三十九、Docker网络-host网络详解
2021-12-26 本文已影响0人
InsaneLoafer
host简介
容器与宿主机共享同一网络,从下面的例子可以发现,容器box1和宿主机使用的网络完全一致
[root@localhost zhangtao]# docker container run -d --rm --name box1 --network host busybox /bin/sh -c "while true; do sleep 3600; done"
3512823b7fba88c082f30966b91b3070bfa6d10f117a766aae4d1df82f78fe4a
[root@localhost zhangtao]#
[root@localhost zhangtao]# docker container exec -it box1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 00:50:56:9c:d9:7d brd ff:ff:ff:ff:ff:ff
inet 10.66.253.123/20 brd 10.66.255.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::f683:a97e:c58:1cfb/64 scope link tentative dadfailed noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::7b70:f10a:c37a:83b/64 scope link tentative dadfailed noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::40c6:68e2:7711:779a/64 scope link tentative dadfailed noprefixroute
valid_lft forever preferred_lft forever
3: br-75f6bbe6b8e4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:74:98:0b:4d brd ff:ff:ff:ff:ff:ff
inet 172.30.10.1/24 brd 172.30.10.255 scope global br-75f6bbe6b8e4
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:96:11:5d:92 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: br-a73727a1bbe7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:bf:d4:73:dd brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a73727a1bbe7
valid_lft forever preferred_lft forever
[root@localhost zhangtao]#
[root@localhost zhangtao]#
[root@localhost zhangtao]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:9c:d9:7d brd ff:ff:ff:ff:ff:ff
inet 10.66.253.123/20 brd 10.66.255.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet6 fe80::f683:a97e:c58:1cfb/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::7b70:f10a:c37a:83b/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
inet6 fe80::40c6:68e2:7711:779a/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
3: br-75f6bbe6b8e4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:74:98:0b:4d brd ff:ff:ff:ff:ff:ff
inet 172.30.10.1/24 brd 172.30.10.255 scope global br-75f6bbe6b8e4
valid_lft forever preferred_lft forever
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:96:11:5d:92 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
5: br-a73727a1bbe7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:bf:d4:73:dd brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a73727a1bbe7
valid_lft forever preferred_lft forever
host网络限制
如果使用像Nginx的容器,将其网络改为host的话,就不能创建多个Nginx容器。因为第一个使用host的Nginx容器已经将宿主机的80端口所占用,其他容器就不能再次监听宿主机的80端口了。
- 创建两个Nginx容器,都使用host网络,会发现web5这个容器已经退出了
[root@localhost]# docker container run -d --name web4 --network host nginx
a24800911cff61c283e629ec50f56b377b18e8199fda91bce535328401433aba
[root@localhost]#
[root@localhost]# docker container run -d --name web5 --network host nginx
15ab3a57acd09e6cd8f2a7d9b7be6aced157a25baf90d2ca3440d3146e66b5b0
[root@localhost]# docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
15ab3a57acd0 nginx "/docker-entrypoint.…" About a minute ago Exited (1) About a minute ago web5
a24800911cff nginx "/docker-entrypoint.…" 2 minutes ago Up 2 minutes web4
ecdc2d9e4a77 nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp web3
81a03dcd558d nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp web2
85f19091f188 nginx "/docker-entrypoint.…" 6 minutes ago Up 6 minutes 80/tcp web1
f82028e4f127 nginx "/docker-entrypoint.…" 3 weeks ago Exited (255) 23 minutes ago 0.0.0.0:80->80/tcp, :::80->80/tcp condescending_brattain
- 查看web5的日志就会发现,宿主机的80端已经被占用,不能再创建web5容器
[root@localhost]# docker logs -f web5
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
2021/12/13 12:29:51 [emerg] 1#1: still could not bind()
nginx: [emerg] still could not bind()
使用host网络的好处
-
能够减少性能损耗,比如使用bridge网络,会经过NAT、端口转发等过程,而使用host不需要
none网络简介
[root@localhost zhangtao]# docker network ls
NETWORK ID NAME DRIVER SCOPE
bbd37a39580b bridge bridge local
02c908cdee7e host host local
d8c32d294a1b none null local
-
使用none网络无法进行内网和外网通信,只有一个本地的回环地址。
- 使用场景:被第三方程序使用,比如容器编排就希望docker创建一个没有网络的容器,至于网络部分就由容器编排来负责。
