为什么有人会为两个docker容器使用相同的网络名称空间? [英] Why would anyone use the same network namespace for two docker containers?
问题描述
为什么您要通过网络名称空间而不是仅通过一个网络连接两个Docker容器?
Why would you connect two docker containers via network namespace, and not just through one network?
据我所知,唯一的区别是您可以使用localhost调用另一个容器。我看不到有必要的用例。
As far as I know the only difference is that you can call the other container using localhost. I don't see any use case where this would be necessary.
有人有经验吗?
推荐答案
我能想到的一个原因是使用容器中不可用的工具或命令。下面的示例直接来自 docker run
文档:
One reason I can think of is for using a tool or command that is not available in your container. This example below comes directly from the docker run
docs:
网络:容器
使用Redis绑定运行Redis容器的示例到
localhost
,然后运行redis-cli
命令并通过localhost连接到Redis服务器
界面。
NETWORK: CONTAINER
Example running a Redis container with Redis binding to
localhost
then running theredis-cli
command and connecting to the Redis server over thelocalhost
interface.
$ docker run -d --name redis example/redis --bind 127.0.0.1
$ # use the redis container's network stack to access localhost
$ docker run --rm -it --network container:redis example/redis-cli -h 127.0.0.1
以类似的方式,可以使用此技术调试一个容器。例如,如果您的容器没有 tcpdump
,则可以创建包含它的图像:
In a similar way, one can use this technique to debug a container. For example, if your container doesn't have tcpdump
, you can create an image which has it:
docker build -t tcpdump - <<EOF
FROM ubuntu
RUN apt-get update && apt-get install -y tcpdump
CMD tcpdump -i eth0
EOF
和运行
一个容器来调试应用程序:
and run
a container to debug your app:
docker run --rm --net=container:my-app tcpdump
如果您的问题是关于 Kubernetes ,一些有趣的链接是:
If your question was more about Kubernetes, a few interesting links are:
- The Kubernetes Network Model
- What is the role of a
pause
container? - Understanding kubernetes networking: pods
这篇关于为什么有人会为两个docker容器使用相同的网络名称空间?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!