问题
Why would you connect two docker containers via network namespace, and not just through one network?
As far as I know the only difference is that you can call the other container using localhost. I don't see any use case where this would be necessary.
Does anyone have experience with this?
回答1:
One reason I can think of is for using a tool or command that is not available in your container. This example below comes directly from the docker run docs:
NETWORK: CONTAINER
Example running a Redis container with Redis binding to
localhostthen running theredis-clicommand and connecting to the Redis server over thelocalhostinterface.$ docker run -d --name redis example/redis --bind 127.0.0.1 $ # use the redis container's network stack to access localhost $ docker run --rm -it --network container:redis example/redis-cli -h 127.0.0.1
In a similar way, one can use this technique to debug a container. For example, if your container doesn't have tcpdump, you can create an image which has it:
docker build -t tcpdump - <<EOF
FROM ubuntu
RUN apt-get update && apt-get install -y tcpdump
CMD tcpdump -i eth0
EOF
and run a container to debug your app:
docker run --rm --net=container:my-app tcpdump
If your question was more about Kubernetes, a few interesting links are:
- The Kubernetes Network Model
- What is the role of a pause container?
- Understanding kubernetes networking: pods
来源:https://stackoverflow.com/questions/55004488/why-would-anyone-use-the-same-network-namespace-for-two-docker-containers