ThunderYe
commented
5 years ago Sorry,we found a better method let pause&APP container share one sandbox ,only if CRI-daemon sets right container type , close the issue!
Refer the sandbox code inside gVisor:
// ShouldCreateSandbox returns true if the spec indicates that a new sandbox
// should be created for the container. If false, the container should be
// started in an existing sandbox.
func ShouldCreateSandbox(spec *specs.Spec) bool {
t, ok := spec.Annotations[ContainerdContainerTypeAnnotation]
return !ok || t == ContainerdContainerTypeSandbox
}
Sorry ,maybe this topic is not quite proper here ,this is a shim project,but only this project is working on containerd and gVisor.
When I walk through containerd-CRI -OCI plugin , I found one Pod only can use one kind OCI engine(runC or runSC) , but a runSC pause container will use more resource than runC container, while the pause container implement the identical function(setup a sandbox). I have a new idea , can we let "runC pause container + runSC app container = a Pod" ?
BTW, I use a Docker commands to simulate the behavior , it can work ,the runSC can share netns with a runC pause container, seems they can work each other well.