Uptycs Blog | Cloud Security Insights for Linux and Containers

Kubernetes Pods vs. Nodes

Written by Gabriela Silk | 6/14/22 11:21 PM

What Is a Pod in Kubernetes?

A group of one or more application containers (such as Docker or rkt), a Pod includes shared storage (volumes), IP address and information about how to run them. 

 

Kubernetes Pods

When a deployment is created, Kubernetes creates a Pod to host the application instance. A Kubernetes abstraction that represents a group of one or more application containers (such as Docker or rkt), Pods also contain shared resources for those containers - as defined below:

  • Shared storage, as Volumes
  • Networking, as a unique cluster IP address
  • Container image version information, or information on specific ports to use, i.e information about how to run each container

Containing different application containers which are relatively tightly coupled, a Pod models an application-specific “logical host,” i.e, a pod might include both the container with your Node.js app as well as a different container that feeds the data to be published by the Node.js webserver. Sharing an IP Address and port space, the containers in a Pod are also always co-located and co-scheduled and run in a shared context on the same Node.

 

As Pods are the atomic unit on the Kubernetes platform, when deployments are created on Kubernetes, that deployment creates Pods with Containers inside them (as opposed to creating containers directly). Tied to the Node where it is scheduled, each Pod remains there until termination (according to restart policy) or deletion. In the event of a Node failure, identical Pods are scheduled on other available Nodes in the cluster. 

 

Pods Overview

Image provided by kubernetes.io

 

Nodes

What Is a Node in Kubernetes?

A worker machine in Kubernetes that may be either a virtual or physical machine depending on the cluster, each Node is managed by the control plane and can have multiple pods. The Kubernetes control plane automatically handles scheduling the pods across the Nodes in the cluster. A Pod always runs on a Node and the control plane’s automatic scheduling takes into account the available resources on each Node.

 

Every Kubernetes Node runs at least:

  • Kubelet, a process responsible for communication between the Kubernetes control plane and the Node; it manages the Pods and the containers running on a machine. 
  • A container runtime (like Docker) responsible for pulling the container image from a registry, unpacking the container, and running the application. 

 

Only when they are tightly coupled and need to share resources such as disk should Containers be scheduled together in a single pod. 

 

Node Overview

Image provided by kubernetes.io

 

Uptycs: Container & Kubernetes Security

As the need to secure the CI/CD pipeline ever expands, the webinar below breaks down container security and ensuring a comprehensive security stance.

 

Click here to watch our on-demand webinar on securing containers in the CI/CD pipeline with Uptycs.

 
View full post