What work does the process in container “gcr.io/google_containers/pause:0.8.0” do?

前端 未结 3 1496
醉话见心
醉话见心 2020-12-02 17:10

I have known clearly about the usage of the docker option --net=container:NAME_or_ID, I also have read the source code of kubernetes about how to configure the

相关标签:
3条回答
  • 2020-12-02 17:27

    Quoting from What is the role of 'pause' container?:

    The pause container is a container which holds the network namespace for the pod. It does nothing 'useful'. (It's actually just a little bit of assembly that goes to sleep and never wakes up)

    This means that your 'apache' container can die, and come back to life, and all of the network setup will still be there. Normally if the last process in a network namespace dies the namespace would be destroyed and creating a new apache container would require creating all new network setup. With pause, you'll always have that one last thing in the namespace.

    0 讨论(0)
  • 2020-12-02 17:34

    The Dockerfile is here: it just adds pause binary to an empty container.

    The pause code is here: it just waits until it receives SIGINT or SIGTERM.

    0 讨论(0)
  • 2020-12-02 17:43

    In Kubernetes, each pod has an IP and within a pod there exists a so called infrastructure container, which is the first container that the Kubelet instantiates and it acquires the pod’s IP and sets up the network namespace. All the other containers in the pod then join the infra container’s network and IPC namespace. The infra container has network bridge mode enabled and all the other containers in the pod share its namespace via container mode. The initial process that runs in the infra container does effectively nothing since its sole purpose is to act as the home for the namespaces.

    0 讨论(0)
提交回复
热议问题