Containers and Docker why we need POD?

To get a fully understanding about kubernetes we need to first understand what is behind Docker and POD concept. I'll try to summarize some of the important concept because in internet you can find more detailed articles!

Many of you heard about docker first and after containers, but the core thing is container concept not Docker and the next question is why we need another abstraction like POD?!?!?

Let's talk about containers! Container is concept introduced in linux kernel long time ago and it's not a primitive but a term to describe the combination of two important feature of the linux kernel:
  • cgroups
  • namespaces
cgroups and namespace are first class object used to create an isolated process with its own view of the host resources such as, network and disk and limit host resource usage for example how much memory this process can manage.

To create a container without the help of docker we can use the syscall "unshare" :
  • unshare --fork --pid --mount-proc bash
this command create a bash with the pid namespace , if I ran ps -aux

root@michele:~# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  17723  2396 pts/6    S    23:01   0:00 bash
root         2  0.0  0.0  18992  3157 pts/6    R+   23:01   0:00 ps aux

as you can see only two process are active in this container : )

From the network namespace perspective a container has a new ip address different from the host ip, if your host has 100 containers they must have 100 different ip address!!

Now you can understand why docker is an important piece in manage containers, with docker is really simple run a container "image" like ubuntu , debian or redis, but I kindly suggest to read these articles to understand how to mount a debian container from scratch without docker , and the same steps with Docker

Docker not only simplify containers management, but you can create your own images in a standard way so all can people in your company or outside can contribute in fix bugs or improve it, and recently you can run the same image in different operative system.

Why POD abstraction?

From Linux / Windows perspective container (remeber  is not really true) is the first small unit, for kubernetes POD is the smallest unit. A POD in kubernetes can "contain" different "containers" ( I like the joke in this statement ) How it's possible? How it works in kubernetes?

How it's possible? when you create via unshare or docker a container you can create a second container that share namespace across the first, in docker this is possible in this way:
  • docker run -d --name=first_container busybox sleep 3600
  • docker run -d --name=second_container_with_same_ip --net=container:first_container busybox sleep 3600
Now if we execute ifconfig on the second container  with docker exec -ti second_container_with_same_ip ifconfig you should see the second container inherited the same IP from the first container because with the --net option we are able to interact with the network namespace via docker.

How it works in kubernetes? When we group different containers under the same POD, these containers share the network namespace with a particular standard container called "pause container". In Kubernetes, the pause container is used as the parent container like in my past example for all of the containers in the POD. This container has two important mission:
  • Sharing namespace of all containers in the pod.
  • With PID namespace shared, can clean all the zombie process because the PID 1 is in the pause container.
This is great because grouping containers it seems like to create a small virtual machine, all container in the same POD communicate via localhost and route all the network traffic from the IP of the inherited by the pause container. In other words kubernetes shift the ip model from one IP per container to one IP per POD which is a good simplification!

On the next post I'll explain some core aspect about networking in kubernetes.


Comments

Post a Comment

Popular posts from this blog

IBM and Red Hat long story, long love, now married!

Most of the people thinking about opensource they think in my perspective mostly to Red Hat and other company rather than IBM. IBM is really active in opensource for a long time, helped Apache Foundation , Eclipse Foudation collaborate with the Linux Foundation and Red Hat as well. I think I can create a different long post to describe how is active and how helped opensource in different way. We can analyze  this acquisition from different perspective, from Financial to  Development. My personal point of view ( from a Cloud Architect ) most of the application around the world in banking, assurance and not only are java based, think about java in cloud in the past Year could be hard. Right now we can talk about java in the cloud with opensource project like OpenJ9 and OpenLiberty and the community behind. If you think about moving from on premise to cloud or from monolitch to microservice you can't say " well it's time to rework " because you are throwing years o
Read more

MY EXPERIENCE @ HYBRID CLOUD SUMMIT IN ZURICH

Image
I can simply say “it was a great experience” and based on the audience probably people can trust me, but let's go deeper into the event. My favorite part of the event was the panel session with cloud discussions and question answer about slides and example presented during the session. Based on discussion the most relevant general questions are: Adoption: best practices on adopting cloud technologies Development: how to develop cloud applications in the right way and how we can enable fresh people into this great world IBM and Forrester gave a lot of answers because there are different aspects and factors we need to cover when we talk about cloud development and adoption, let me share some of these: Security: 12 factor principle is the main manifesto to follow Digital Experience: in cloud you need to create applications user centric Performance: in cloud you need to give best experience to the end user in every part of the world Microservice: rework of the legacy
Read more

Kubernetes Persistent Volumes and Claims

In a distrubuted system, storage isn't simple to manage without a good abstraction, kubernetes offer an object called persistent volume to let pod to reclaim storage for persisting data. In the pod definition you can define your volume type with another object called persistentVolumeClaim where you can define type size and many other things. There are different phase in the persistent storage lifecycle: Provisioning : when an administrator create a Persistent Volume or a cloud resource dynamically request Binding : when a PVC is created  k8s control loop watch if there are Persisten Volume matching the PVC  and bind them together. Use : when the bound volume is mounted in to the pod Releasing : whene the POD is done and an API request is sent to delete the related bound PVC, the volume in this stage remains Reclaim : there are three options related to this state: - Retain:  keep data interact and allow an administrato to handle data from storage - Delete:  tells the volume
Read more