About csgroup & namespace

--- tags: 1082, lsa --- - Book mode https://hackmd.io/@ncnu-opensource/book About csgroup & namespace === [TOC] ## Q1：cgroup & namespace 的實際差別與相互關係？ ### Answer - 每個 Container 可能都有自己的 cgroup namespace 與 net namespace 等等，藉以區分不同的 Container，host 也有自己的 cgroup ![](https://i.imgur.com/u0dYYIf.png) - 建議搭配文件 [CHAPTER 81. UNDERSTANDING CONTROL GROUPS | Red Hat](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/system_design_guide/understanding-control-groups_setting-limits-for-applications) 查看 `cgroup` 定義，及參考 [CHAPTER 82. WHAT KERNEL RESOURCE CONTROLLERS ARE | Red Hat](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/system_design_guide/what-kernel-resource-controllers-are_setting-limits-for-applications) 瞭解 Linux 是透過哪些 conroller 管理其 CPU/Memory/IO/Network resources。 ### 額外補充： - Cgroups：limit how much you can use - Resourse metering and limiting - memory - CPU - block I/O - **network** - Device node (/dev/*) access control - Namespace：limit what you can see (and therefore use) - provide processes with their own view of system - Multiple namespcaes: - pid - net - mnt - uts - ipc - user - Each process is in one namespace of each type ### Example: ![](https://i.imgur.com/0Ic73A5.png) ## Q2：有沒有可能讓 Container 共用 IP ### Answer - 可以 - 可以先開啟一台 container 此時會分配給他一個 IP，接著開一個沒有 IP 的 container(可以在建立時設 net)，將沒有 IP 的 container link 到有 IP 的 container 的 namespace (或許可以在剛開始開啟時設定，但要查 command 參數) ## Q3：k8s Container 間可以用 localhost 互相訪問，Why？ - web 可以直接用 `localhost:3306` 訪問 DB，Why？ ![](https://i.imgur.com/Myw3kB0.png) ### Answer - 由於他們共用 `namespace`，並且一個 pod 內部只有一個 ip，旁邊可能會有 `pause container` 負責 link (k8s 處理) 內部其餘 container ## Q4： k8s 簡易架構圖 ![](https://i.imgur.com/rPsfics.png) - 想快速瞭解 k8s 可參考 [Load balancing and scaling long-lived connections in Kubernetes ](https://learnk8s.io/kubernetes-long-lived-connections) ## Reference 1. [CHAPTER 81. UNDERSTANDING CONTROL GROUPS | Red Hat](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/system_design_guide/understanding-control-groups_setting-limits-for-applications) 1. [CHAPTER 82. WHAT KERNEL RESOURCE CONTROLLERS ARE | Red Hat](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/system_design_guide/what-kernel-resource-controllers-are_setting-limits-for-applications) 1. [namespace | Linux man-page](https://www.man7.org/linux/man-pages/man7/namespaces.7.html) 1. [Linux namespaces(wiki)](https://en.wikipedia.org/wiki/Linux_namespaces#Network_(net)) 1. [Containers：cgroups, Linux kernel namespaces, ufs, Docker, and intro to Kubernetes pods](https://www.youtube.com/watch？v=el7768BNUPw) 1. [The Almighty Pause Container ](https://www.ianlewis.org/en/almighty-pause-container) 1. [Pods | Kubernetes](https://kubernetes.io/docs/concepts/workloads/pods/pod/) 1. [Docking A Docker Container — Part 2 ：Namespace, cgroup](https://medium.com/@tomdeore/docking-a-docker-container-part-2-c1206e7c6677) 1. [Load balancing and scaling long-lived connections in Kubernetes](https://learnk8s.io/kubernetes-long-lived-connections)