DEV Community

Athavan Kanapuli
Athavan Kanapuli

Posted on

What are Kubernetes Pods Anyway?

What is a Pod?

A Pod is a colocated group of containers and represents the very basic unit in Kubernetes. By this, we are not implying that a pod always contains more than a container. It's usual for pods to have a single container most of the time.

Why do we need a Pod?

Why would we run multiple containers together? Why can't we run a single container that does all our jobs? Let's try to answer these.

Generally, containers are designed to run a single process. It doesn't have an init system which manages all processes. So if we run multiple processes inside a container, it is our responsibility to keep all those processes running, manage their logs, handle all SIGNALS and so on. Truth be told, this is a pain. So it is always recommended to run a single process inside a container. Now it's obvious that we need some higher-level construct which helps to bind containers together and manage them as a single unit.

A Pod of containers allows multiple processes to be tied together and provide them with the same environment as if they were all running in the same container.

What's shared inside a Pod?

All containers in a pod share the same Linux namespaces. They are in the same Network and UTS namespaces. Because of this, containers within a pod shares the same IP address and hostname. Similarly, all containers run under the same IPC namespace and can communicate themselves through IPC.
containers.jpg

What's different inside a Pod?

Each container in a pod has it's own PID namespace. So when you run ps aux inside a container, you see only the container's own processes.
When we speak about the filesystem, they mostly come from the container image. Hence the file system of each container inside the Pod is fully isolated. Here is a note, you can still have a shared volume for all containers in a pod using Kubernetes Volumes

Pod's Network

Containers inside the pod share the same IP and port space. They all are in the same loopback interface and a container can talk to another container in a pod using localhost. Since the port space is shared, processes running in two containers cannot bind to the same port inside a Pod. Containers of different pods can never run into such port conflicts.
All pods in a Kubernetes cluster stay in a single flat, network space. Hence any pod can communicate with any other pod with the pod IP. There are no NAT gateways required for Pod-to-Pod communication.
Flat-network.jpg

The Kubernetes documentation on Pods provides the most complete explanation of pods and I would recommend to read it as it's a better and more correct explanation than I could write.

Oldest comments (0)