我们正在clair和clair-db容器运行同一个 fargate 任务。下面是我们的任务定义的一个片段。
{
"family": "clair",
"networkMode": "awsvpc",
"containerDefinitions": [
{
"name": "db",
"image": "<REPO_URL>/clairdb:v1.0",
"essential": true,
"command": [
"sh",
"-c",
"echo clair db runs"
],
"portMappings": [
{
"containerPort": 5432,
"hostPort": 5432,
"protocol": "tcp"
}
],
},
{
"name": "clair",
"image": "<REPO_URL>/clair:v1.0",
"essential": true,
"command": [
"sh",
"-c",
"echo clair runs"
],
"portMappings": [
{
"containerPort": 6060,
"hostPort": 6060,
"protocol": "tcp"
}
],
根据AWS fargate 文档,localhost可用于在 awsvpc 模式下在单个任务的这两个容器之间进行通信。我们在 Clair 中给出了以下选项config.yaml
clair:
database:
type: pgsql
options:
source: host=localhost port=5432 user=postgres password=xxxx sslmode=disable statement_timeout=60000
因此,clair理想情况下,应该能够链接到在同一网络上clair-db运行的容器。容器在 Fargate 中运行良好,但容器失败并显示以下日志:localhost:5432Clair-dbclair
{"Event":"pgsql: could not open database: dial tcp 127.0.0.1:5432: connect: connection refused","Level":"fatal","Location":"main.go:97","Time":"2021-03-23 13:26:38.737437"}
在 docker 术语中,这就是我们链接这两个容器的方式:
docker run -p 5432:5432 -d --name db arminc/clair-db:2017-05-05
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.0-rc.0
我们在这里遗漏了什么吗?知道为什么连接localhost不能在用于克莱尔的 Fargate 容器中工作吗?