本文介绍了Gitlab CI运行程序无法公开嵌套Docker容器的端口的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 29岁程序员，3月因学历无情被辞！ 使用GitLab CI以及 gitlab-ci-multi-runner 时，我无法获得内部启动的Docker容器以将其端口暴露给主机，即在其中运行构建的Docker映像。When using GitLab CI, as well as the gitlab-ci-multi-runner, I'm unable to get internally-started Docker containers to expose their ports to the "host", which is the Docker image in which the build is running.我的 .gitlab-ci.yml 文件：test: image: docker stage: test services: - docker:dind script: - APP_CONTAINER_ID=`docker run -d --privileged -p "9143:9143" appropriate/nc nc -l 9143` - netstat -a - docker exec $APP_CONTAINER_ID netstat -a - nc -v localhost 9143我的命令：gitlab-ci-multi-runner exec docker --docker-privileged test输出：$ netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 runner--project-1-concurrent-0:54664 docker:2375 TIME_WAITtcp 0 0 runner--project-1-concurrent-0:54666 docker:2375 TIME_WAITActive UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node Path$ docker exec $APP_CONTAINER_ID netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 0.0.0.0:9143 0.0.0.0:* LISTENActive UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node Path$ nc -v localhost 9143ERROR: Build failed: exit code 1FATAL: exit code 1我在这里做错了什么？ 原始问题随后的内容-上面的内容较短，易于测试的示例我有一个应用图片在端口 9143 上分配。它的启动和配置是通过 docker-compose.yml 管理的，在我的本地计算机上，通过 docker-compose up -我可以无问题地访问 localhost：9143 。I have an application image that listens on port 9143. Its startup and config is managed via docker-compose.yml, and works great on my local machine with docker-compose up - I can access localhost:9143 without issue.但是，在GitLab CI上运行时（ gitlab.com 版本），则该端口似乎没有暴露。However, when running on GitLab CI (the gitlab.com version) via a shared runner, the port doesn't seem to be exposed.我的 .gitlab-ci.yml ：test: image: craigotis/buildtools:v1 stage: test script: - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com/craigotis/myapp - docker-compose up -d - sleep 60 # a temporary hack to get the logs - docker-compose logs - docker-machine env - docker-compose port app 9143 - netstat -a - docker-compose ps - /usr/local/bin/wait-for-it.sh -h localhost -p 9143 -t 60 - cd mocha - npm i - npm test - docker-compose down输出为：$ docker-compose logs...app_1 | [Thread-1] INFO spark.webserver.SparkServer - == Spark has ignited ...app_1 | [Thread-1] INFO spark.webserver.SparkServer - >> Listening on 0.0.0.0:9143app_1 | [Thread-1] INFO org.eclipse.jetty.server.Server - jetty-9.0.z-SNAPSHOTapp_1 | [Thread-1] INFO org.eclipse.jetty.server.ServerConnector - Started ServerConnector@6919dc5{HTTP/1.1}{0.0.0.0:9143}...$ docker-compose port app 91430.0.0.0:9143$ netstat -aActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 runner-e11ae361-project-1925166-concurrent-0:53646 docker:2375 TIME_WAITtcp 0 0 runner-e11ae361-project-1925166-concurrent-0:53644 docker:2375 TIME_WAITtcp 0 0 runner-e11ae361-project-1925166-concurrent-0:53642 docker:2375 TIME_WAITActive UNIX domain sockets (servers and established)Proto RefCnt Flags Type State I-Node Path$ docker-compose psstty: standard input: Not a tty Name Command State Ports----------------------------------------------------------------------------------------my_app_1 wait-for-it.sh mysql_serve ... Up 8080/tcp, 0.0.0.0:9143->9143/tcpmysql_server docker-entrypoint.sh --cha ... Up 3306/tcp$ /usr/local/bin/wait-for-it.sh -h localhost -p 9143 -t 60wait-for-it.sh: waiting 60 seconds for localhost:9143wait-for-it.sh: timeout occurred after waiting 60 seconds for localhost:9143我的 docker-compose.yml 的内容：version: '2'networks: app_net: driver: bridgeservices: app: image: registry.gitlab.com/craigotis/myapp:latest depends_on: - "db" networks: - app_net command: wait-for-it.sh mysql_server:3306 -t 60 -- java -jar /opt/app*.jar ports: - "9143:9143" db: image: mysql:latest networks: - app_net container_name: mysql_server environment: - MYSQL_ALLOW_EMPTY_PASSWORD=true 似乎就像我的应用程序容器正在监听 9143 一样，正确地暴露给共享的GitLab运行程序，但似乎并没有真正暴露出来。在我的本地计算机上工作正常-是否需要一些特殊的解决方法/调整才能使此工作在内部运行在GitLab上的Docker容器？It seems like my application container is listening on 9143, and it's properly exposed to the shared GitLab runner, but it doesn't seem to actually be exposed. It works fine on my local machine - is there some special workaround/tweak I need to make this work inside a Docker container running on GitLab?推荐答案 gitlab上的官方 gitab-ci。 com文档是指 PostgreSQL示例The offical gitab-ci on gitlab.com documentation refers to the example of PostgreSQL 其有效的CI 不会尝试连接到本地主机，而是连接到服务名称Its working CI does not try to connect to localhost, but rather to the service name services 关键字仅定义了另一个正在运行的Docker映像在构建过程中，并链接到image关键字定义的docker image。这样，您就可以在构建期间访问服务映像。The services keyword defines just another docker image that is run during your build and is linked to the docker image that the image keyword defines. This allows you to access the service image during build time. MySQL的服务容器将以主机名 mysql 进行访问。 因此，要访问数据库服务，您必须连接到名为 mysql 的主机，而不是套接字或 localhost 。The service container for MySQL will be accessible under the hostname mysql.So, in order to access your database service you have to connect to the host named mysql instead of a socket or localhost.您可以检查是否适用于您的情况，然后尝试访问您的应用程序服务在 app：9143 中，而不是 localhost：9143 。You could check if this applies in your case, and try accessing your application service in app:9143 instead of localhost:9143. 这篇关于Gitlab CI运行程序无法公开嵌套Docker容器的端口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！ 上岸，阿里云！