Pod
The smallest deployable unit in Kubernetes. A pod is one or more containers that share a network namespace and storage volumes.
Pod = a lunch table. Containers in the same pod are coworkers sharing one table — same IP (table number), same food (volumes), talking over lunch (localhost). But the table is disposable: if someone spills coffee, you get a NEW table, not a cleaned one.
Containers in a pod share: the same IP, loopback, and port space (communicate via localhost), mounted volumes. Pods are ephemeral — they're not rescheduled to new nodes; a new pod is created. Pod lifecycle: Pending → Running → Succeeded/Failed. Pod phases vs container states are different. Never deploy pods directly — use a controller (Deployment, StatefulSet) so they're managed.
The pause container (infra container) creates and holds the network namespace — other containers join it. This is why all containers in a pod share the same IP. Sidecar pattern: co-locate a helper container (logging agent, proxy, config reloader) that shares the same pod network and volumes. Init containers run to completion before app containers start — used for setup, database migration checks, secret injection. Pod QoS classes: Guaranteed (requests == limits), Burstable (requests < limits), BestEffort (no requests/limits) — affects eviction order under node memory pressure. Ephemeral containers (kubectl debug) let you inject a debugging container into a running pod.
A pod is a group of containers that share a network and storage. They communicate via localhost — no service discovery needed within a pod. The pod gets one IP. Sidecars are a critical pattern: service meshes (Istio, Linkerd) inject a proxy sidecar into every pod to handle TLS, retries, and observability without changing your app code. Always use a controller (Deployment, StatefulSet) to manage pods — naked pods don't get rescheduled if their node fails.
Pods are ephemeral. When a pod is deleted or evicted, it's gone — a new pod with a new IP is created. Never hard-code pod IPs. Always use Services (stable virtual IPs with DNS) to reach pods.