Docker namespace

Question: When docker containers need to collaborate, for example, to build TESTLINK, two containers are needed to collaborate, and mariadb. We all know that the containers are isolated. If the two containers need to communicate with each other, the network should How to do it

Method 1: To
start the container and specify the IP address, you can use the port mapping method, but if there are too many services, it is not easy to use, because a huge port list needs to be maintained; in the face of dozens of environments, each environment establishes a port The maintenance of the mapping list is a big project.

Method 2:
1. Link
2. Container mode The
above two modes can be solved. Link is to connect the two services through the link parameter to achieve network communication.

E.g:

docker run -d --name mariadb -e ALLOW_EMPTY_PASSWORD=yes -e MARIADB_USER=bn_testlink -e
MARIADB_DATABASE=bitnami_testlink -v /home/gaofei/test/mysql:/var/lib/mysql -p 8088:3306
bitnami/mariadb:latest

The Docker -e parameter specifies environment variables, and its function is equivalent to passing parameters. The mirror startup initialization specifies some parameters that need to be passed.

Use the container to share the same network namespace
 docker run --name=conan -itd -p 899:4200 connan
 # --net specify the container
 docker run --name=holms -itd --net=container:conan holmes
 docker compose up- d
 Container orchestration: docker compose can only be used on a single machine, and clusters are not applicable.
 In fact, docker commands are made into configuration files

 

The three isolation technologies of docker:
linux namespace: network, process, file...
cgroup: isolated resources (cpu, memory, io)
joint file system: (mirror directory (only the directory of this container can be seen))

When creating a container:
Create a process for the container (select network, process, file name space, default is new) The
container is a process. It just creates a network space, process space, and file mounting space.
ps -ef sees all the processes of the host, but cannot see the inside of the container.
ifconfig # Viewed is the host's network configuration information:

Enter the container to view the network configuration of the container:

1. Find Pid according to the container

[root@izbp1jfqk9lif6vh3vclhkz ~]# docker inspect zcc_jenkins | grep "Pid*"
            "Pid": 2914,
            "PidMode": "",
            "PidsLimit": 0,

2. Enter the internal network of the container according to Pid:

[root@izbp1jfqk9lif6vh3vclhkz ~]# cd /proc/2914
[root@izbp1jfqk9lif6vh3vclhkz 2914]# cd ns
[root@izbp1jfqk9lif6vh3vclhkz ns]# ll
total 0
lrwxrwxrwx 1 1000 1000 0 Oct 26 22:24 ipc -> ipc:[4026532162]
lrwxrwxrwx 1 1000 1000 0 Oct 26 22:24 mnt -> mnt:[4026532160]
lrwxrwxrwx 1 1000 1000 0 Oct 25 10:08 net -> net:[4026532165]
lrwxrwxrwx 1 1000 1000 0 Oct 26 22:24 pid -> pid:[4026532163]
lrwxrwxrwx 1 1000 1000 0 Oct 26 22:24 user -> user:[4026531837]
lrwxrwxrwx 1 1000 1000 0 Oct 26 22:24 uts -> uts:[4026532161]

Here you can view several major namespaces,

3. You can view by entering the name space:

nsenter -t 2914 -n
[root@izbp1jfqk9lif6vh3vclhkz ns]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.2  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:ac:11:00:02  txqueuelen 0  (Ethernet)
        RX packets 9559  bytes 6317939 (6.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8555  bytes 1544289 (1.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

4. Finally, exit to view the host's network configuration:

[root@izbp1jfqk9lif6vh3vclhkz ns]# exit
logout
[root@izbp1jfqk9lif6vh3vclhkz ns]# ifconfig
br-88c96636d51c: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 172.18.0.1  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:9c:0a:73:00  txqueuelen 0  (Ethernet)
        RX packets 722466  bytes 620939057 (592.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 456232  bytes 194335800 (185.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.17.0.1  netmask 255.255.0.0  broadcast 172.17.255.255
        ether 02:42:fc:5f:37:27  txqueuelen 0  (Ethernet)
        RX packets 13980  bytes 1782939 (1.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 15015  bytes 15977791 (15.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.28.24.72  netmask 255.255.240.0  broadcast 172.28.31.255
        ether 00:16:3e:13:a3:f2  txqueuelen 1000  (Ethernet)
        RX packets 722466  bytes 620939057 (592.1 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 456232  bytes 194335800 (185.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The above is the difference view of docker's namespace.

If you are asked about Docker in an interview, namespace is basically a must. The above is just the tip of the iceberg.