pause container have pid 1 in the pod?-CodePudding

[root@k8s001 ~]# docker exec -it f72edf025141 /bin/bash
root@b33f3b7c705d:/var/lib/ghost# ps aux`enter code here`
USER        PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root          1  0.0  0.0   1012     4 ?        Ss   02:45   0:00 /pause
root          8  0.0  0.0  10648  3400 ?        Ss   02:57   0:00 nginx: master process nginx -g daemon off;
101          37  0.0  0.0  11088  1964 ?        S    02:57   0:00 nginx: worker process
node         38  0.9  0.0 2006968 116572 ?      Ssl  02:58   0:06 node current/index.js
root        108  0.0  0.0   3960  2076 pts/0    Ss   03:09   0:00 /bin/bash
root        439  0.0  0.0   7628  1400 pts/0    R    03:10   0:00 ps aux

The display come from internet, it says pause container is the parent process of other containers in the pod, if you attach pod or other containers, do ps aux, you would see that. Is it correct, I do in my k8s,different, PID 1 is not /pause.

CodePudding user response：

By default, Docker will run your entrypoint (or the command, if there is no entrypoint) as PID 1. However, that is not necessarily always the case, since, depending on how you start the container, Docker (or your orchestrator) can also run its custom init process as PID 1:

$ docker run -d --init --name test alpine sleep infinity
849efe38ecec439550738e981065ec4aff55ef5607f03b9fed975e2d3146b9b0
$  with-docker docker exec -ti test ps
PID   USER     TIME  COMMAND
    1 root      0:00 /sbin/docker-init -- sleep infinity
    7 root      0:00 sleep infinity
    8 root      0:00 ps

For more information on why you would want your entrypoint not to be PID 1, you can check this explanation from a tini developer:

Now, unlike other processes, PID 1 has a unique responsibility, which is to reap zombie processes.

Zombie processes are processes that:

Have exited.

Were not waited on by their parent process (wait is the syscall parent processes use to retrieve the exit code of their children).

Have lost their parent (i.e. their parent exited as well), which means they'll never be waited on by their parent.

CodePudding user response：

...Is it correct, I do in my k8s,different, PID 1 is not /pause.

This has changed, pause no longer hold PID 1 despite being the first container created by the container runtime to setup the pod (eg. cgroups, namespace etc). Pause is isolated (hidden) from the rest of the containers in the pod regardless of your ENTRYPOINT/CMD. See here for more background information.