On running related processes in the same container

- 2 mins read

Today the topic of how to organise related processes in containers came up. In particular, a PHP application needed Memcached for caching and the question was whether those should be run in the same container.

Personally, I strongly favour the side that says you should never under any circumstances run more than one process within the same container. For me that would go against the purpose of containerisation, that is to isolate processes against each other.

So the answer is a strict no, you should create a separate container for each process.

On Kubernetes a more interesting question is whether you should put these containers into the same pod? Again, my take is that each pod should run a single container only. Unless there is a compelling reason to do otherwise. A Kubernetes pod should serve a single well-defined purpose. The container fulfilling that purpose is the main container in the pod. Any other container in the same pod is per definition a sidecar that only exists to supplement the main container.

For example if the main container was a php-fpm application that should be able to receive HTTP(s) requests, a solution might be to run an nginx sidecar along the main container. The nginx would receive HTTP requests from the outside world and forward them to the PHP application by means of a UNIX socket in a shared ephemeral volume. The shared volume would make it strictly necessary to run both containers in the same pod. True, nginx could also talk to PHP over the network, making it possible to put these into separate pods. But the single reason for running nginx at all in this scenario is as a “protocol translation layer” between HTTP and (F)CGI. So nginx is just a sidecar to the main (PHP) container and it feels right put them into the same pod.

Still, this illustrates that “sidecar or separate pod” is often a matter of taste and lines are not clear cut.

Personally I find it easiest to follow these simple rules:

  1. Never, ever run more than one process in a single container
  2. When in doubt always give each container its own pod. Unless there is a compelling reason to do otherwise. :-)

Update

The Kubernetes Blog has a good summary on when to use sidecars and when to avoid them.