联盟式容器
两个容器之间共享同一个网络名称空间。
- 联盟式容器是指两个名称空间各自使用user,mount,pid。但共享utf,nat,ipc名称空间
我们启动一个容器,状态如下
[root@linuxea.com_10_10_240_145 /data/mirrors/wwwroot]$ docker run --name linuxea -it --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
103: eth0@if104: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever我们在启动一个容器使用--network container:linuxea,这指网络名称空间使用第一个容器linuxea的网络名称空间。
[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea2 --network container:linuxea -it --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
103: eth0@if104: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 brd 172.17.255.255 scope global eth0
valid_lft forever preferred_lft forever网络名称空间是共享的,但是其他还是隔离的
为了更好的示例,创建一个httpd,在第一个linuxea容器
/ # mkdir /data/www -p
/ # echo "www.linuxea.com" >> /data/www/index.html
/ # httpd -h /data/www/
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 而后在linuxea2上使用127.0.0.1访问
/ # wget -O - -q 127.0.0.1
www.linuxea.comlinuxea和linuxea2是共享一个lo,也就是共享同一个IPC,彼此之间通讯。
这种效果相当于在传统主机上的两个进程直接通讯。
host
host就不隔离网络名称空间,共享物理机的名称空间
[root@linuxea.com_10_10_240_145 ~]$ docker run --name linuxea -it --network host --rm busybox
/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether 88:88:2f:d9:89:67 brd ff:ff:ff:ff:ff:ff
inet 10.10.240.145/8 brd 10.255.255.255 scope global dynamic eth0
valid_lft 84609sec preferred_lft 84609sec
inet 10.10.240.199/16 brd 10.0.255.255 scope global eth0:RSVIP
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 02:42:67:1e:bf:16 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq qlen 1000
link/ether fa:d9:57:90:8c:c8 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.172/8 brd 10.255.255.255 scope global dynamic eth1
valid_lft 77223sec preferred_lft 77223sec
78: veth1,1@if77: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop qlen 1000
link/ether ca:e3:57:9d:46:6c brd ff:ff:ff:ff:ff:ff
79: veth1.2@veth1.1: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop qlen 1000
link/ether 06:3c:f3:f8:39:b1 brd ff:ff:ff:ff:ff:ff
80: veth1.1@veth1.2: <BROADCAST,MULTICAST,M-DOWN> mtu 1500 qdisc noop qlen 1000
link/ether 66:96:16:71:13:4c brd ff:ff:ff:ff:ff:ff而后如法炮制创建一个httpd
/ # mkdir /data/www -p
/ # echo "www.linuxea.com" >> /data/www/index.html
/ # httpd -h /data/www/
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6603 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22992 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6013 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6014 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:4006 0.0.0.0:* LISTEN 这里的网络名称空间直接共享宿主机的,只要确保宿主机没有监听容器内监听的端口就可以运行。这种方式特点在与快捷。
