10

Kubernetes documentation describes pod as a wrapper around one or more containers. containers running inside of a pod share a set of namespaces (e.g. network) which makes me think namespaces are nested (I kind doubt that). What is the wrapper here from container runtime's perspective?

Since containers are just processes constrained by namespaces, Cgroups e.g. Perhaps, pod is just the first container launched by Kubelet and the rest of containers are started and grouped by namespaces.

gqli
  • 985
  • 3
  • 11
  • 34

2 Answers2

12

The main difference is networking, the network namespace is shared by all containers in the same Pod. Optionally, the process (pid) namespace can also be shared. That means containers in the same Pod all see the same localhost network (which is otherwise hidden from everything else, like normal for localhost) and optionally can send signals to processes in other containers.

The idea is the Pods are groups of related containers, not really a wrapper per se but a set of containers that should always deploy together for whatever reason. Usually that's a primary container and then some sidecars providing support services (mesh routing, log collection, etc).

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • Hi, Thank you for the quick answer, It seems to me that there is not much different between a pod and a container. So there is no nested namespace happening, right? as you suggested the analogy of sidecars. – gqli Jun 14 '21 at 08:20
  • 2
    You could say that the network namespace is attached to the pod and the individual containers are "nested" inside that but it doesn't really work that way. Pods vs containers is mostly a resource scheduling and allocation concern, if a pod has 3 containers and the node only has resources to fit 1, the pod will not be scheduled to that container. In Borg they were actually called `allocs` which shows the origins as an allocator feature. – coderanger Jun 14 '21 at 08:24
3

Pod is just a co-located group of container and an Kubernetes object. Instead of deploying them separate you can do deploy a pod of containers.

Best practices is that you should not actually run multiple processes via single container and here is the place where pod idea comes to a place. So with running pods you are grouping containers together and orchestrate them as single object.

Containers in a pod runs the same Network namespace (ip address and port space) so you have to be careful no to have the same port space used by two processes. This differs for example when it comes to filesystem, since the containers fs comes from the image fs. The file systems are isolated unless they will share one Volume.

acid_fuji
  • 6,287
  • 7
  • 22