RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1270641 - [DOCS] [7.2] [Feature] Document External Registries and availability of Pause Container in Kubernetes
Summary: [DOCS] [7.2] [Feature] Document External Registries and availability of Pause...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: doc-RHEL-Atomic
Version: 7.1
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: rc
: 7.2
Assignee: Thien-Thi Nguyen
QA Contact: Vikram Goyal
Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-10-12 03:49 UTC by Vikram Goyal
Modified: 2019-03-06 01:23 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-20 00:17:28 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Vikram Goyal 2015-10-12 03:49:13 UTC 
Although there is nothing to document for the pause container [1] itself, there are several things we can document.

We should document:

* The fact that there is a pause container and that it is different from the upstream container. It would be good to let the users know about this and the fact that Kube will auto pull from configured registries with default settings.

* If a customer disconnects external registries including RH, then they need to pull pause onto the host first before disconnecting the registries. Make this clear in the docs.

Related, and might be a nice sidebar, we should explain about external registries as described here [2].

We should document this in:

* Getting Started Guide for Containers [3].

[1] https://trello.com/c/RZvniIpg/74-create-a-pause-container-for-kubernetes
[2] https://access.redhat.com/articles/1354823 
[3] https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux_Atomic_Host/7/html-single/Getting_Started_with_Containers/index.html
Comment 2 Thien-Thi Nguyen 2015-11-02 22:40:14 UTC 
Hi Eric, i'm writing you (per the trello card linked in the description above) to inquire about the "internal pause container".  Here are my questions:

 (a) Aside from the trello card, is there any other tracking of internal pause containers?
 (b) Where can i read the source to the internal pause container?

I figure if i can follow along w/ (a) and ponder some source w/ (b), i won't need to bother you too much more.  What do you think?
Comment 3 Eric Paris 2015-11-02 23:27:21 UTC 
sdodson can talk about what we put in the container. Upstream calls it 'pause' but we have a new name. Openshift has some other name (and are going to switch), but I think we have settled that openshift, AE, and AH are all transitioning to 'pod-infrastructure'.

The main purpose of this container is to hold open the network namespace for each pod. Every single pod runs 1 (and only 1) 'pause' container. The container can be launched, the networking for that dummy container can me mutated in any way you wish, and then the real containers which need network access can be launched. Thus the real containers won't race with network mutation and will always see a consistent network state. Even if you need to do long slow network mutations to get the infrastructure container correctly hooked to the network.

The upstream 'pause' container does ABSOLUTELY nothing except go to sleep. It is tiny (size is measured in bytes instead of kb). It exists to keep the network namespace open even if all of the container in the pod were to die for some reason.

The Red Hat pod-infrastructure container may grow (may have already grown, sdodson can tell us) to be a bit more. While it provides the same functionality, it just sleeps and hold the network namespace, it may grow to allow you to exec into the container. It may one day (already?) provide utilities which can help you analyze the network, debug the container from the inside, etc.
Comment 4 Scott Dodson 2015-11-03 02:26:58 UTC 
Thien-Thi,

The source for the openshift3/pod image is at https://github.com/openshift/origin/blob/master/images/pod/pod.go  This is our equivalent of the pause container.

Eric,

I think there was some decision to be made as to what it was going to be re-named for AEP and Atomic Host, are you saying definitively that this image is to be named 'pod-infrastruce' ? Is that prefixed in any way aep3/pod-infrastructure? Has this change been made in the origin code base, I don't think it has.
Comment 5 Thien-Thi Nguyen 2015-11-10 15:58:01 UTC 
The concept of a ‘pause’ (or ‘pod-infrastructure’ or whatever it is named) container does not belong in Getting Started with Containers, but rather in Get Started Orchestrating Containers with Kubernetes.  This is because the concept of a "placeholder container" (to keep the networking namespace "reserved") is only valid in the context of multiple containers on a host (i.e., a "pod").  So, i will mention it there, instead.
Comment 6 Thien-Thi Nguyen 2015-11-10 16:06:30 UTC 
From IRC discussion, it appears that the following are still unclear:
- renaming decision: yes or no?
- new name
- which product sees which name

I'm changing the needinfo as suggested by eparis.
Comment 8 Thien-Thi Nguyen 2015-11-11 22:32:21 UTC 
Per IRC discussion w/ Chris Negus:
- cnegus to mention the ‘pause’ container in two Kubernetes articles
- tnguyen to do add a ‘docker pull’ synopsis as described above

Merge request for latter part: https://gitlab.cee.redhat.com/rhel-atomic-host-documentation/atomic-host-content/merge_requests/3
Comment 9 Thien-Thi Nguyen 2015-11-15 13:11:47 UTC 
The ‘pause’ container portion is merged.  The ‘git pull’ part is in peer review.
Moving status to MODIFIED.
Comment 11 Thien-Thi Nguyen 2015-11-15 18:41:46 UTC 
All changes merged.  Thanks to Chris Negus, Vikram Goyal, and Yoana Ruseva.
Moving status to RELEASE_PENDING.
Comment 12 Thien-Thi Nguyen 2015-11-20 00:17:28 UTC 
Comment 9 references re "container" portion:

- https://gitlab.cee.redhat.com/rhel-atomic-host-documentation/atomic-host-content/commit/62548d71bf9435c752752a821c98ba66d304fff4
- https://gitlab.cee.redhat.com/rhel-atomic-host-documentation/atomic-host-content/commit/83b837f765317a6a127937392e3e92531b9f32f8

ok:
container:   https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/7/getting-started-with-containers/chapter-3-creating-a-kubernetes-cluster-to-run-docker-formatted-container-images
docker pull: https://access.redhat.com/documentation/en/red-hat-enterprise-linux-atomic-host/7/getting-started-with-containers/chapter-7-get-started-with-docker-formatted-container-images

Moving to CLOSED CURRENTRELEASE.
Note You need to log in before you can comment on or make changes to this bug.