Skip to content

Podman - Differences between a pod and a container - Part 6

Difficult Level:
1
2
3
4
5

Containers and pods, what are the differences and when to use them, this is some of the questions you may ask your self when getting into using containers.

Here i will go through some of the differences and look at when either is best used.

Containers

Containers are single servers running within it's own space and in rootless mode they cannot talk directly to each other since they have a separate network stack, they can of course still communicate outside of the container via Slirp4netns which is the default network setup for rootless containers and pods.

Lets consider this scenario, you have one web container and one database container where the web server stores it's database.

graph LR
 A(Client) <--> |8080/tcp| B{{Host}}
 B <--> |8080/tcp| M{Slirp4netns}
 <--> |80/tcp| D(Web<br>Container)
 A(Client) <--> |3306/tcp| B{{Host}}
 B <--> |3306/tcp| O{Slirp4netns}
 <--> |3306/tcp| P(Database<br>Container)

As you can see there are no communication between the containers directly, that's because they live in their own bubble and thus cannot reach each other internally, here both containers needs to be reachable from the host network to be able to talk to each other. Exposing internal services that only other containers should talk to this way is not recommended since it exposes them out to clients as well.

So in the scenario where you need 2 or more containers to talk to each other without exposing unnecessary ports you need to go the pod route, but for standalone single services this is the way to go, more on this in part 8.

Pods

Pods are a collection of containers with their own internal network where they can talk to each other, this makes it perfect for services where the containers need to be able to talk to each other without exposing all services out against clients.

If we play the same scenario as above, one web container and one database container, this is how it would be in a pod configuration.

graph LR
 A(Client) <--> |8080/tcp| B{{Host}}
  B <--> C{Slirp4netns}
 <--> |80/tcp| E(Web<br>Container)
  subgraph pod[</br><b>Pod</b>]
    style pod fill:#ffffff00,stroke:#5b9357,stroke-width:2px
    E <--> | 3306/tcp | O(Database<br>Container)
  end

Every machine inside the pod can talk to each other via 127.0.0.1 and the port each service exists on, so here it is important not to have 2 containers with same inside port since this will make them conflict with each other, the only port exposed outside is port 8080 that points to the web server inside the pod.

Pods are for scenarios where you have several containers that need to communicate with each other, pods are not for a single container, there are no need to add an extra layer of complexity if not needed.

Recap

In this part we talked a bit more about containers and pods, how they work and communicate, when to use them and some of the differences, in next part we will create a pod and talk a bit more about it.