host简介

容器与宿主机共享同一网络,从下面的例子可以发现,容器box1和宿主机使用的网络完全一致

  1. [root@localhost zhangtao]# docker container run -d --rm --name box1 --network host busybox /bin/sh -c "while true; do sleep 3600; done"
  2. 3512823b7fba88c082f30966b91b3070bfa6d10f117a766aae4d1df82f78fe4a
  3. [root@localhost zhangtao]#
  4. [root@localhost zhangtao]# docker container exec -it box1 ip a
  5. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
  6.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  7.     inet 127.0.0.1/8 scope host lo
  8.        valid_lft forever preferred_lft forever
  9.     inet6 ::1/128 scope host
  10.        valid_lft forever preferred_lft forever
  11. 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
  12.     link/ether 00:50:56:9c:d9:7d brd ff:ff:ff:ff:ff:ff
  13.     inet 10.66.253.123/20 brd 10.66.255.255 scope global noprefixroute ens192
  14.        valid_lft forever preferred_lft forever
  15.     inet6 fe80::f683:a97e:c58:1cfb/64 scope link tentative dadfailed noprefixroute
  16.        valid_lft forever preferred_lft forever
  17.     inet6 fe80::7b70:f10a:c37a:83b/64 scope link tentative dadfailed noprefixroute
  18.        valid_lft forever preferred_lft forever
  19.     inet6 fe80::40c6:68e2:7711:779a/64 scope link tentative dadfailed noprefixroute
  20.        valid_lft forever preferred_lft forever
  21. 3: br-75f6bbe6b8e4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
  22.     link/ether 02:42:74:98:0b:4d brd ff:ff:ff:ff:ff:ff
  23.     inet 172.30.10.1/24 brd 172.30.10.255 scope global br-75f6bbe6b8e4
  24.        valid_lft forever preferred_lft forever
  25. 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
  26.     link/ether 02:42:96:11:5d:92 brd ff:ff:ff:ff:ff:ff
  27.     inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
  28.        valid_lft forever preferred_lft forever
  29. 5: br-a73727a1bbe7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
  30.     link/ether 02:42:bf:d4:73:dd brd ff:ff:ff:ff:ff:ff
  31.     inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a73727a1bbe7
  32.        valid_lft forever preferred_lft forever
  33. [root@localhost zhangtao]#
  34. [root@localhost zhangtao]#
  35. [root@localhost zhangtao]# ip a
  36. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
  37.     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  38.     inet 127.0.0.1/8 scope host lo
  39.        valid_lft forever preferred_lft forever
  40.     inet6 ::1/128 scope host
  41.        valid_lft forever preferred_lft forever
  42. 2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
  43.     link/ether 00:50:56:9c:d9:7d brd ff:ff:ff:ff:ff:ff
  44.     inet 10.66.253.123/20 brd 10.66.255.255 scope global noprefixroute ens192
  45.        valid_lft forever preferred_lft forever
  46.     inet6 fe80::f683:a97e:c58:1cfb/64 scope link tentative noprefixroute dadfailed
  47.        valid_lft forever preferred_lft forever
  48.     inet6 fe80::7b70:f10a:c37a:83b/64 scope link tentative noprefixroute dadfailed
  49.        valid_lft forever preferred_lft forever
  50.     inet6 fe80::40c6:68e2:7711:779a/64 scope link tentative noprefixroute dadfailed
  51.        valid_lft forever preferred_lft forever
  52. 3: br-75f6bbe6b8e4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
  53.     link/ether 02:42:74:98:0b:4d brd ff:ff:ff:ff:ff:ff
  54.     inet 172.30.10.1/24 brd 172.30.10.255 scope global br-75f6bbe6b8e4
  55.        valid_lft forever preferred_lft forever
  56. 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
  57.     link/ether 02:42:96:11:5d:92 brd ff:ff:ff:ff:ff:ff
  58.     inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
  59.        valid_lft forever preferred_lft forever
  60. 5: br-a73727a1bbe7: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
  61.     link/ether 02:42:bf:d4:73:dd brd ff:ff:ff:ff:ff:ff
  62.     inet 172.18.0.1/16 brd 172.18.255.255 scope global br-a73727a1bbe7
  63.        valid_lft forever preferred_lft forever

host网络限制

如果使用像Nginx的容器,将其网络改为host的话,就不能创建多个Nginx容器。因为第一个使用host的Nginx容器已经将宿主机的80端口所占用,其他容器就不能再次监听宿主机的80端口了。

  • 创建两个Nginx容器,都使用host网络,会发现web5这个容器已经退出了

    1. [root@localhost]# docker container run -d --name web4 --network host nginx
    2. a24800911cff61c283e629ec50f56b377b18e8199fda91bce535328401433aba
    3. [root@localhost]#
    4. [root@localhost]# docker container run -d --name web5 --network host nginx
    5. 15ab3a57acd09e6cd8f2a7d9b7be6aced157a25baf90d2ca3440d3146e66b5b0
    6. [root@localhost]# docker container ls -a
    7. CONTAINER ID   IMAGE     COMMAND                  CREATED              STATUS                          PORTS                               NAMES
    8. 15ab3a57acd0   nginx     "/docker-entrypoint.…"   About a minute ago   Exited (1) About a minute ago                                       web5
    9. a24800911cff   nginx     "/docker-entrypoint.…"   2 minutes ago        Up 2 minutes                                                        web4
    10. ecdc2d9e4a77   nginx     "/docker-entrypoint.…"   6 minutes ago        Up 6 minutes                    80/tcp                              web3
    11. 81a03dcd558d   nginx     "/docker-entrypoint.…"   6 minutes ago        Up 6 minutes                    80/tcp                              web2
    12. 85f19091f188   nginx     "/docker-entrypoint.…"   6 minutes ago        Up 6 minutes                    80/tcp                              web1
    13. f82028e4f127   nginx     "/docker-entrypoint.…"   3 weeks ago          Exited (255) 23 minutes ago     0.0.0.0:80->80/tcp, :::80->80/tcp   condescending_brattain

  • 查看web5的日志就会发现,宿主机的80端已经被占用,不能再创建web5容器

    1. [root@localhost]# docker logs -f web5
    2. /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
    3. /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
    4. /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
    5. 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
    6. 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
    7. /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
    8. /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
    9. /docker-entrypoint.sh: Configuration complete; ready for start up
    10. 2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
    11. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
    12. 2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
    13. nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
    14. 2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
    15. 2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
    16. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
    17. 2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
    18. nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
    19. 2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
    20. 2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
    21. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
    22. 2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
    23. nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
    24. 2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
    25. 2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
    26. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
    27. 2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
    28. nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
    29. 2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
    30. 2021/12/13 12:29:51 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
    31. nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
    32. 2021/12/13 12:29:51 [emerg] 1#1: bind() to [::]:80 failed (98: Address already in use)
    33. nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
    34. 2021/12/13 12:29:51 [notice] 1#1: try again to bind() after 500ms
    35. 2021/12/13 12:29:51 [emerg] 1#1: still could not bind()
    36. nginx: [emerg] still could not bind()

    使用host网络的好处

  • 能够减少性能损耗,比如使用bridge网络,会经过NAT、端口转发等过程,而使用host不需要
    七、Docker网络-host网络详解 - 图1

    none网络简介

    1. [root@localhost zhangtao]# docker network ls
    2. NETWORK ID     NAME                     DRIVER    SCOPE
    3. bbd37a39580b   bridge                   bridge    local
    4. 02c908cdee7e   host                     host      local
    5. d8c32d294a1b   none                     null      local

  • 使用none网络无法进行内网和外网通信,只有一个本地的回环地址。
    七、Docker网络-host网络详解 - 图2

  • 使用场景:被第三方程序使用,比如容器编排就希望docker创建一个没有网络的容器,至于网络部分就由容器编排来负责。