为什么有人会为两个 docker 容器使用相同的网络命名空间? [英] Why would anyone use the same network namespace for two docker containers?
问题描述
Why would you connect two docker containers via network namespace, and not just through one network?
As far as I know the only difference is that you can call the other container using localhost. I don't see any use case where this would be necessary.
Does anyone have experience with this?
One reason I can think of is for using a tool or command that is not available in your container. This example below comes directly from the docker run docs:
NETWORK: CONTAINER
Example running a Redis container with Redis binding to
localhostthen running theredis-clicommand and connecting to the Redis server over thelocalhostinterface.$ docker run -d --name redis example/redis --bind 127.0.0.1 $ # use the redis container's network stack to access localhost $ docker run --rm -it --network container:redis example/redis-cli -h 127.0.0.1
In a similar way, one can use this technique to debug a container. For example, if your container doesn't have tcpdump, you can create an image which has it:
docker build -t tcpdump - <<EOF
FROM ubuntu
RUN apt-get update && apt-get install -y tcpdump
CMD tcpdump -i eth0
EOF
and run a container to debug your app:
docker run --rm --net=container:my-app tcpdump
If your question was more about Kubernetes, a few interesting links are:
- The Kubernetes Network Model
- What is the role of a
pausecontainer? - Understanding kubernetes networking: pods
这篇关于为什么有人会为两个 docker 容器使用相同的网络命名空间?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
