4.6 容器网络之host和none

none网络

创建一个name为test4的容器，network为none

docker run -d --name test4 --network none busybox /bin/sh -c "while true;do sleep 3600;done"

然后使用如下命令检查网络，发现test4容器没有对外的网络地址，也就意味着它是孤立的，只能通过docker exec来进行访问了

docker network inspect none
{
    "Containers": {
        "c79d3e5d65e9c4e108ba235bcb88afcf91a0e33d757103edaf69494be5f8efef": {
            "Name": "test4",
            "EndpointID": "15d02e63a684dbb221d9499a24dd3d1af727f54411571d3aa5d18e997f985f24",
            "MacAddress": "",
            "IPv4Address": "",
            "IPv6Address": ""
        }
    }
}
[vagrant@docker-node1 ~]$ docker exec test4 ip a
1: lo:  mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever

host网络

创建一个name为test5的容器，network为host

docker run -d --name test5 --network host busybox /bin/sh -c "while true;do sleep 3600;done"

然后使用docker network inspect host，发现test5容器也是没有对外的网络地址的

{
    "Containers": {
        "d5fd809592045345d79c8fd68656219782f9b82fb7defe1e00da9e46b9ea7b23": {
            "Name": "test5",
            "EndpointID": "5b950483a8e7f19e5238be72c38c0d9da7bef07e4592662aa5ced5f0a7eba020",
            "MacAddress": "",
            "IPv4Address": "",
            "IPv6Address": ""
        }
    }
}

但是执行docker exec test5 ip a命令，发现它的网络和容器所在的虚拟主机是一样的。

1: lo:  mtu 65536 qdisc noqueue qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 52:54:00:c9:c7:04 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 73267sec preferred_lft 73267sec
    inet6 fe80::5054:ff:fec9:c704/64 scope link
       valid_lft forever preferred_lft forever
3: eth1:  mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 08:00:27:33:6b:20 brd ff:ff:ff:ff:ff:ff
    inet 192.168.205.10/24 brd 192.168.205.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::a00:27ff:fe33:6b20/64 scope link
       valid_lft forever preferred_lft forever
4: docker0:  mtu 1500 qdisc noqueue
    link/ether 02:42:53:87:e6:fb brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
    inet6 fe80::42:53ff:fe87:e6fb/64 scope link
       valid_lft forever preferred_lft forever

也就是说基于host网络的容器，它是没有自己的name space的，它与主机共享同一个name space。