| ▲ | akdev1l 3 days ago | |||||||
network isolation is very important too, that’s what lets people run 4 containers all listening on port 80 process isolation is less prominent | ||||||||
| ▲ | vbezhenar 3 days ago | parent | next [-] | |||||||
You can bind your application to 127.0.0.2 for one container and to 127.0.0.3 for another container. Both can listen on port 80 and both can communicate with each other. And you can run another container, binding to 1.2.3.4:80 and using it as reverse-router. You can use iptables/nftables to prevent undesired connections and manually (or with some scripting) crafted /etc/hosts for named hosts to point to those loopback addresses. Or just DNS server. It's all doable. The only thing that you need is the ability to configure a target application to choose address to bind to. But any sane application have that configuration knob. Of course things are much easier with network namespaces, but you can go pretty far with host network (and I'd say it might be easier to understand and manage). | ||||||||
| ||||||||
| ▲ | mikepurvis 3 days ago | parent | prev | next [-] | |||||||
Process isolation is more about load management/balancing, which is more of a production concern than a development one. | ||||||||
| ▲ | huflungdung 2 days ago | parent | prev [-] | |||||||
[dead] | ||||||||