Shulou(Shulou.com)06/02 Report--

Kubelet initiates the process from the creation command to the actual creation and startup of the container

Process content analysis

Kubelet initiates the creation of a container by calling dockershim through gRPC. CRI is the container runtime interface (container runtime interface). Currently, the code of dockershim is embedded in kubele, so it is the kubelet process that accepts the creation of containers.

Dockershim converts the command to create the container into a command that docker daemon can recognize, and then sends it to docker daemon to create the container.

After version 1.12, docker daemon distributes the command to create the container to another process: comtainerd.

After containerd receives the command to create the container, it creates another process: the containerd-shim process, which executes the specific creation command, and the containerd process exists as the parent process.

When creating a container, namespace is required to isolate the resources needed for container startup and creation, and cgroup limits the container to use operations such as the size of resources. There is a public specification OCI (open container initivtive Open Container Standard) for these things, and one of its reference implementations is called runc. So containerd--shim needs to call the runc command at this step to start the container.

Runc exits directly after starting the container, and containerd-shim becomes the parent of the container process. It collects the status of the container process, reports it to contanierd, and takes over the child processes in the container after the process with a pid of 1 exits to ensure that there are no zombie processes.

The concepts of two nouns are easy to be confused.

CRI: container runtime interface container runtime interface

Its main functions are:

1. Interfaces for container operations, including creation, start and stop of containers, etc.

2. Pull or delete images for mirror operations.

3. For podsandbox (container sandbox environment)

OCI: open Container Standard open container initiative

Main function, making containers

Container image production content, that is, imagespec

What instructions the container needs to receive, that is, runtimespec

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.