k8s的pod内部隔离

yaml片段如下

spec:
  containers:
  - image: docker.io/kennethreitz/httpbin
    imagePullPolicy: IfNotPresent
    name: httpbin
    ports:
.....
.....
    image: docker.io/istio/proxyv2:1.14.3
    imagePullPolicy: IfNotPresent
    name: istio-proxy
    resources:
......
......

通过查看1号进程的名称空间id，可知该pod内两个容器之间哪些名称空间相互隔离，哪些相互共用

root@k8s-master01:~# kubectl exec -it httpbin-64688bd4c9-8qqj4  -c httpbin -- bash
root@httpbin-64688bd4c9-8qqj4:/# ll /proc/1/ns/
total 0
dr-x--x--x 2 root root 0 Dec 11 08:11 ./
dr-xr-xr-x 9 root root 0 Dec 11 08:11 ../
lrwxrwxrwx 1 root root 0 Dec 11 08:11 cgroup -> 'cgroup:[4026531835]'
lrwxrwxrwx 1 root root 0 Dec 11 08:11 ipc -> 'ipc:[4026532765]'
lrwxrwxrwx 1 root root 0 Dec 11 08:11 mnt -> 'mnt:[4026533133]'
lrwxrwxrwx 1 root root 0 Dec 11 08:11 net -> 'net:[4026532768]'
lrwxrwxrwx 1 root root 0 Dec 11 08:11 pid -> 'pid:[4026533155]'
lrwxrwxrwx 1 root root 0 Dec 11 08:11 pid_for_children -> 'pid:[4026533155]'
lrwxrwxrwx 1 root root 0 Dec 11 08:11 user -> 'user:[4026531837]'
lrwxrwxrwx 1 root root 0 Dec 11 08:11 uts -> 'uts:[4026533134]'
root@httpbin-64688bd4c9-8qqj4:/# exit
exit
root@k8s-master01:~# kubectl exec -it httpbin-64688bd4c9-8qqj4  -c istio-proxy -- bash
istio-proxy@httpbin-64688bd4c9-8qqj4:/$ ll /proc/1/ns/
total 0
dr-x--x--x 2 istio-proxy istio-proxy 0 Dec 11 08:12 ./
dr-xr-xr-x 9 istio-proxy istio-proxy 0 Dec 11 08:12 ../
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 cgroup -> 'cgroup:[4026531835]'
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 ipc -> 'ipc:[4026532765]'
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 mnt -> 'mnt:[4026533156]'
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 net -> 'net:[4026532768]'
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 pid -> 'pid:[4026533158]'
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 pid_for_children -> 'pid:[4026533158]'
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 user -> 'user:[4026531837]'
lrwxrwxrwx 1 istio-proxy istio-proxy 0 Dec 11 08:12 uts -> 'uts:[4026533157]'