Kubernetes容器中的容器之间共享哪些命名空间? [英] What namespaces are shared among containers in a Kubernetes pod?

问题描述

Linux中有6种名称空间:Network, UTS, Users, Mount, IPC, Pid.我知道所有容器都与Kubernetes容器中的暂停容器共享相同的网络名称空间.默认情况下，不同的容器具有不同的PID名称空间，因为它们具有不同的初始化过程.但是，其他名称空间又如何呢?

There are 6 kinds of namespaces in linux: Network, UTS, Users, Mount, IPC, Pid. I know that all the containers share the same network namespace with the pause container in a Kubernetes pod. And by default, different containers have different PID namespaces because they have different init process. However, how about other namespaces and why?

推荐答案

根据

容器中的容器在逻辑主机"上运行；它们使用相同的网络名称空间(换言之，相同的IP地址和端口空间)和相同的IPC名称空间.

Containers in a Pod run on a "logical host"; they use the same network namespace (in other words, the same IP address and port space), and the same IPC namespace.

Pod中的容器共享相同的IPC名称空间，这意味着它们还可以使用标准的进程间通信(例如SystemV信号量或POSIX共享内存)相互通信.

Containers in a Pod share the same IPC namespace, which means they can also communicate with each other using standard inter-process communications such as SystemV semaphores or POSIX shared memory.

通过"localhost"可以访问Pod中的容器；他们使用相同的网络名称空间.另外，对于容器，可观察的主机名是Pod的名称.由于容器共享相同的IP地址和端口空间，因此应在容器中使用不同的端口进行传入连接.换句话说，Pod中的应用程序必须协调其端口的使用.

Containers in a Pod are accessible via "localhost"; they use the same network namespace. Also, for containers, the observable host name is a Pod’s name. Because containers share the same IP address and port space, you should use different ports in containers for incoming connections. In other words, applications in a Pod must coordinate their usage of ports.

您还可以启用共享流程名称空间通过指定v1.PodSpec.shareProcessNamespace: true在Pod中的容器之间切换.

You can also enable sharing Process namespace between containers in a Pod by specifying v1.PodSpec.shareProcessNamespace: true.

这篇关于Kubernetes容器中的容器之间共享哪些命名空间?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！