Containers and Docker why we need POD?

To get a fully understanding about kubernetes we need to first understand what is behind Docker and POD concept. I'll try to summarize some of the important concept because in internet you can find more detailed articles!

Many of you heard about docker first and after containers, but the core thing is container concept not Docker and the next question is why we need another abstraction like POD?!?!?

Let's talk about containers! Container is concept introduced in linux kernel long time ago and it's not a primitive but a term to describe the combination of two important feature of the linux kernel:
  • cgroups
  • namespaces
cgroups and namespace are first class object used to create an isolated process with its own view of the host resources such as, network and disk and limit host resource usage for example how much memory this process can manage.

To create a container without the help of docker we can use the syscall "unshare" :
  • unshare --fork --pid --mount-proc bash
this command create a bash with the pid namespace , if I ran ps -aux

root@michele:~# ps aux
root         1  0.0  0.0  17723  2396 pts/6    S    23:01   0:00 bash
root         2  0.0  0.0  18992  3157 pts/6    R+   23:01   0:00 ps aux

as you can see only two process are active in this container : )

From the network namespace perspective a container has a new ip address different from the host ip, if your host has 100 containers they must have 100 different ip address!!

Now you can understand why docker is an important piece in manage containers, with docker is really simple run a container "image" like ubuntu , debian or redis, but I kindly suggest to read these articles to understand how to mount a debian container from scratch without docker , and the same steps with Docker

Docker not only simplify containers management, but you can create your own images in a standard way so all can people in your company or outside can contribute in fix bugs or improve it, and recently you can run the same image in different operative system.

Why POD abstraction?

From Linux / Windows perspective container (remeber  is not really true) is the first small unit, for kubernetes POD is the smallest unit. A POD in kubernetes can "contain" different "containers" ( I like the joke in this statement ) How it's possible? How it works in kubernetes?

How it's possible? when you create via unshare or docker a container you can create a second container that share namespace across the first, in docker this is possible in this way:
  • docker run -d --name=first_container busybox sleep 3600
  • docker run -d --name=second_container_with_same_ip --net=container:first_container busybox sleep 3600
Now if we execute ifconfig on the second container  with docker exec -ti second_container_with_same_ip ifconfig you should see the second container inherited the same IP from the first container because with the --net option we are able to interact with the network namespace via docker.

How it works in kubernetes? When we group different containers under the same POD, these containers share the network namespace with a particular standard container called "pause container". In Kubernetes, the pause container is used as the parent container like in my past example for all of the containers in the POD. This container has two important mission:
  • Sharing namespace of all containers in the pod.
  • With PID namespace shared, can clean all the zombie process because the PID 1 is in the pause container.
This is great because grouping containers it seems like to create a small virtual machine, all container in the same POD communicate via localhost and route all the network traffic from the IP of the inherited by the pause container. In other words kubernetes shift the ip model from one IP per container to one IP per POD which is a good simplification!

On the next post I'll explain some core aspect about networking in kubernetes.


Popular posts from this blog

Happy Easter Think2018!

New job new life same commitment

Last steps to install IBM Cloud Private v2.1