Kubelet

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

External

Internal

Overview

Each node runs an agent called kubelet, which is responsible with the node's registration with the cluster. Once a node is registered, its CPU, RAM and storage are pooled into the wider cluster pools of corresponding resources. The kubelet is part of the control plane and acts as a bridge between the Kubernetes master and the node, managing the pods and containers running on the machine it is installed on. The kubelet is watching the API server for work (pod) assignments and attempts to run them. If it is not successful for any reason, it reports the condition back to the API server. The task of actually running the pods is delegated to the local container runtime. The kubelet maintains a cache, and takes part in resource metrics collection. The kubelet has a HTTPS endpoint that exposes APIs which give access to metrics and other data, and also allow perform operations on the node and within containers. The kubelet is also in charge with managing the static pods deployed in its node.

Container Creation, State Monitoring and Restart

Once the scheduler assigns a pod to a node, the kubelet starts creating containers for the pod, using the node's container runtime. The kubelet then tracks pods' containers states and may restart failed containers, depending on the pod configuration.

Container Probe Execution

The kubelet executes container probes.

Cache

The kubelet has a cache it uses to serve various values to the node. For example, the secrets projected as files in pods running on the node are served from this cache. The cache characteristics are configurable. The cached values can be propagated via watch (default), ttl-based or simply redirecting all requests to the API server.

Image Pulling

The kubelet performs image pulling on behalf of the pods scheduled on the node. Verify this, the container runtime says it does image pulling.

Metrics Collection

The kubelet keeps track of constituent containers for each pod and fetches individual container usage statistics from the container runtime through the Container Runtime Interface. The kubelet also fetches this information from the integrated cAdvisor for the legacy Docker integration. cAdvisor runs in the host network namespace. Finally, the kubelet gathers node-level metrics. It then exposes the aggregated pod resource usage statistics to the metrics server, which in turn exposes these statistics via the Resource Metrics API. The API is served at /metrics/resource/v1beta1 on the kubelet's authenticated and read-only ports. kubelet also exposes metrics in /metrics/cadvisor and /metrics/probes.

Authentication/Authorization

https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/

API Access

https://www.deepnetwork.com/blog/kubernetes/2020/01/13/kubelet-api.html

Port: 10250