none 网络
创立一个 name 为 test4 的容器,network 为 none
docker run -d --name test4 --network none busybox /bin/sh -c "while true;do sleep 3600;done"
而后应用如下命令查看网络,发现 test4 容器没有对外的网络地址,也就意味着它是孤立的,只能通过 docker exec
来进行拜访了
docker network inspect none
{
"Containers": {
"c79d3e5d65e9c4e108ba235bcb88afcf91a0e33d757103edaf69494be5f8efef": {
"Name": "test4",
"EndpointID": "15d02e63a684dbb221d9499a24dd3d1af727f54411571d3aa5d18e997f985f24",
"MacAddress": "","IPv4Address":"",
"IPv6Address": ""
}
}
}
[vagrant@docker-node1 ~]$ docker exec test4 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
host 网络
创立一个 name 为 test5 的容器,network 为 host
docker run -d --name test5 --network host busybox /bin/sh -c "while true;do sleep 3600;done"
而后应用docker network inspect host
,发现 test5 容器也是没有对外的网络地址的
{
"Containers": {
"d5fd809592045345d79c8fd68656219782f9b82fb7defe1e00da9e46b9ea7b23": {
"Name": "test5",
"EndpointID": "5b950483a8e7f19e5238be72c38c0d9da7bef07e4592662aa5ced5f0a7eba020",
"MacAddress": "","IPv4Address":"",
"IPv6Address": ""
}
}
}
然而执行 docker exec test5 ip a
命令,发现它的网络和容器所在的虚拟主机是一样的。
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 52:54:00:c9:c7:04 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
valid_lft 73267sec preferred_lft 73267sec
inet6 fe80::5054:ff:fec9:c704/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 08:00:27:33:6b:20 brd ff:ff:ff:ff:ff:ff
inet 192.168.205.10/24 brd 192.168.205.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe33:6b20/64 scope link
valid_lft forever preferred_lft forever
4: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
link/ether 02:42:53:87:e6:fb brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:53ff:fe87:e6fb/64 scope link
valid_lft forever preferred_lft forever
也就是说基于 host 网络的容器,它是没有本人的 name space 的,它与主机共享同一个 name space。