Key Concepts: container within the Pod is a relationship of equality, sharing Network Namespace, share files
The main role of the container pause: Create a shared network namespace for an equal relationship to join the network name space to other vessel
pause process is the parent of all the pod in the container (i.e., the first process);
About Pod most important fact is: it's just a logical concept.
Pod in Kubernetes project there are still more important, that is: container design patterns;
So, Pod and how he has been "created" out of it?
The answer is: Pod, in fact, is a set of shared some container resources.
Specifically: Pod in all containers, are sharing the same Network Namespace, and may declare share the same Volume.
Given: an A, Pod B two vessels, is not identical to a container (container A) additionally share a container (container B) of the network and play method it Volume?
Well it seems to be able to achieve by docker run --net --volumes-from such a command, such as:
However, if you really do so, the container B must be started before the container A, so that a plurality of containers in a Pod is not a peer relationship, but topological relationship.
Therefore, in the Kubernetes project, Pod implementation requires use of an intermediate container, this container is called Infra container (initialization container).
In this Pod in, Infra container is always the first container is created, and other user-defined container, through the Join Network Namespace way associated with Infra container together.
Such organizational relationships, one can use this expression to the following schematic:
As shown above, the user has two containers Pod A and B, there is a Infra container.
It is easy to understand, in Kubernetes project where, Infra container must occupy very little resources, so it uses a very special mirror called: k8s.gcr.io/pause.
This image is a written in assembly language, is always in a " container suspended" state, the size of the decompressed only about 100 ~ 200 KB.
In Infra containers "Hold live (create)" after Network Namespace, user container can be added to the Network Namespace Infra among the containers.
This means that for Pod in the containers A and B is:
-
They may communicate directly localhost;
-
They see network equipment Infra container with exactly what you see;
-
A Pod only one IP address, which is the Pod's Network Namespace corresponding IP address;
-
Of course, all other network resources, is a Pod A and is shared by all of the Pod in the container;
-
Pod life cycle is only consistent with Infra container, regardless of the container A and B.