Shulou(Shulou.com)05/31 Report--

This article mainly introduces "what is the use of the pause-amd64 container in Kubernetes pod". In the daily operation, I believe that many people have doubts about the use of the pause-amd64 container in Kubernetes pod. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the question of "what is the use of the pause-amd64 container in Kubernetes pod?" Next, please follow the editor to study!

The result returned by the command of docker ps:

[root@k8s-minion1 kubernetes] # docker ps | grep pausec3026adee957 gcr.io/google_containers/pause-amd64:3.0 "/ pause" 22 minutes ago Up 22 minutes k8s_POD.d8dbe16c_redis-master-343230949-04glm_default_ce3f60a9-095d-11e7-914b-0a77ecd65f3e_66c108d5202df18d636e gcr.io/google_containers/pause-amd64:3.0 " / pause "24 hours ago Up 24 hours k8s_POD.d8dbe16c_kube-proxy-js0z0_kube-system_2866cfc2-0891-11e7-914b-0a77ecd65f3e_c8e1a667072d3414d33a gcr.io/google_containers/pause-amd64:3.0" / pause "24 hours ago Up 24 hours k8s _ POD.d8dbe16c_kube-flannel-ds-tsps5_default_2866e3fb-0891-11e7-914bMur0a77ecd65f3ebe4b719e [root @ k8s-minion1 kubernetes] #

Kubernetes's official website explains:

It's part of the infrastructure. This container is started first in all Pods to setup the network for the Pod.

Pause-amd64 is part of the Kubernetes infrastructure. Of all the pod managed by Kubernetes, the pause-amd64 container is the first to start, and is used to implement network communication between pod in the Kubernetes cluster.

Friends who are interested in this special container can read its source code:

Https://github.com/kubernetes/kubernetes/tree/master/build/pause

We look at the dockerfile of this pause-amd64 image and find that the implementation is simple, starting with a blank image:

FROM scratchARG ARCHADD bin/pause-$ {ARCH} / pauseENTRYPOINT ["/ pause"]

The ARG directive is used to specify the parameters passed in when the docker build command is executed.

This pause container is written in C language:

Https://www.ianlewis.org/en/almighty-pause-container

By running docker ps on the running Kubernetes node, you can find these pause container:

As the parent container of all other container in pod, pause container has two main responsibilities:

It is the basis for other containers in pod to share Linux namespace.

Play the role of PID 1, responsible for handling zombie processes

I will elaborate on these two points one by one. In Linux, when the parent process fork a new process, the child process inherits namespace from the parent process. At present, Linux implements six types of namespace, each of which is an abstract collection that wraps some global system resources, which makes global system resources visible in the process's namespace. One of the overall goals of the namespace is to support the implementation of the lightweight virtualization tool container, and the container mechanism itself provides a set of processes that they think are the only processes that exist in the system.

In Linux, the child of the parent process fork inherits the parent process's namespace. A system command contrary to this behavior is unshare:

Let's talk about how the pause container handles zombie processes.

There is actually a very simple process running in the Pause container, and its logic can be found in the Pause github repository mentioned earlier:

Static void sigdown (int signo) {psignal (signo, "Shutting down, got signal"); exit (0);} static void sigreap (int signo) {while (waitpid (- 1, NULL, WNOHANG) > 0);} int main () {if (getpid ()! = 1) / * Not an error because pause sees use outside of infra containers. * / fprintf (stderr, "Warning: pause should be the first process\ n"); if (sigaction (SIGINT, & (struct sigaction) {. Sa_handler = sigdown}, NULL) < 0) return 1; if (sigaction (SIGTERM, & (struct sigaction) {. Sa_handler = sigdown}, NULL) < 0) return 2 If (sigaction (SIGCHLD, & (struct sigaction) {. Sa_handler = sigreap, .sa _ flags = SA_NOCLDSTOP}, NULL) < 0) return 3; for (;) pause (); fprintf (stderr, "Error: infinite loop terminated\ n"); return 42;}

For the process implemented in c language, the core code is 28 lines

There is an infinite loop for (;;) in line 24, so you can see the origin of the pause container name, right?

What is executed in this infinite loop is a system call pause

So the pause container sleeps most of the time, waiting for a signal to wake it up.

What kind of signal do you receive?

Once the SIGCHLD signal is received, the pause process executes the registered sigreap function.

Take a look at the help of SIGCHLD signals:

SIGCHLD, when a process terminates or stops normally, sends a SIGCHLD signal to its parent process, which is ignored by system default, and should be captured if the parent process wants to be informed of this state of its child system.

In the signal processing function sigreap registered by the pause process, another system call waitpid is called to get the reason for the termination of the child process.

At this point, the study on "what is the use of pause-amd64 containers in Kubernetes pod" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.