Kubernetes中的Pod简易理解

Pod是Kubernetes中非常重要的概念，也是Kubernetes管理的基本单位。正如其名，Pod像一个豌豆荚，可以容纳多个container，拥有相同的IP地址。

Kubernetes使用Pod，不直接使用container。而Container的技术本质是Linux namespace和 cgroup。namespace提供进程间资源的隔离，让进程自认为拥有独立的全部资源；而实质上进程是能够使用多少资源，则由cgroup进行限制。

现在，Pod要容纳多个Container，必然要共享资源。前面我们知道，Container想要拥有独立的资源，对Linux资源进行了拆分，而今因为Pod的提出，又需要将某些资源共享起来，也就是在原来的隔离环境中再整合在一起。

那么，在Pod中如何进行资源的共享呢？

Pod引入了pause容器。

root@k8s:/# docker ps
CONTAINER ID   IMAGE                                               COMMAND                  CREATED        STATUS        PORTS     NAMES
aa5d3554b60d   404fc3ab6749                                        "/opt/bin/flanneld -â¦"   27 hours ago   Up 27 hours             k8s_kube-flannel_kube-flannel-ds-th8cd_kube-system_322a7b3b-01b3-4902-9ac8-f14ed2eecec6_0
f1f6cbfce9c4   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 27 hours ago   Up 27 hours             k8s_POD_kube-flannel-ds-th8cd_kube-system_322a7b3b-01b3-4902-9ac8-f14ed2eecec6_0
de1d18ca0405   b46c42588d51                                        "/usr/local/bin/kubeâ¦"   28 hours ago   Up 28 hours             k8s_kube-proxy_kube-proxy-9rjpc_kube-system_bd7d444b-20e3-4e4a-ab9e-8af4dce6b47a_0
a60b297d572d   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 28 hours ago   Up 28 hours             k8s_POD_kube-proxy-9rjpc_kube-system_bd7d444b-20e3-4e4a-ab9e-8af4dce6b47a_0
c14bff92e79b   b6d7abedde39                                        "kube-apiserver --adâ¦"   28 hours ago   Up 28 hours             k8s_kube-apiserver_kube-apiserver-master_kube-system_d6f2f822def6f57249e6789960cadda9_0
77fb48469b2b   f51846a4fd28                                        "kube-controller-manâ¦"   28 hours ago   Up 28 hours             k8s_kube-controller-manager_kube-controller-manager-master_kube-system_85ff8159d8c894c53981716f8927f187_0
db450e4928f8   25f8c7f3da61                                        "etcd --advertise-clâ¦"   28 hours ago   Up 28 hours             k8s_etcd_etcd-master_kube-system_1d7ec9e1c409f497753e8635eb01ed02_0
00383cb94409   71d575efe628                                        "kube-scheduler --auâ¦"   28 hours ago   Up 28 hours             k8s_kube-scheduler_kube-scheduler-master_kube-system_77a51208064a0e9b17209ee62638dfcd_0
e8f4474d43bf   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 28 hours ago   Up 28 hours             k8s_POD_kube-controller-manager-master_kube-system_85ff8159d8c894c53981716f8927f187_0
ba10a2d6709f   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 28 hours ago   Up 28 hours             k8s_POD_etcd-master_kube-system_1d7ec9e1c409f497753e8635eb01ed02_0
c1250096678e   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 28 hours ago   Up 28 hours             k8s_POD_kube-apiserver-master_kube-system_d6f2f822def6f57249e6789960cadda9_0
06a9cd375a35   registry.aliyuncs.com/google_containers/pause:3.6   "/pause"                 28 hours ago   Up 28 hours             k8s_POD_kube-scheduler-master_kube-system_77a51208064a0e9b17209ee62638dfcd_0


root@k8s:/# ps -el | grep pause
4 S 65535 16718 16694  0  80   0 -   242 pause  ?        00:00:00 pause
4 S 65535 16824 16761  0  80   0 -   242 pause  ?        00:00:00 pause
4 S 65535 16864 16773  0  80   0 -   242 pause  ?        00:00:00 pause
4 S 65535 16874 16762  0  80   0 -   242 pause  ?        00:00:00 pause
4 S 65535 17580 17551  0  80   0 -   242 pause  ?        00:00:00 pause
4 S 65535 20614 20588  0  80   0 -   242 pause  ?        00:00:00 pause

Kubernetes官方给出的Pause容器的解释是：

it's part of the infrastructure. This container is started first in all Pods to setup the network for the Pod.

也就是pause容器作为基础设施，在Pod中会第一个启动，以提供Pod的网络共享空间。

后续的容器则以“加入”的方式，共享该Pod资源。

讲述Pod比较清晰的文章：

What even is a container: namespaces and cgroups
https://jvns.ca/blog/2016/10/10/what-even-is-a-container/
What are Kubernetes Pods Anyway?
https://www.ianlewis.org/en/what-are-kubernetes-pods-anyway
The Almighty Pause Container
https://www.ianlewis.org/en/almighty-pause-container