pause container effect

1. Concept

　　Pause container Full infrastucture container (called infra) underlying container.

　　As the presence of the init pod, other pod from the fork will pause the container.

　　Each Pod running in a special container called Pause, compared with other containers service container, the container of services share Pause Volume network stack and mounted volumes, the communication and data exchange between them more efficient in the design we can take advantage of this feature will be a group of closely related service process into the same in a Pod. Localhost only be able to communicate with each other between a Pod in the same container.

 　　

kubernetes pause in each container service container provides the following functions mainly: 

PID namespace: Pod different applications can see the processes of other applications ID. 

Network namespaces: a plurality of containers in Pod can access the same IP and port range. 

IPC namespaces: a plurality of containers can be used in a Pod or POSIX message queues SystemV IPC communication. 

UTS namespaces: a plurality of containers Pod shared a host name; Volumes (shared storage volume): 

Pod in each container can be accessed in Volumes defined level Pod.

　　

 

 

2. Examples

　　Check the nod node when we will find that each node runs a lot of pause container, for example, as follows.

$ docker ps
CONTAINER ID        IMAGE                                                                                                                    COMMAND                  CREATED             STATUS              PORTS               NAMES
2c7d50f1a7be        docker.io/jimmysong/<a href="/cdn-cgi/l/email-protection" data-cfemail="bfd7dadecfcccbdacd92d8cdded9ded1de92ded2db898bffccd7de8d8a89">[email protected]</a>:d663759b3de86cf62e64a43b021f133c383e8f7b0dc2bdd78115bc95db371c9a       "/run.sh"                3 hours ago         Up 3 hours                              k8s_grafana_monitoring-influxdb-grafana-v4-5697c6b59-76zqs_kube-system_5788a3c5-29c0-11e8-9e88-525400005732_0
5df93dea877a        docker.io/jimmysong/<a href="/cdn-cgi/l/email-protection" data-cfemail="7119141001020514035c181f171d040915135c101c15474531021910434447">[email protected]</a>:a217008b68cb49e8f038c4eeb6029261f02adca81d8eae8c5c01d030361274b8      "influxd --config ..."   3 hours ago         Up 3 hours                              k8s_influxdb_monitoring-influxdb-grafana-v4-5697c6b59-76zqs_kube-system_5788a3c5-29c0-11e8-9e88-525400005732_0
9cec6c0ef583        jimmysong/pause-amd64:3.0                                                                                                "/pause"                 3 hours ago         Up 3 hours                              k8s_POD_monitoring-influxdb-grafana-v4-5697c6b59-76zqs_kube-system_5788a3c5-29c0-11e8-9e88-525400005732_0
54d06e30a4c7        docker.io/jimmysong/<a href="/cdn-cgi/l/email-protection" data-cfemail="f9928c9b9c8b979c8d9c8ad49d988a919b96988b9dd498949dcfcdb98a9198cbcccf">[email protected]</a>:668710d034c4209f8fa9a342db6d8be72b6cb5f1f3f696cee2379b8512330be4   "/dashboard --inse..."   3 hours ago         Up 3 hours                              k8s_kubernetes-dashboard_kubernetes-dashboard-65486f5fdf-lshl7_kube-system_27c414a1-29c0-11e8-9e88-525400005732_0
5a5ef33b0d58        jimmysong/pause-amd64:3.0  

　　

kubernetes pause in each container service container provides the following functions mainly:

1. Linux as the basis of the pod in a shared namespace; 
2. Enable pid namespace, open the init process.

　

We first run a pause container on the node.

#docker run -d --name pause -p 8880:80 jimmysong/pause-amd64:3.0

　　

And then run a container nginx, nginx will  create a proxy. localhost:2368

# cat <<EOF >> nginx.conf
error_log stderr;
events { worker_connections  1024; }
http {
    access_log /dev/stdout combined;
    server {
        listen 80 default_server;
        server_name example.com www.example.com;
        location / {
            proxy_pass http://127.0.0.1:2368;
        }
    }
}
EOF

# docker run -d --name nginx -v `pwd`/nginx.conf:/etc/nginx/nginx.conf --net=container:pause --ipc=container:pause --pid=container:pause nginx

　　

Then for the ghost  to create an application container, this is a blog software. 

# docker run -d --name ghost --net=container:pause --ipc=container:pause --pid=container:pause ghost

　　

Now visit http: // localhost: 8880 /  can see the ghost of the blog interface. 

pause to map the interior of the container port 80 to host the 8880 port, after the pause containers set up on the host network namespace, nginx vessel added to the network namespace, we see nginx container start time is specified  , ghost vessel Also added to the network namespace, so that three containers on a shared network, you can use each other  to communicate directly,  is three vessels in the same namespace in, init process is  , then we enter into the ghost container to see the process Happening. --net=container:pause localhost --ipc=contianer:pause --pid=container:pause pause

# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   1024     4 ?        Ss   13:49   0:00 /pause
root         5  0.0  0.1  32432  5736 ?        Ss   13:51   0:00 nginx: master p
systemd+     9  0.0  0.0  32980  3304 ?        S    13:51   0:00 nginx: worker p
node        10  0.3  2.0 1254200 83788 ?       Ssl  13:53   0:03 node current/in
root        79  0.1  0.0   4336   812 pts/0    Ss   14:09   0:00 sh
root        87  0.0  0.0  17500  2080 pts/0    R+   14:10   0:00 ps aux

At the same time you can see the process pause and nginx container in ghost container and the container is 1 PID pause. In kubernetes in PID process container = 1 is the business process container itself.