Home > Software engineering >  why there are two containers corresponding to a k8s pod?
why there are two containers corresponding to a k8s pod?

Time:05-01

Whenever i do a "docker ps -a", i see two containers corresponding to pod, here the pod has only container. Typically, the two containers listed under "docker ps" has the following prefixes:- k8s_POD_kubernetes-<POD_NAME> and k8s_kubernetes-<POD_NAME>

Can someone help me understand why we see two entries in "docker ps" ?

CodePudding user response:

The _POD_ one is the only one with the Pod's IP address, the others are every workload container from the PodSpec's container: and initContainer: arrays, since one of the contracts of Kubernetes is that all containers in a Pod share the same network identity

The nitty gritty of that involves the different namespaces in the Linux kernel that make "containers" operate, with cgroups for cpu, memory, process ids, and network stack. Just like nsenter allows the host to temporarily switch its cgroup into a container's cgroup, so does the container runtime mechanism have the "sibling" containers in a Pod switch into the allocated networking cgroup of that "sandbox" container, otherwise traffic sent from container[0] and container[1] would appear as different hosts, violating that network identity promise

That's also why a container within a Pod can restart without the Pod losing its IP address and .metadata.name because only the workload containers are restarted, the _POD_ version remains running. It's also why you'll always see k8s.gcr.io/pause images in your Node's docker images list, because that container is designed to "do nothing" except exist

Page link:https//www.codepudding.com/Softwareengineering/391290.html

Prev:How to properly get the ID of the fragment the button is assigned to
Next:How do I get this flex container to wrap in React?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding