更新:HHH   时间:2023-1-7



  1. 根据从API Server获得的Pod Spec以及当前Pod的Status计算所需要执行的Actions

  2. 在需要情况下Kill掉当前Pod

  3. 根据需要(如重启)kill掉pod内的containers

  4. 根据需要创建Pod的sandbox container

  5. 启动下一个init container

  6. 启动Pod内的containers




// computePodActions checks whether the pod spec has changed and returns the changes if true.

func (m *kubeGenericRuntimeManager) computePodActions(pod *v1.Pod, podStatus *kubecontainer.PodStatus) podActions {

   // 1. 对比sandbox状态,计算是否需要创建sandbox,以及当前sandbox id

   createPodSandbox, attempt, sandboxID := m.podSandboxChanged(pod, podStatus)

   changes := podActions{

      KillPod:           createPodSandbox,

      CreateSandbox:     createPodSandbox,

      SandboxID:         sandboxID,

      Attempt:           attempt,

      ContainersToStart: []int{},

      ContainersToKill:  make(map[kubecontainer.ContainerID]containerToKillInfo),



   // 2. 需要新建sandbox,一旦进入该分支就必定return,之后代码不再执行

   if createPodSandbox {


      // 在新建sandbox分支中,若存在init容器,则取第一个,返回

     if len(pod.Spec.InitContainers) != 0 {

         // Pod has init containers, return the first one.

         changes.NextInitContainerToStart = &pod.Spec.InitContainers[0]

         return changes



      // 不存在init容器,直接跑工作containers

      for idx, c := range pod.Spec.Containers {

         if containerSucceeded(&c, podStatus) && pod.Spec.RestartPolicy == v1.RestartPolicyOnFailure {



         changes.ContainersToStart = append(changes.ContainersToStart, idx)


      return changes



   // 3. sandbox已运行,启动init容器。寻找下一个需要执行的init容器

   initLastStatus, next, done := findNextInitContainerToRun(pod, podStatus)

   if !done {

      if next != nil {

         initFailed := initLastStatus != nil && isContainerFailed(initLastStatus)

         if initFailed && !shouldRestartOnFailure(pod) {

            changes.KillPod = true

         else {

            changes.NextInitContainerToStart = next



      // 若init未完成,直接返回

      return changes



   // 4. init已完成,计算需要kill&start的工作container

   keepCount := 0

   for idx, container := range pod.Spec.Containers {




   // 5. 是否需要kill pod

   if keepCount == 0 && len(changes.ContainersToStart) == 0 {

      changes.KillPod = true



   return changes


2. SyncPod


func (m *kubeGenericRuntimeManager) SyncPod(pod *v1.Pod, _ v1.PodStatus, podStatus *kubecontainer.PodStatus, pullSecrets []v1.Secret, backOff *flowcontrol.Backoff) (result kubecontainer.PodSyncResult) {

   // 1. 计算pod actions,见上文

   podContainerChanges := m.computePodActions(pod, podStatus)



   // 2. 需要情况下执行kill pod

   if podContainerChanges.KillPod {


      killResult := m.killPodWithSyncResult(pod, kubecontainer.ConvertPodStatusToRunningPod(m.runtimeName, podStatus), nil)


   else {

      // 3. 不需要kill pod,但需要kill工作container

      for containerID, containerInfo := range podContainerChanges.ContainersToKill {


         if err := m.killContainer(pod, containerID, containerInfo.name, containerInfo.message, nil); err != nil {









   // 4. 按需创建sandbox

   podSandboxID := podContainerChanges.SandboxID

   if podContainerChanges.CreateSandbox {


      podSandboxID, msg, err = m.createPodSandbox(pod, podContainerChanges.Attempt)






   // 5. 运行next init container

   if container := podContainerChanges.NextInitContainerToStart; container != nil {


      if msg, err := m.startContainer(podSandboxID, podSandboxConfig, container, pod, podStatus, pullSecrets, podIP); err != nil {

         startContainerResult.Fail(err, msg)

         utilruntime.HandleError(fmt.Errorf("init container start failed: %v: %s", err, msg))






   // 6. 运行工作containers。注意,根据computePodActions,若NextInitContainerToStart不为空,则不存在ContainersToStart ,即这个循环在当前这个SyncPod中不会被执行

   for _, idx := range podContainerChanges.ContainersToStart {


      if msg, err := m.startContainer(podSandboxID, podSandboxConfig, container, pod, podStatus, pullSecrets, podIP); err != nil {

         startContainerResult.Fail(err, msg)

         // known errors that are logged in other places are logged at higher levels here to avoid

         // repetitive log spam

         switch {

         case err == images.ErrImagePullBackOff:

            glog.V(3).Infof("container start failed: %v: %s", err, msg)


            utilruntime.HandleError(fmt.Errorf("container start failed: %v: %s", err, msg))








SyncPod中需要特别注意的是:在init containers启动过程中,SyncPod每次只会运行一个init container(next),之后就返回了。

