In k8s, a pod starts with a container named pause.
Pause container helps other containers share network namespace.
I know it but have a question.
What is the lifecycle of the pause container?
What I want to know is that when a pod gets crashloopbackoff or temporally doesn't work, does the pause container also stop?
If not, does the pause container maintains its own Linux namespace?
CodePudding user response:
When a pod gets
crashloopbackoffor temporally doesn't work, does the pause container also stop?
No. A CrashloopBackOff is independent of pause containers. I have reproduced this situation in Minikube with docker driver with following yaml:
apiVersion: v1
kind: Pod
metadata:
name: dummy-pod
spec:
containers:
- name: dummy-pod
image: ubuntu
restartPolicy: Always
Command kubectl get pods returns for me:
NAME READY STATUS RESTARTS AGE
dummy-pod 0/1 CrashLoopBackOff 7 (2m59s ago) 14m
Then I have logged into the node on which the crashed pod exist and run docker ps:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7985cf2b01ad k8s.gcr.io/pause:3.5 "/pause" 14 minutes ago Up 14 minutes k8s_POD_dummy-pod_default_0f278cd1-6225-4311-98c9-e154bf9b42a3_0
18eeb073fe71 6e38f40d628d "/storage-provisioner" 16 minutes ago Up 16 minutes k8s_storage-provisioner_storage-provisioner_kube-system_5c3cec65-5a2d-4881-aa34-d98e1098f17f_1
b7dd2640584d 8d147537fb7d "/coredns -conf /etc…" 17 minutes ago Up 17 minutes k8s_coredns_coredns-78fcd69978-h28mp_kube-system_f62eec5a-290c-4a42-b488-e1475d7f6ff2_0
d3acb4e61218 36c4ebbc9d97 "/usr/local/bin/kube…" 17 minutes ago Up 17 minutes k8s_kube-proxy_kube-proxy-bf75s_kube-system_39dc64cc-2eab-497d-bf13-b5e6d1dbc9cd_0
083690fe3672 k8s.gcr.io/pause:3.5 "/pause" 17 minutes ago Up 17 minutes k8s_POD_coredns-78fcd69978-h28mp_kube-system_f62eec5a-290c-4a42-b488-e1475d7f6ff2_0
df0186291c8c k8s.gcr.io/pause:3.5 "/pause" 17 minutes ago Up 17 minutes k8s_POD_kube-proxy-bf75s_kube-system_39dc64cc-2eab-497d-bf13-b5e6d1dbc9cd_0
06fdfb5eab54 k8s.gcr.io/pause:3.5 "/pause" 17 minutes ago Up 17 minutes k8s_POD_storage-provisioner_kube-system_5c3cec65-5a2d-4881-aa34-d98e1098f17f_0
183f6cc10573 aca5ededae9c "kube-scheduler --au…" 17 minutes ago Up 17 minutes k8s_kube-scheduler_kube-scheduler-minikube_kube-system_6fd078a966e479e33d7689b1955afaa5_0
2d032a2ec51d f30469a2491a "kube-apiserver --ad…" 17 minutes ago Up 17 minutes k8s_kube-apiserver_kube-apiserver-minikube_kube-system_4889789e825c65fc82181cf533a96c40_0
cd157b628bc5 6e002eb89a88 "kube-controller-man…" 17 minutes ago Up 17 minutes k8s_kube-controller-manager_kube-controller-manager-minikube_kube-system_f8d2ab48618562b3a50d40a37281e35e_0
a2d5608e5bac 004811815584 "etcd --advertise-cl…" 17 minutes ago Up 17 minutes k8s_etcd_etcd-minikube_kube-system_08a3871e1baa241b73e5af01a6d01393_0
e9493a3f2383 k8s.gcr.io/pause:3.5 "/pause" 17 minutes ago Up 17 minutes k8s_POD_kube-apiserver-minikube_kube-system_4889789e825c65fc82181cf533a96c40_0
1088a8210eed k8s.gcr.io/pause:3.5 "/pause" 17 minutes ago Up 17 minutes k8s_POD_kube-scheduler-minikube_kube-system_6fd078a966e479e33d7689b1955afaa5_0
f551447a77b6 k8s.gcr.io/pause:3.5 "/pause" 17 minutes ago Up 17 minutes k8s_POD_etcd-minikube_kube-system_08a3871e1baa241b73e5af01a6d01393_0
c8414ee790d8 k8s.gcr.io/pause:3.5 "/pause" 17 minutes ago Up 17 minutes k8s_POD_kube-controller-manager-minikube_kube-system_f8d2ab48618562b3a50d40a37281e35e_0
The pause containers are independent in the pod. The pause container is a container which holds the network namespace for the pod. It does nothing. It doesn't stop even if the pod is in the CrashLoopBackOff state. If the pause container is dead, kubernetes consider the pod died and kill it and reschedule a new one. There was no such situation here.
See also an explanation of pause containers.
CodePudding user response:
The pause container is a fully independent container like the others in the pod (other than the places where the namespaces overlap, as you mentioned). It starts when the pod is started up by the kubelet and is torn down when the pod is gone (deleted, scheduled elsewhere, whatever).