- None:不为容器配置任何网络功能,--net=none
[root@docker01 wordpress]# docker run -it --network none busybox:latest Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox ee153a04d683: Pull complete Digest: sha256:9f1003c480699be56815db0f8146ad2e22efea85129b5b5983d0e0fb52d9ab70 Status: Downloaded newer image for busybox:latest / # ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) / # free -m total used free shared buff/cache available Mem: 3935 1033 685 0 2216 2721 Swap: 1023 0 1023 / #
通过--network none设置busybox,此时busybox没有外网ip地址,不能与外界或其他容器通讯,只能在自己内部操作,再来查看busybox详情信息。
[root@docker01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 1273925e7a6f busybox:latest "sh" 4 minutes ago Up 4 minutes infallible_wiles [root@docker01 ~]# docker inspect 1273925e7a6f [ { "Id": "1273925e7a6fa2779fcc1b91f6cdca8996cc202a07bf59ea6efb8fe0106c27cc", "Created": "2019-07-29T08:33:15.470319308Z", . . 省略部分 . . "Networks": { "none": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "3a7f8b6f580d89926046a40d98f2efea19531ce5d6c512615fafc25afc6839e5", "EndpointID": "459579344a74330eab42f809ca722aa807afa7a8ea26861ddaea0400539bc78c", "Gateway": "", "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "DriverOpts": null } } } } ] [root@docker01 ~]#
可以看到Networks下,宿主机并没有给它分配IP。
-
Container:与另一个运行中的容器共享Network Namespace,--net=container:containerID
#先启动一个httpd,默认为桥接[root@docker01 ~]# docker run -d httpd:latest Unable to find image 'httpd:latest' locally latest: Pulling from library/httpd f5d23c7fed46: Already exists b083c5fd185b: Pull complete bf5100a89e78: Pull complete 98f47fcaa52f: Pull complete 622a9dd8cfed: Pull complete Digest: sha256:c18b9ace5dd1864674064dea03f7ff4e378e43b9ec57827853d0bd93953772df Status: Downloaded newer image for httpd:latest c35b4931545fa83f236144d2ecdd572785540bfb34df381b1c2360ebc478672d [root@docker01 ~]# docker inspect c35b4931545f #查看详情信息 [ { "Id": "c35b4931545fa83f236144d2ecdd572785540bfb34df381b1c2360ebc478672d", "Created": "2019-07-29T08:45:27.272877675Z", . . 省略部分 . . "Networks": { "bridge": { #桥接 "IPAMConfig": null, "Links": null, "Aliases": null, "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } } } } ] [root@docker01 ~]#
#启动另一个centos容器并指定httpd 为共享网络
[root@docker01 ~]# docker run -it --network container:agitated_shtern centos:latest [root@c35b4931545f /]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - [root@c35b4931545f /]# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 08:55 pts/0 00:00:00 /bin/bash root 15 1 0 08:56 pts/0 00:00:00 ps -ef [root@c35b4931545f /]#
#进入容器后发现,80端口已经被监听,这是httpd容器占用的
#查看centos详情信息,发现NetWorkSettings中很多为空,详细查看共享网络和不分配网络的区别,可以观察到两者的ip地址相同,都是172.17.0.2:[root@docker01 ~]# docker inspect c35b4931545f [ { "Id": "c35b4931545fa83f236144d2ecdd572785540bfb34df381b1c2360ebc478672d", "Created": "2019-07-29T08:45:27.272877675Z", "Path": "httpd-foreground", . . 省略部分 . . "NetworkSettings": { "Bridge": "", "SandboxID": "20339a3caec43b626169ba83d12ef093b0137f6eac55da2f82b8408f855653e0", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "80/tcp": null }, "SandboxKey": "/var/run/docker/netns/20339a3caec4", "SecondaryIPAddresses": null, "SecondaryIPv6Addresses": null, "EndpointID": "3f7c22526c112653bba464f5d4e7d74ddc971062935434593c4e3de3999e9812", "Gateway": "172.17.0.1", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "MacAddress": "02:42:ac:11:00:02", "Networks": { "bridge": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "ee3200a1482b54a8c3d99e5e31321319cad576b8b0206e565f0ee4b05271747a", "EndpointID": "3f7c22526c112653bba464f5d4e7d74ddc971062935434593c4e3de3999e9812", "Gateway": "172.17.0.1", "IPAddress": "172.17.0.2", "IPPrefixLen": 16, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "02:42:ac:11:00:02", "DriverOpts": null } } } } ] [root@docker01 ~]#
当ping 172.17.0.2,两个容器都会收到包
-
Host:与主机共享Network Namespace,--net=host
[root@docker01 ~]# docker run -it --network host centos:latest [root@docker01 /]# ifconfig bash: ifconfig: command not found [root@docker01 /]# yum install net-tools -y Loaded plugins: fastestmirror, ovl Determining fastest mirrors * base: ftp.sjtu.edu.cn . . 省略部分 . . Installing : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Verifying : net-tools-2.0-0.24.20131004git.el7.x86_64 1/1 Installed: net-tools.x86_64 0:2.0-0.24.20131004git.el7 Complete! [root@docker01 /]# ifconfig br-1a7c4ed89c32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255 inet6 fe80::42:e0ff:fee8:b095 prefixlen 64 scopeid 0x20<link> ether 02:42:e0:e8:b0:95 txqueuelen 0 (Ethernet) RX packets 10458 bytes 572069 (558.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 15346 bytes 28631560 (27.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 br-cbcc1a7aa97d: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255 ether 02:42:26:ac:02:86 txqueuelen 0 (Ethernet) RX packets 383 bytes 44573 (43.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 427 bytes 49159 (48.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.1 netmask 255.255.0.0 broadcast 172.17.255.255 inet6 fe80::42:c6ff:fee6:7508 prefixlen 64 scopeid 0x20<link> ether 02:42:c6:e6:75:08 txqueuelen 0 (Ethernet) RX packets 10458 bytes 425657 (415.6 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 15338 bytes 28630912 (27.3 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.11 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::20c:29ff:fe2b:87e6 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2b:87:e6 txqueuelen 1000 (Ethernet) RX packets 842194 bytes 1142467422 (1.0 GiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 459627 bytes 807533012 (770.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::20c:29ff:fe2b:87f0 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:2b:87:f0 txqueuelen 1000 (Ethernet) RX packets 1 bytes 60 (60.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 9 bytes 690 (690.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device interrupt 16 base 0x2000 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1 (Local Loopback) RX packets 4490 bytes 255192 (249.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4490 bytes 255192 (249.2 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 veth7b087c6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::c4e9:b7ff:fe10:2f44 prefixlen 64 scopeid 0x20<link> ether c6:e9:b7:10:2f:44 txqueuelen 0 (Ethernet) RX packets 204 bytes 102823 (100.4 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 197 bytes 34480 (33.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@docker01 /]#
当我们运行docker run -it --network host centos:latest,发现好像没什么变化,但其实它已经进入容器docker01中,因为与宿主机公用网络,同事主机名也和宿主机一样。
[root@docker01 ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b422cc4a8803 centos:latest "/bin/bash" 5 minutes ago Up 5 minutes priceless_cerf [root@docker01 ~]# docker inspect b422cc4a8803 [ { "Id": "b422cc4a8803ab84c63c6a0952c6abf32210aca0aa1db71cfc20b4ce54a7ff69", "Created": "2019-07-29T09:52:53.240870758Z", "Path": "/bin/bash", . . 省略部分 . . "host": { "IPAMConfig": null, "Links": null, "Aliases": null, "NetworkID": "1a2a87ff371157572eb4c7dbd7c06c172df292f50aecf9c898868019626ab504", "EndpointID": "3c040bc154da6fd4a5df5637f93b730b32731338dcf1272069f4b1eaabf82b74", "Gateway": "", "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "DriverOpts": null } } } } ] [root@docker01 ~]#
-
Bridge:Docker设计的NAT网络模型,这是docker默认的网络模式hi,这个网络模型就不用多说了,我们前面用到的都是这种模式。宿主机自动给docker容器分配内网ip,我们可通过端口映射与之通讯。
跟我学Docker:容器编排docker-compose(十三)
原文链接:
www.sudo.ren