16、Docker的网络-host和none

1|016.1 none

  创建一个容器使用网络none:

[root@docker ~]# docker run -d --name test1 --network none busybox /bin/sh -c "while true;do sleep 3600;done"

  查看none网络的信息:

[root@docker ~]# docker network inspect none
[
    {
        "Name": "none",
        "Id": "01f3c01c3ade3c5407e8eca21e1feb90d20915a18620c2a56ffd0cf6988eb141",
        "Created": "2018-05-30T08:06:34.343726459+07:00",
        "Scope": "local",
        "Driver": "null",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "f8604dad47bf8f9b53b5b818bf7e4a3e812aa8de2430eaa9e3598c39542a9245": {
                "Name": "test1",
                "EndpointID": "b168220f621a7c4074bfd87d4ba929d5245431ae69e7ff6a0bd5f07db7f8f2f9",
                "MacAddress": "",
                "IPv4Address": "",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
[root@docker ~]#

  可以发现test1这个容器没有任何网络信息,既没有mac地址也没有IP地址。也就是说这个容器无法通过任何方式访问到。

1|1none网络的应用
  1. 用于部署一些安全性非常高的应用,不希望被其他人访问到,例如:“存放各种隐私资料”
  2. 通过一些只能本地访问的应用等

2|016.2 host

  创建一个容器使用网host:

[root@docker ~]# docker run -d --name test2 --network host busybox /bin/sh -c "while true;do sleep 3600;done"

  查看host网络的信息:

[root@docker ~]# docker network inspect host
[
    {
        "Name": "host",
        "Id": "67f0fa7f22b04993967cd3aaafb8407927c755b7321db68aa6817e580bd31d91",
        "Created": "2018-05-30T08:06:34.357481559+07:00",
        "Scope": "local",
        "Driver": "host",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": []
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "e8150846b487e3dff44b469003bf6d576708e0bd611d9be9b084fd20e5743e07": {
                "Name": "test2",
                "EndpointID": "8ee16ddc5dc8a006b08185443aa0cc51fb2c192a735f5419ab05deec42795a55",
                "MacAddress": "",
                "IPv4Address": "",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {}
    }
]
[root@docker ~]#

  可以发现test2这个容器和none网络的容器一样也没有任何网络信息,既没有mac地址也没有IP地址。但是,我们可以查看一下test2容器内部是否也是和none网络的容器一样:

[root@docker ~]# docker exec -it test2 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:16:3e:00:68:40 brd ff:ff:ff:ff:ff:ff
    inet 172.21.168.103/20 brd 172.21.175.255 scope global dynamic eth0
       valid_lft 308531002sec preferred_lft 308531002sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 02:42:0c:47:25:c2 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
182: br-380c3f9ac371: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
    link/ether 02:42:4d:d4:b4:b7 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-380c3f9ac371
       valid_lft forever preferred_lft forever

  对比一下宿主机上的网络信息:

[root@docker ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:16:3e:00:68:40 brd ff:ff:ff:ff:ff:ff
    inet 172.21.168.103/20 brd 172.21.175.255 scope global dynamic eth0
       valid_lft 308530924sec preferred_lft 308530924sec
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 02:42:0c:47:25:c2 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
182: br-380c3f9ac371: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 02:42:4d:d4:b4:b7 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-380c3f9ac371
       valid_lft forever preferred_lft forever
[root@docker ~]#

  可以发现,host网络下的容器的网络信息和宿主机的完全一样。这样的容器可能会和宿主机的端口冲突。


__EOF__

本文作者StaryJie
本文链接https://www.cnblogs.com/jie-fang/p/10279763.html
关于博主:评论和私信会在第一时间回复。或者直接私信我。
版权声明:本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!
声援博主:如果您觉得文章对您有帮助,可以点击文章右下角推荐一下。您的鼓励是博主的最大动力!
posted @   StaryJie  阅读(533)  评论(0编辑  收藏  举报
编辑推荐:
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
阅读排行:
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 单元测试从入门到精通
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律
点击右上角即可分享
微信分享提示
AI IDE Trae