podman

本文介绍了Podman如何实现root用户与普通用户的端口通信,详细讲解了Slirp4netns网络设置,以及Podman命令的使用,包括镜像历史查看、初始化容器、远程启动连接和网络管理等。同时,文中还提到了root用户和普通用户的启动方式,以及如何对Podman网络进行定制设置。
摘要由CSDN通过智能技术生成

podman

实现root用户与普通用户端口通信

Slirp4netns
Slirp4netns 是无根容器和 Pod 的默认网络设置。它的发明是因为不允许非特权用户在主机上创建
网络接口。Slirp4netns 在容器的网络命名空间中创建一个 TAP 设备,并连接到用户模式 TCP/IP 堆
栈。
此笔记本电脑上的非特权用户创建了两个容器:数据库容器和 Web 容器。这两个容器都能够访问
便携式计算机外部网络上的内容。如果容器绑定到主机端口并且便携式计算机防火墙允许,则外部
客户端可以访问容器。请记住,非特权用户必须使用端口 1024 到 65535,因为较低的端口需要
root 权限。(CAP_NET_BIND_SERVICE)注意:这可以使用sysctl
net.ipv4.ip_unprivileged_port_start
slirp4netns的缺点之一是容器彼此完全隔离。与网桥方法不同,没有虚拟网络。为了使容器相互通
信,它们可以将端口映射与主机系统一起使用,也可以将它们放入Pod中,在那里它们共享相同的
网络命名空间。有关详细信息,请参阅容器和 Pod 之间的通信。

podman命令


[root@localhost ~]# podman pull nginx
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
Trying to pull docker.io/library/nginx:latest...
WARN[0030] failed, retrying in 1s ... (1/3). Error: initializing source docker://nginx:latest: Get "https://auth.docker.io/token?scope=repository%3Alibrary%2Fnginx%3Apull&service=registry.docker.io": read tcp 192.168.139.131:53670->44.207.96.114:443: read: connection reset by peer 
Getting image source signatures
Copying blob b1349eea8fc5 skipped: already exists  
Copying blob 1efc276f4ff9 skipped: already exists  
Copying blob baf2da91597d skipped: already exists  
Copying blob 05396a986fd3 skipped: already exists  
Copying blob 6a17c8e7063d skipped: already exists  
Copying blob 27e0d286aeab [--------------------------------------] 0.0b / 0.0b
Copying config b692a91e4e done  
Writing manifest to image destination
Storing signatures
b692a91e4e1582db97076184dae0b2f4a7a86b68c4fe6f91affa50ae06369bf5
[root@localhost ~]# podman images
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
REPOSITORY                      TAG         IMAGE ID      CREATED        SIZE
docker.io/hh08042/centos-httpd  v3          f7959409e3c1  9 days ago     239 MB
docker.io/library/nginx         latest      b692a91e4e15  2 weeks ago    146 MB
docker.io/library/httpd         latest      f2a976f932ec  2 weeks ago    149 MB
docker.io/library/busybox       latest      7a80323521cc  2 weeks ago    1.47 MB
quay.io/centos/centos           latest      300e315adb2f  20 months ago  217 MB
[root@localhost ~]# podman run -d --name nginx -p 1314:80 nginx
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
2e836a192ef56cf9b340f4e1173e7fdc0ec3ced203f9f577ee3f9fc29fab892a
[root@localhost ~]# podman ps
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
CONTAINER ID  IMAGE                           COMMAND               CREATED         STATUS             PORTS                 NAMES
2e836a192ef5  docker.io/library/nginx:latest  nginx -g daemon o...  21 seconds ago  Up 20 seconds ago  0.0.0.0:1314->80/tcp  nginx
[root@localhost ~]# cd /etc/systemd/system/
[root@localhost system]# ls
basic.target.wants                          network-online.target.wants
dbus-org.fedoraproject.FirewallD1.service   sockets.target.wants
dbus-org.freedesktop.nm-dispatcher.service  sysinit.target.wants
default.target                              syslog.service
getty.target.wants                          timers.target.wants
multi-user.target.wants                     vmtoolsd.service.requires
[root@localhost system]# podman generate systemd --files --name nginx
Failed to read /etc/containers/storage.conf Near line 8 (last key parsed 'storage.driver'): expected value but found "overlay" instead
/etc/systemd/system/container-nginx.service
[root@localhost system]# ls
basic.target.wants                          network-online.target.wants
container-nginx.service                     sockets.target.wants
dbus-org.fedoraproject.FirewallD1.service   sysinit.target.wants
d
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值