I would like to understand what the thinking process when the creators created pause containers
Now this is quite an involved topic and requires an understanding of Linux namespaces.
The short answer is that it exists to keep the pod alive if all the containers you put in it start crashlooping. If it wasn’t there then the namespaces that make up the pod would terminate and the pod itself would be lost. It wouldn’t be crashlooping, it would return to the scheduler.
It holds the pod in place where it was originally scheduled whatever happens to your containers, until you explicitly delete the pod.
Longer explanation
The code running in the pause container is less than 50 lines of C code, so it is tiny - really tiny!
It does the following tasks
- register various signal handling functions, which mainly handle two types of information: exit signals and child signals. When it receives
SIGINTorSIGTERM, it exits directly. WhenSIGCHLDsignal is received, callwaitpidand recycle the exiting process.
When you runkubectl delete podthenkubeletsends aSIGTERMto the pod which is picked up by the pause container and your container instructing them to all exit. Once all containers, includingpausehave exited, then the pod is gone. - The main process for loop calls the
pause()function, which puts the process to sleep until it is terminated or receives a signal.
So thepausecontainer pauses - doing nothing untilkubelettells it to quit.
So even if the last container in the Pod crashes, the shared namespace would still be there, because the pause container is holding the namespace.
1 Like