What Is A Pod In Kubernetes?
A group of one or more application containers (such as Docker or rkt), a Pod includes shared storage (volumes), IP address and information about how to run them.
When a deployment is created, Kubernetes creates a Pod to host the application instance. A Kubernetes abstraction that represents a group of one or more application containers (such as Docker or rkt), Pods also contain shared resources for those containers - as defined below:
- Shared storage, as Volumes
- Networking, as a unique cluster IP address
- Container image version information, or information on specific ports to use, i.e information about how to run each container
Containing different application containers which are relatively tightly coupled, a Pod models an application-specific “logical host,” i.e, a pod might include both the container with your Node.js app as well as a different container that feeds the data to be published by the Node.js webserver. Sharing an IP Address and port space, the containers in a Pod are also always co-located and co-scheduled and run in a shared context on the same Node.
As Pods are the atomic unit on the Kubernetes platform, when deployments are created on Kubernetes, that deployment creates Pods with Containers inside them (as opposed to creating containers directly). Tied to the Node where it is scheduled, each Pod remains there until termination (according to restart policy) or deletion. In the event of a Node failure, identical Pods are scheduled on other available Nodes in the cluster.
Image provided by kubernetes.io
What Is A Node In Kubernetes?
A worker machine in Kubernetes that may be either a virtual or physical machine depending on the cluster, each Node is managed by the control plane and can have multiple pods. The Kubernetes control plane automatically handles scheduling the pods across the Nodes in the cluster. A Pod always runs on a Node and the control plane’s automatic scheduling takes into account the available resources on each Node.
Every Kubernetes Node runs at least:
- Kubelet, a process responsible for communication between the Kubernetes control plane and the Node; it manages the Pods and the containers running on a machine.
- A container runtime (like Docker) responsible for pulling the container image from a registry, unpacking the container, and running the application.
Only when they are tightly coupled and need to share resources such as disk should Containers be scheduled together in a single pod.
Image provided by kubernetes.io
Uptycs & Container and Kubernetes Security
As the need to secure the CI/CD pipeline ever expands, the webinar below breaks down container security and ensuring a comprehensive security stance.
To learn more about Kubernetes and Containers, check out the Forrester Research Report Below.
Connect with the author
Other posts you might be interested in
6 min read | June 7, 2018
Securing containers: Using osquery to solve new challenges posed by hosted orchestration servicesRead More
6 min read | May 26, 2022
Keep Pace with DevOps Teams: Adding Kubernetes Telemetry to Security Analytics for End-to-End Container ProtectionRead More
8 min read | June 6, 2022