这个问题类似于 From inside of a Docker container, how do I connect to the localhost of the machine?,但由于在
--network="host"docker run我有一个在端口 9095 上本地运行的 Java gRPC 服务器,它实现了 gRPC 健康检查协议:
> lsof -i :9095
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
java 17538 kurtpeek 89u IPv6 0x14676dca7273b22d 0t0 TCP *:9095 (LISTEN)
grpc-health-probelocalhost:9095使用此 Dockerfile,
FROM ubuntu
RUN apt-get update && apt-get -y install lsof wget
RUN GRPC_HEALTH_PROBE_VERSION=v0.3.6 && \
wget -qO/bin/grpc_health_probe https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/${GRPC_HEALTH_PROBE_VERSION}/grpc_health_probe-linux-amd64 && \
chmod +x /bin/grpc_health_probe
我使用
docker build --tag healthprobe .docker run -it --network="host" healthprobe bash
但是,运行
/bin/grpc_health_probe -addr=:9095lsofroot@docker-desktop:/# /bin/grpc_health_probe -addr=:9095
timeout: failed to connect service ":9095" within 1s
root@docker-desktop:/# lsof -i :9095
root@docker-desktop:/#
使用
--network="host"lsof为什么要创建一个新容器来检查运行状况,为什么要在这种情况下以任何方式检查运行状况?
通常,grpc_health_probe 用于检查 K8s 等编排环境中容器的健康状况。并且您必须将二进制文件
grpc_health_probe livenessProbe:
failureThreshold: 3
exec:
command: ["/bin/grpc_health_probe-linux-amd64", "-addr=localhost:50051"]
initialDelaySeconds: 60
periodSeconds: 60
timeoutSeconds: 30
readinessProbe:
failureThreshold: 3
exec:
command: ["/bin/grpc_health_probe-linux-amd64", "-addr=localhost:50051"]
initialDelaySeconds: 20
periodSeconds: 20
timeoutSeconds: 30
或者使用 docker-compose 如下:
healthcheck:
test: ["CMD", "bin/grpc_health_probe-linux-amd64", "-addr=localhost:50051"]
interval: 30s
timeout: 30s
retries: 3
这只是在特权模式下运行 docker 容器的问题:
docker run -it --network="host" --privileged healthprobe bashhttps://docs.docker.com/engine/reference/commandline/container_run/#privileged