Kubernetes容器中的容器之间共享哪些命名空间?
Linux中有6种名称空间:Network, UTS, Users, Mount, IPC, Pid.我知道所有容器都与Kubernetes容器中的暂停容器共享相同的网络名称空间.默认情况下,不同的容器具有不同的PID名称空间,因为它们具有不同的初始化过程.但是,其他名称空间又如何呢?
There are 6 kinds of namespaces in linux: Network, UTS, Users, Mount, IPC, Pid. I know that all the containers share the same network namespace with the pause container in a Kubernetes pod. And by default, different containers have different PID namespaces because they have different init process. However, how about other namespaces and why?
根据
容器中的容器在逻辑主机"上运行;它们使用相同的网络名称空间(换言之,相同的IP地址和端口空间)和相同的IPC名称空间.
Containers in a Pod run on a "logical host"; they use the same network namespace (in other words, the same IP address and port space), and the same IPC namespace. Pod中的容器共享相同的IPC名称空间,这意味着它们还可以使用标准的进程间通信(例如SystemV信号量或POSIX共享内存)相互通信. Containers in a Pod share the same IPC namespace, which means they can also communicate with each other using standard inter-process communications such as SystemV semaphores or POSIX shared memory. 通过"localhost"可以访问Pod中的容器;他们使用相同的网络名称空间.另外,对于容器,可观察的主机名是Pod的名称.由于容器共享相同的IP地址和端口空间,因此应在容器中使用不同的端口进行传入连接.换句话说,Pod中的应用程序必须协调其端口的使用. Containers in a Pod are accessible via "localhost"; they use the same network namespace. Also, for containers, the observable host name is a Pod’s name. Because containers share the same IP address and port space, you should use different ports in containers for incoming connections. In other words, applications in a Pod must coordinate their usage of ports. 您还可以启用共享流程名称空间通过指定 You can also enable sharing Process namespace between containers in a Pod by specifying
v1.PodSpec.shareProcessNamespace: true在Pod中的容器之间切换.v1.PodSpec.shareProcessNamespace: true.