Understand network namespaces

We eat out , There are many tables in the hall , So these people share one " Dining space ".

If we go to the private room for dinner , Every private room is a " Dining space ", Private rooms and private rooms , Private rooms and halls are independent , non-interfering .

For a system , All applications in this system, whether wechat or QQ, they “ All eat in the hall ”, They share a “ Dining space ”, What we want to say about cyberspace is similar to that here “ Dining space ”.

If you run two here web Applications , For example, first run nginx, Run again apache, Because they are in the same cyberspace , therefore apache It doesn't work , Because it will cause port conflict , One mountain can't hold two tigers .

If we run three virtual machines in the host , The network space of the host computer is “ hall ”, Every virtual machine is “ Private Room ”, They have their own independent cyberspace , So we ran on the host nginx, Run on three virtual machines respectively nginx perhaps apache There will be no conflict , Because they are in their own cyberspace .

The same is true for the corresponding container .

If we run three containers in the host , The network space of the host computer is “ hall ”, Every container is “ Private Room ”, They have their own independent cyberspace , So we ran on the host nginx, Run on three virtual machines respectively nginx perhaps apache There will be no conflict , Because they are in their own cyberspace .

If we put the container C1 and C2 Give it your head “ cut off ”, It's like tearing down the doors of two private rooms , Then these containers share the network space of the host . Suppose that c1 It's running nginx Words , What he occupies is the port of the host 80, that C2 Or the host cannot run nginx perhaps apache 了 , Because they share a cyberspace , port 80 It's already occupied , But it doesn't affect C3 Up operation apache perhaps nginx.

For some C/S For the application of architecture , We install the client on k8s In the cluster pod Way to run , The server may be running on a host or virtual machine outside the cluster , Here's the picture .

Then someone will say , These agents can connect to the server , But the server can't contact these agents, so what should I do ？ In fact, we are creating these agents pod when , Just set these pod Just use the network space of the host , That is to say pod Of .spec. Add below hostNetwork: true, Access the server in this way IP You can access these pod 了 .