Pause - most popular container in k8s environmentSat 02 May 2020 by admin
Probably the most popular container in kubernetes environment. Container image is really small:
$ docker images | grep -i pause k8s.gcr.io/pause 3.2 80d28bedfe5d 2 months ago 683kB
Codebase is also small pause. According to source code it is responsible for doing pretty... nothing, except of dealing with SIGCHLD. This signal is being received when child process exit and parent doesn't process it, child process still is available in process list with stat Z as zombie. So pause process it's a kind of zombie repear. This could have happened when pause container should be started as the first process and process namespace should be shared between containers in pod. But even when we turn on process namespace sharing, I cannot reproduce this, SIGCHLD signal is being sent to
containerd-shim when docker CRI is enabled ie. process list from host system perspective
$ ps -ef f ... root 8964 2559 0 17:03 ? Sl 0:00 \_ containerd-shim -namespace moby -workdir /var/lib/docker/containerd/daemon/io.containerd.runtime.v1.linux/mob root 8983 8964 0 17:03 ? Ss 0:00 \_ /bin/sleep 1000 ...
so process sleep is being maintained by
containerd-shim, which it's taking care about running container process ie. keeping stdio open, reporting status to dockerd. It's also dealing with zombie process reaper_unix. The second reason of running pause container is to keep running network namespace, when ie. other container are starting. In k8s env network namespace it's shared between containers ie.
$ kubectl run test --image=busybox:latest -- /bin/sleep 1000 # it is started first $ docker ps | grep test 4d753c519607 busybox "/bin/sleep 1000" 10 seconds ago Up 10 seconds k8s_test_test-79f4645984-s5v59_default_f9fa9362-5b99-40dd-9f02-13a15746b221_0 7bc80fd174b3 k8s.gcr.io/pause:3.2 "/pause" 17 seconds ago Up 17 seconds k8s_POD_test-79f4645984-s5v59_default_f9fa9362-5b99-40dd-9f02-13a15746b221_0 # container with sleep command use network namespace from pause container $ docker inspect k8s_test_test-79f4645984-s5v59_default_f9fa9362-5b99-40dd-9f02-13a15746b221_0 ... "NetworkMode": "container:7bc80fd174b3663c61defe8b50a081975cfc4a5159e28beac434e1f33d85d894" ...
More info about pause container in The Almighty Pause Container article.