What is purpose of pod-infra-container-image in kubernetes?
Official documentation says only:
The image whose network/ipc namespaces containers in each pod will use. (default "gcr.io/google_containers/pause-amd64:3.0")
but I don't understand exactly what it does and how it works in detail.
Each pod contains an infrastructure container ( INFRA ), whose purpose is to hold the name space. INFRA also enables Podman to add other containers to the pod. Port bindings, cgroup-parent values, and kernel name spaces are all assigned to the infrastructure container.
A container image represents binary data that encapsulates an application and all its software dependencies. Container images are executable software bundles that can run standalone and that make very well defined assumptions about their runtime environment.
A Pod (as in a pod of whales or pea pod) is a group of one or more containers, with shared storage and network resources, and a specification for how to run the containers. A Pod's contents are always co-located and co-scheduled, and run in a shared context.
A Kubernetes pod is a collection of one or more Linux® containers, and is the smallest unit of a Kubernetes application. Any given pod can be composed of multiple, tightly coupled containers (an advanced use case) or just a single container (a more common use case).
The pause container, which image the --pod-infra-container flag selects, is used so that multiple containers can be launched in a pod, while sharing resources. It mostly does nothing, and unless you have a very good reason to replace it with something custom, you shouldn't. It mostly invokes the pause system call (hence its name) but it also performs the important function of having PID 1 and making sure no zombie processes are kept around.
An extremely complete article on the subject can be found here, from where I also shamelessly stole the following picture which illustrates where the pause container lives:

The pause container is built from https://github.com/kubernetes/kubernetes/tree/master/build/pause . The process itself does nothing so you can replace it with another container of your choice that equally does nothing (with the --pod-infra-container-image parameter of kubelet).
This container is started as a part of each and every pod. Kubernetes is using this well-known, never falling container to setup the network namespace for the pod and make sure the namespace is never empty (all the other containers in the pod might fail). But again, the container process itself does nothing, it's just a placeholder.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With