Run a Sidecar Container in the Namespace of Another Container

by Ivan Velichko

Premium Challenge

Upgrade your membership to unlock this and all other premium materials.

Upgrade

While there might be no immediate practical use for this in a regular Docker workflow, sharing namespaces between containers is a widely used technique employed by:

Kubernetes Pods, including ephemeral containers
Container debugging tools (cdebug, docker debug, kubectl debug, etc.)
Infrastructure projects (e.g., iximiuz Labs playground engine)

In this challenge, you'll need to start a new container in the namespaces of another, already running container, effectively making it a sidecar:

The target container is a simple HTTP API server that already runs in the background
You need to start a new container, called sidecar, that runs an interactive shell inside
You can use any image for the sidecar container (busybox or alpine are good choices)
The sidecar container should share the PID, IPC, and network namespaces of the target container (instead of creating its own)

Good luck!

Hint: How to reproduce "docker exec" with "docker run"

The below slides reveal the magic behind the cdebug tool, in particular, showing how to reproduce the docker exec-like functionality with the docker run command by starting a new container in the target container's namespaces:

How to reproduce 'docker exec' with 'docker run' (slide 1)

How to reproduce 'docker exec' with 'docker run' (slide 2)

How to reproduce 'docker exec' with 'docker run' (slide 3)

How to reproduce 'docker exec' with 'docker run' (slide 4)

How to reproduce 'docker exec' with 'docker run' (slide 5)

1 2 3 4 5

Start challenge