
Because there's no way to "attach" networks when a container is running in the host network namespace.因为当容器在主机网络命名空间中运行时,无法“附加”网络。
Docker attaches networks by adding virtual interfaces to a container's isolated network namespace. Docker 通过将虚拟接口添加到容器的隔离网络命名空间来连接网络。 When running in the global network namespace, there's no sane way to do this: any new interfaces wouldn't be restricted to the container, and would potentially disrupt host networking.在全局网络命名空间中运行时,没有明智的方法来做到这一点:任何新接口都不会被限制在容器中,并且可能会破坏主机网络。
Secondly, for deployments that require disabling IP forwarding on the host machine does docker recommend deploying docker containers with host networking only, since based on what i understand that seems to be the only option left.
That's probably the only easy option.这可能是唯一简单的选择。
You could run a proxy service on the host that would expose services in Docker containers.您可以在主机上运行代理服务,该服务将在 Docker 容器中公开服务。 You could potentially even automate that by monitoring the Docker for events and getting information about published ports.您甚至可以通过监视 Docker 的事件并获取有关已发布端口的信息来实现自动化。 Otherwise you would need to manually implement the appropriate configuration.否则,您将需要手动实施适当的配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.