NAME 名称

podman-network-create - Create a Podman network
podman-network-create - 创建一个 Podman 网络

SYNOPSIS 概要

podman network create [options] [name]
podman network create [选项] [名称]

DESCRIPTION 描述

Create a network configuration for use with Podman. By default, Podman creates a bridge connection. A Macvlan connection can be created with the -d macvlan option. A parent device for macvlan or ipvlan can be designated with the -o parent=<device> or --network-interface=<device> option.
为 Podman 创建一个网络配置。默认情况下,Podman 创建一个桥接连接。可以使用 -d macvlan 选项创建一个 Macvlan 连接。可以使用 -o parent= <device> 或 --network-interface= <device> 选项指定 macvlan 或 ipvlan 的父设备。

If no options are provided, Podman assigns a free subnet and name for the network.
如果未提供选项,Podman 会为网络分配一个免费的子网和名称。

Upon completion of creating the network, Podman displays the name of the newly added network.
创建网络完成后,Podman 会显示新添加网络的名称。

OPTIONS 选项

--disable-dns

Disables the DNS plugin for this network which if enabled, can perform container to container name resolution. It is only supported with the bridge driver, for other drivers it is always disabled.
禁用此网络的 DNS 插件,如果启用,可以执行容器到容器的名称解析。仅支持 bridge 驱动程序,对于其他驱动程序,它始终被禁用。

--dns=ip

Set network-scoped DNS resolver/nameserver for containers in this network. If not set, the host servers from /etc/resolv.conf is used. It can be overwritten on the container level with the podman run/create --dns option. This option can be specified multiple times to set more than one IP.
为此网络中的容器设置网络范围的 DNS 解析器/名称服务器。如果未设置,则使用来自 /etc/resolv.conf 的主机服务器。可以使用 podman run/create --dns 选项在容器级别上进行覆盖。可以多次指定此选项以设置多个 IP。

--driver, -d=driver

Driver to manage the network. Currently bridge, macvlan and ipvlan are supported. Defaults to bridge. As rootless the macvlan and ipvlan driver have no access to the host network interfaces because rootless networking requires a separate network namespace.
用于管理网络的驱动程序。目前支持 bridgemacvlanipvlan 。默认为 bridge 。作为无根用户, macvlanipvlan 驱动程序无法访问主机网络接口,因为无根网络需要一个单独的网络命名空间。

The netavark backend allows the use of so called netavark plugins, see the plugin-API.md documentation in netavark. The binary must be placed in a specified directory so podman can discover it, this list is set in netavark_plugin_dirs in containers.conf(5) under the [network] section.
netavark 后端允许使用所谓的 netavark 插件,请参阅 netavark 中的 plugin-API.md 文档。必须将二进制文件放在指定目录中,以便 podman 可以发现它,此列表在 containers.conf(5) 中的 [network] 部分下的 netavark_plugin_dirs 中设置。

The name of the plugin can then be used as driver to create a network for your plugin. The list of all supported drivers and plugins can be seen with podman info --format {{.Plugins.Network}}.
然后可以使用插件的名称作为驱动程序来为插件创建网络。可以使用 podman info --format {{.Plugins.Network}} 查看所有支持的驱动程序和插件列表。

Note that the macvlan and ipvlan drivers do not support port forwarding. Support for port forwarding with a plugin depends on the implementation of the plugin.
请注意, macvlanipvlan 驱动程序不支持端口转发。插件是否支持端口转发取决于插件的实现。

--gateway=ip

Define a gateway for the subnet. To provide a gateway address, a subnet option is required. Can be specified multiple times. The argument order of the --subnet, --gateway and --ip-range options must match.
为子网定义网关。要提供网关地址,需要一个子网选项。可以指定多次。--subnet、--gateway 和 --ip-range 选项的参数顺序必须匹配。

--ignore

Ignore the create request if a network with the same name already exists instead of failing. Note, trying to create a network with an existing name and different parameters does not change the configuration of the existing one.
如果同名网络已经存在,则忽略创建请求,而不是失败。请注意,尝试使用现有名称和不同参数创建网络不会更改现有网络的配置。

--interface-name=name

This option maps the network_interface option in the network config, see podman network inspect. Depending on the driver, this can have different effects; for bridge, it uses the bridge interface name. For macvlan and ipvlan, it is the parent device on the host. It is the same as --opt parent=....
此选项将网络配置中的 network_interface 选项映射到 podman network inspect 中查看的内容。根据驱动程序的不同,这可能会产生不同的效果;对于 bridge ,它使用桥接口名称。对于 macvlanipvlan ,它是主机上的父设备。它与 --opt parent=... 相同。

--internal

Restrict external access of this network when using a bridge network. Note when using the CNI backend DNS will be automatically disabled, see --disable-dns.
在使用 bridge 网络时限制此网络的外部访问。注意,使用 CNI 后端时 DNS 将自动禁用,请参阅 --disable-dns。

When using the macvlan or ipvlan driver with this option no default route will be added to the container. Because it bypasses the host network stack no additional restrictions can be set by podman and if a privileged container is run it can set a default route themselves. If this is a concern then the container connections should be blocked on your actual network gateway.
当使用此选项与 macvlanipvlan 驱动程序时,容器将不会添加默认路由。因为它绕过了主机网络堆栈,podman 无法设置额外的限制,如果运行特权容器,则可以自行设置默认路由。如果这是一个问题,那么容器连接应该在您的实际网络网关上被阻止。

--ip-range=range --ip-range=range

Allocate container IP from a range. The range must be a either a complete subnet in CIDR notation or be in the <startIP>-<endIP> syntax which allows for a more flexible range compared to the CIDR subnet. The ip-range option must be used with a subnet option. Can be specified multiple times. The argument order of the --subnet, --gateway and --ip-range options must match.
从范围中分配容器 IP。范围必须是 CIDR 表示法中的完整子网,或者是 <startIP>-<endIP> 语法,与 CIDR 子网相比,允许更灵活的范围。ip-range 选项必须与子网选项一起使用。可以指定多次。--subnet、--gateway 和 --ip-range 选项的参数顺序必须匹配。

--ipam-driver=driver

Set the ipam driver (IP Address Management Driver) for the network. When unset podman chooses an ipam driver automatically based on the network driver.
为网络设置 IPAM 驱动程序(IP 地址管理驱动程序)。当未设置时,podman 会根据网络驱动程序自动选择一个 IPAM 驱动程序。

Valid values are: 有效值为:

  • dhcp: IP addresses are assigned from a dhcp server on the network. When using the netavark backend the netavark-dhcp-proxy.socket must be enabled in order to start the dhcp-proxy when a container is started, for CNI use the cni-dhcp.socket unit instead.
    dhcp :IP 地址是从网络上的 dhcp 服务器分配的。在使用 netavark 后端时,必须启用 netavark-dhcp-proxy.socket 以便在容器启动时启动 dhcp 代理,对于 CNI,请改用 cni-dhcp.socket 单元。

  • host-local: IP addresses are assigned locally.
    host-local :IP 地址是本地分配的。

  • none: No ip addresses are assigned to the interfaces.
    none :接口未分配任何 IP 地址。

View the driver in the podman network inspect output under the ipam_options field.
在 podman 网络检查输出中查看驱动程序在 ipam_options 字段下。

--ipv6

Enable IPv6 (Dual Stack) networking. If no subnets are given, it allocates an ipv4 and an ipv6 subnet.
启用 IPv6(双栈)网络。如果没有给出子网,它会分配一个 IPv4 子网和一个 IPv6 子网。

--label=label

Set metadata for a network (e.g., --label mykey=value).
为网络设置元数据(例如,--label mykey=value)。

--opt, -o=option --opt,-o=选项

Set driver specific options.
设置特定于驱动程序的选项。

All drivers accept the mtu, metric, no_default_route and options.
所有驱动程序接受 mtumetricno_default_route 和选项。

  • mtu: Sets the Maximum Transmission Unit (MTU) and takes an integer value.
    mtu :设置最大传输单元(MTU)并接受整数值。

  • metric Sets the Route Metric for the default route created in every container joined to this network. Accepts a positive integer value. Can only be used with the Netavark network backend.
    metric 设置每个加入此网络的容器中创建的默认路由的路由度量。接受正整数值。只能与 Netavark 网络后端一起使用。

  • no_default_route: If set to 1, Podman will not automatically add a default route to subnets. Routes can still be added manually by creating a custom route using --route.
    no_default_route :如果设置为 1,Podman 将不会自动向子网添加默认路由。仍然可以通过创建自定义路由手动添加路由。

Additionally the bridge driver supports the following options:
此外, bridge 驱动程序支持以下选项:

  • vlan: This option assign VLAN tag and enables vlan_filtering. Defaults to none.
    vlan :此选项分配 VLAN 标记并启用 vlan_filtering。默认为无。

  • isolate: This option isolates networks by blocking traffic between those that have this option enabled.
    isolate :此选项通过阻止启用此选项的网络之间的流量来隔离网络。

  • com.docker.network.bridge.name: This option assigns the given name to the created Linux Bridge
    com.docker.network.bridge.name :此选项将给定的名称分配给创建的 Linux 桥接器。

  • com.docker.network.driver.mtu: Sets the Maximum Transmission Unit (MTU) and takes an integer value.
    com.docker.network.driver.mtu :设置最大传输单元(MTU),取整数值。

  • vrf: This option assigns a VRF to the bridge interface. It accepts the name of the VRF and defaults to none. Can only be used with the Netavark network backend.
    vrf :此选项将 VRF 分配给桥接口。它接受 VRF 的名称,默认为 none。只能与 Netavark 网络后端一起使用。

The macvlan and ipvlan driver support the following options:
macvlanipvlan 驱动程序支持以下选项:

  • parent: The host device which is used for the macvlan interface. Defaults to the default route interface.
    parent :用于 macvlan 接口的主机设备。默认为默认路由接口。

  • mode: This option sets the specified ip/macvlan mode on the interface.
    mode :此选项在接口上设置指定的 ip/macvlan 模式。

    • Supported values for macvlan are bridge, private, vepa, passthru. Defaults to bridge.
      macvlan 的支持值为 bridgeprivatevepapassthru 。默认为 bridge

    • Supported values for ipvlan are l2, l3, l3s. Defaults to l2.
      ipvlan 的支持值为 l2l3l3s 。默认为 l2

Additionally the macvlan driver supports the bclim option:
此外, macvlan 驱动程序支持 bclim 选项:

  • bclim: Set the threshold for broadcast queueing. Must be a 32 bit integer. Setting this value to -1 disables broadcast queueing altogether.
    bclim :设置广播排队的阈值。必须是一个 32 位整数。将此值设置为 -1 将完全禁用广播排队。

--route=route

A static route in the format <destination in CIDR notation>,<gateway>,<route metric (optional)>. This route will be added to every container in this network. Only available with the netavark backend. It can be specified multiple times if more than one static route is desired.
一个以 <destination in CIDR notation>,<gateway>,<route metric (optional)> 格式的静态路由。此路由将被添加到此网络中的每个容器中。仅在 netavark 后端可用。如果需要多个静态路由,可以多次指定。

--subnet=subnet

The subnet in CIDR notation. Can be specified multiple times to allocate more than one subnet for this network. The argument order of the --subnet, --gateway and --ip-range options must match. This is useful to set a static ipv4 and ipv6 subnet.
以 CIDR 表示的子网。可以多次指定以为此网络分配多个子网。--subnet、--gateway 和 --ip-range 选项的参数顺序必须匹配。这对设置静态 IPv4 和 IPv6 子网很有用。

EXAMPLE 例子 ¶

Create a network with no options.
创建一个没有选项的网络。

$ podman network create
podman2

Create a network named newnet that uses 192.5.0.0/16 for its subnet.
创建一个名为 newnet 的网络,其子网使用 192.5.0.0/16。

$ podman network create --subnet 192.5.0.0/16 newnet
newnet

Create an IPv6 network named newnetv6 with a subnet of 2001:db8::/64.
创建一个名为 newnetv6 的 IPv6 网络,子网为 2001:db8::/64。

$ podman network create --subnet 2001:db8::/64 --ipv6 newnetv6
newnetv6

Create a network named newnet that uses 192.168.33.0/24 and defines a gateway as 192.168.133.3.
创建一个名为 newnet 的网络,使用 192.168.33.0/24,并将网关定义为 192.168.133.3。

$ podman network create --subnet 192.168.33.0/24 --gateway 192.168.33.3 newnet
newnet

Create a network that uses a 192.168.55.0/24 subnet and has an IP address range of 192.168.55.129 - 192.168.55.254.
创建一个使用 192.168.55.0/24 子网并具有 IP 地址范围为 192.168.55.129 - 192.168.55.254 的网络。

$ podman network create --subnet 192.168.55.0/24 --ip-range 192.168.55.128/25
podman5

Create a network with a static ipv4 and ipv6 subnet and set a gateway.
创建一个具有静态 IPv4 和 IPv6 子网并设置网关的网络。

$ podman network create --subnet 192.168.55.0/24 --gateway 192.168.55.3 --subnet fd52:2a5a:747e:3acd::/64 --gateway fd52:2a5a:747e:3acd::10
podman4

Create a network with a static subnet and a static route.
使用静态子网和静态路由创建网络。

$ podman network create --subnet 192.168.33.0/24 --route 10.1.0.0/24,192.168.33.10 newnet

Create a network with a static subnet and a static route without a default route.
创建一个具有静态子网和静态路由但没有默认路由的网络。

$ podman network create --subnet 192.168.33.0/24 --route 10.1.0.0/24,192.168.33.10 --opt no_default_route=1 newnet

Create a Macvlan based network using the host interface eth0. Macvlan networks can only be used as root.
使用主机接口 eth0 创建基于 Macvlan 的网络。Macvlan 网络只能用作 root。

$ sudo podman network create -d macvlan -o parent=eth0 --subnet 192.5.0.0/16 newnet
newnet

SEE ALSO 参见 ¶

podman(1), podman-network(1), podman-network-inspect(1), podman-network-ls(1), containers.conf(5)

HISTORY 历史 ¶

August 2021, Updated with the new network format by Paul Holzinger pholzing@redhat.com
2021 年 8 月,由 Paul Holzinger pholzing@redhat.com 更新了新的网络格式

August 2019, Originally compiled by Brent Baude bbaude@redhat.com
2019 年 8 月,最初由 Brent Baude bbaude@redhat.com 编译