结论:一个pod中的不同容器共享pod的网络名称空间。
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
- name: bbox
image: busybox:latest
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- "sleep 86400"
共有两个容器,一个为nginx,另一个为busybox
kubectl exec pod-demo bbox -it -- /bin/sh #-it 在前台运行终端 ; --后面需要有空格
#docker命令 docker exec web -it /bin/bash
/ # ps aux
PID USER TIME COMMAND
1 root 0:00 nginx: master process nginx -g daemon off;
6 nginx 0:00 nginx: worker process
17 root 0:00 /bin/sh
22 root 0:00 ps aux
/ # netstat -tnl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
/ # wget -O - -q 127.0.0.1
Hello MyApp | Version: v1 | Pod Name
bbox中并未安装对外的服务,但在查看网络状态时,可以发现80口被监听。因为bbox和myapp共用一个网络名称空间。
结论:别光想结果会怎样,先考虑总体架构,再决定怎么写配置。
b站上看到一条弹幕说一个pod加2个ngx, 显示的内容不一样,最后去访问结果会怎样。其实我第一反应就是端口冲突。可还是想看看具体现象。
测试配置:
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
spec:
containers:
- name: ngx #ngx默认配置,端口80
image: nginx:latest
imagePullPolicy: IfNotPresent
- name: myapp # 端口也是80
image: ikubernetes/myapp:v1
imagePullPolicy: IfNotPresent
- name: bbox #乱入的bbox,可以忽略
image: busybox:latest
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- "sleep 86400"
使用apply以后查看pod状态,此处看到一个 CrashLoopBackOff状态。 且3个容器有1个未在运行。
[root@test basic]# kubectl get pods
NAME READY STATUS RESTARTS AGE
pod-demo 2/3 CrashLoopBackOff 4 2m3s
看看log,典型的端口冲突提示。
[root@test basic]# kubectl logs pods/pod-demo ngx
2020/05/05 15:36:42 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
2020/05/05 15:36:42 [emerg] 1#1: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)