The newly created container will not create its own network card and configure its own IP. This pattern specifies that the newly created container shares a network namespace with an existing container, rather than with the host. The host mode is shown in the following figure:
The biggest advantage of host is that the network performance is better, but the ports already used on docker host can’t be used again, and the network isolation is not good. The container using the host mode can use the host’s IP address to communicate with the outside world, and the service port inside the container can also use the host’s port without NAT. However, other aspects of the container, such as the file system, process list, and so on, are isolated from the host. The container will not virtual out its own network card, configure its own IP, etc., but use the host’s IP and port. If the container is started in host mode, the container will not get a separate network namespace, but share a network namespace with the host. The container has an independent network namespace, but it does not have any network settings for it, such as assigning the Veth pair and bridge connection, configuring IP, etc. The pod in kubernetes is that multiple containers share a network namespace. The container shares the network namespace with another container. The container and the host share the network namespace.
If the container wants external access to be accessible, it can be accessed by mapping the container port to the host host (port mapping), that is, docker run enables the container through the – P or – P parameter when creating the container, and accesses the container through. The external network cannot be addressed, which also means that the external network cannot access the container through the container IP. The docker bridge is a virtual host, not a real network device. Because the containers in the same host are connected to the same bridge, the containers can communicate directly through the container IP of the container. At the same time, the docker bridge is the default gateway of each container. Docker bridging using Linux (Ref Linux virtual network technology)When the host machine virtual a docker container bridge (docker 0), the docker will assign an IP address to the container according to the network segment of the docker bridge, which is called container IP.
0 kommentar(er)
