16.1 none
创建一个容器使用网络none:
[root@docker ~]# docker run -d --name test1 --network none busybox /bin/sh -c "while true;do sleep 3600;done"
查看none网络的信息:
[root@docker ~]# docker network inspect none
[
{
"Name": "none",
"Id": "01f3c01c3ade3c5407e8eca21e1feb90d20915a18620c2a56ffd0cf6988eb141",
"Created": "2018-05-30T08:06:34.343726459+07:00",
"Scope": "local",
"Driver": "null",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"f8604dad47bf8f9b53b5b818bf7e4a3e812aa8de2430eaa9e3598c39542a9245": {
"Name": "test1",
"EndpointID": "b168220f621a7c4074bfd87d4ba929d5245431ae69e7ff6a0bd5f07db7f8f2f9",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@docker ~]#
可以发现test1这个容器没有任何网络信息,既没有mac地址也没有IP地址。也就是说这个容器无法通过任何方式访问到。
none网络的应用
- 用于部署一些安全性非常高的应用,不希望被其他人访问到,例如:“存放各种隐私资料”
- 通过一些只能本地访问的应用等
16.2 host
创建一个容器使用网host:
[root@docker ~]# docker run -d --name test2 --network host busybox /bin/sh -c "while true;do sleep 3600;done"
查看host网络的信息:
[root@docker ~]# docker network inspect host
[
{
"Name": "host",
"Id": "67f0fa7f22b04993967cd3aaafb8407927c755b7321db68aa6817e580bd31d91",
"Created": "2018-05-30T08:06:34.357481559+07:00",
"Scope": "local",
"Driver": "host",
"EnableIPv6": false,
"IPAM": {
"Driver": "default",
"Options": null,
"Config": []
},
"Internal": false,
"Attachable": false,
"Ingress": false,
"ConfigFrom": {
"Network": ""
},
"ConfigOnly": false,
"Containers": {
"e8150846b487e3dff44b469003bf6d576708e0bd611d9be9b084fd20e5743e07": {
"Name": "test2",
"EndpointID": "8ee16ddc5dc8a006b08185443aa0cc51fb2c192a735f5419ab05deec42795a55",
"MacAddress": "",
"IPv4Address": "",
"IPv6Address": ""
}
},
"Options": {},
"Labels": {}
}
]
[root@docker ~]#
可以发现test2这个容器和none网络的容器一样也没有任何网络信息,既没有mac地址也没有IP地址。但是,我们可以查看一下test2容器内部是否也是和none网络的容器一样:
[root@docker ~]# docker exec -it test2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:3e:00:68:40 brd ff:ff:ff:ff:ff:ff
inet 172.21.168.103/20 brd 172.21.175.255 scope global dynamic eth0
valid_lft 308531002sec preferred_lft 308531002sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:0c:47:25:c2 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
182: br-380c3f9ac371: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:4d:d4:b4:b7 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-380c3f9ac371
valid_lft forever preferred_lft forever
对比一下宿主机上的网络信息:
[root@docker ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:16:3e:00:68:40 brd ff:ff:ff:ff:ff:ff
inet 172.21.168.103/20 brd 172.21.175.255 scope global dynamic eth0
valid_lft 308530924sec preferred_lft 308530924sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:0c:47:25:c2 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
182: br-380c3f9ac371: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether 02:42:4d:d4:b4:b7 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-380c3f9ac371
valid_lft forever preferred_lft forever
[root@docker ~]#
可以发现,host网络下的容器的网络信息和宿主机的完全一样。这样的容器可能会和宿主机的端口冲突。