Podman - Differences between a pod and a container - Part 6
Containers and pods, what are the differences and when to use them, this is some of the questions you may ask your self when getting into using containers.
Here i will go through some of the differences and look at when either is best used.
Containers
Containers are single servers running within it's own space and in rootless mode they cannot talk to each other and are isolated in that sense, they can of course still communicate outside of the container via Slirp4netns which is the default network setup for rootless containers and pods.
Lets consider this scenario, you have one web container
and one database container
where the web server stores it's database and you assign port to both of them.
graph LR
A(Client) <--> |8080/tcp| B{Slirp4netns}
<--> |80/tcp| C(Web<br>Container)
A <--> |3306/tcp| M{Slirp4netns}
<--> |3306/tcp| O(Database<br>Container)
As you can see there are no communication between the containers directly, that's because they live in their own bubble and thus cannot reach each other internally, here both containers needs to be reachable from the host network to be able to talk to each other, exposing internal services that only other containers should talk to this way is not recommended since it exposes them out to clients as well.
So in the scenario where you need 2 or more containers to talk to each other without exposing unnecessary ports you need to go the pod route, but for standalone single services this is the way to go, more on this in part 8.
Pods
Pods are a collection of containers with their own internal network where they can talk to each other, this makes it perfect for services where the containers need to be able to talk to each other without exposing all services out against clients.
If we play the same scenario as above, one web container
and one database container
, this is how it would be in a pod configuration.
graph LR
A(Client) <--> |8080/tcp| B{Slirp4netns}
<--> |80/tcp| C(<br><br>Pod<br><br><br>)
<--> |80/tcp| D(Web<br>Container)
C <--> |3306/tcp| O(Database<br>Container)
Every machine inside the pod talks via 127.0.0.1 and the port each service exists on, so here it is important not to have 2 containers with same inside port since this will make them conflict with each other.
Pods are for scenarios where you have several containers that need to communicate with each other, pods are not for a single container, there are no need to add an extra layer of complexity if not needed.
Recap
In this part we talked a bit more about containers and pods, how they work and communicate, when to use them and some of the differences, in next part we will create a pod and talk a bit more about it.