logo

containerd

Container vs Task

The "Task" is the actual container process.

  • A Container: In containerd, a "Container" is just a metadata object. It’s a record in a database that says "I have an image, some environment variables, and some settings." It isn't actually "running" anything yet.
  • A Task: A "Task" is the active execution of that container. When you run ctr task start, you are telling containerd to take those settings and turn them into a real process on the CPU.

Task vs Shim

For every Task, there is exactly one Shim.

containerd creates a Task directory in /run/containerd to give the Shim a place to store its sockets and PIDs.

If you kill the Shim process, the Task becomes an orphan—the container might still be running, but containerd has lost its "babysitter" and no longer knows how to talk to it.

So the task folder is for shim to store data about the task, not to be used by the task itself?

Yes. The folder under "io.containerd.runtime.v2.task" is the Shim's administrative office. The process running inside the container (the Task) usually has no idea this folder even exists, and it certainly doesn't use the files inside it for its own logic.

For a pod of 2 containers, do we actually see 3 containers due to pause?

It depends on the tool:

  • kubectl get pods: Shows 2/2 containers ready. Kubernetes hides the "Pause" container from the end-user because it’s considered system infrastructure, not your application.
  • crictl ps: Usually shows 2 containers (it also filters out the pause container by default to keep the output clean).
  • nerdctl ps -a or docker ps: Will show 3 containers. You will see your two apps and one image usually named registry.k8s.io/pause.

Example:

Pod Configuration Number of Application Containers Total "Containers" at Runtime Level
Simple Web App 1 2 (App + Pause)
App + Sidecar 2 3 (App + Sidecar + Pause)
App + Proxy + Log Shipper 3 4 (App + Proxy + Log + Pause)

Conclusion: The Pause container is the "glue" that makes a Pod a Pod. Without that extra container, the apps wouldn't have a shared home to live in.

logo
PRIVACY POLICYABOUT中文