Kubelet: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(6 intermediate revisions by the same user not shown)
Line 8: Line 8:
=Overview=
=Overview=
Each node runs an agent called kubelet, which is responsible with the node's registration with the cluster. Once a node is registered, its CPU, RAM and storage are pooled into the wider cluster pools of corresponding resources. The kubelet is part of the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Control_Plane|control plane]] and acts as a bridge between the Kubernetes [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Master_Node|master]] and the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Worker_Node|node]], managing the pods and containers running on the machine it is installed on. The kubelet is watching the API server for work (pod) assignments and attempts to run them. If it is not successful for any reason, it reports the condition back to the API server. The task of actually running the pods is delegated to the local [[Kubernetes_Container_Runtime_Concepts#Container_Runtime|container runtime]]. The kubelet maintains a [[#Cache|cache]], and takes part in [[#Metrics_Collection|resource metrics collection]]. The kubelet has a HTTPS endpoint that exposes APIs which give access to metrics and other data, and also allow perform operations on the node and within containers. The kubelet is also in charge with managing the [[Kubernetes_Pod_and_Container_Concepts#Static_Pods|static pods]] deployed in its node.
Each node runs an agent called kubelet, which is responsible with the node's registration with the cluster. Once a node is registered, its CPU, RAM and storage are pooled into the wider cluster pools of corresponding resources. The kubelet is part of the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Control_Plane|control plane]] and acts as a bridge between the Kubernetes [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Master_Node|master]] and the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Worker_Node|node]], managing the pods and containers running on the machine it is installed on. The kubelet is watching the API server for work (pod) assignments and attempts to run them. If it is not successful for any reason, it reports the condition back to the API server. The task of actually running the pods is delegated to the local [[Kubernetes_Container_Runtime_Concepts#Container_Runtime|container runtime]]. The kubelet maintains a [[#Cache|cache]], and takes part in [[#Metrics_Collection|resource metrics collection]]. The kubelet has a HTTPS endpoint that exposes APIs which give access to metrics and other data, and also allow perform operations on the node and within containers. The kubelet is also in charge with managing the [[Kubernetes_Pod_and_Container_Concepts#Static_Pods|static pods]] deployed in its node.
=Container State=
=<span id='Container_State'></span><span id='Container_Creation_and_State_Monitoring'></span>Container Creation, State Monitoring and Restart=
The kubelet tracks pods' containers [[Kubernetes_Pod_and_Container_Concepts#Container_States|states]] and may restart failed containers, depending on the pod configuration.
Once the scheduler assigns a [[Kubernetes_Pod_and_Container_Concepts#Pod|pod]] to a node, the kubelet starts creating [[Kubernetes_Pod_and_Container_Concepts#Container|containers]] for the pod, using the node's container runtime. The kubelet then tracks pods' containers [[Kubernetes_Pod_and_Container_Concepts#Container_States|states]] and may [[Kubernetes_Pod_and_Container_Concepts#Container_Restart_Policy|restart]] failed containers, depending on the pod configuration.
=Container Probe Execution=
The kubelet executes [[Kubernetes_Container_Probes#Overview|container probes]].


=Cache=
=Cache=
Line 27: Line 29:
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='bash'>
</syntaxhighlight>
</syntaxhighlight>
<center>&#91;[[Kubernetes_Control_Plane_and_Data_Plane_Concepts#kubelet|Next]]]</center>

Latest revision as of 00:29, 16 November 2021

External

Internal

Overview

Each node runs an agent called kubelet, which is responsible with the node's registration with the cluster. Once a node is registered, its CPU, RAM and storage are pooled into the wider cluster pools of corresponding resources. The kubelet is part of the control plane and acts as a bridge between the Kubernetes master and the node, managing the pods and containers running on the machine it is installed on. The kubelet is watching the API server for work (pod) assignments and attempts to run them. If it is not successful for any reason, it reports the condition back to the API server. The task of actually running the pods is delegated to the local container runtime. The kubelet maintains a cache, and takes part in resource metrics collection. The kubelet has a HTTPS endpoint that exposes APIs which give access to metrics and other data, and also allow perform operations on the node and within containers. The kubelet is also in charge with managing the static pods deployed in its node.

Container Creation, State Monitoring and Restart

Once the scheduler assigns a pod to a node, the kubelet starts creating containers for the pod, using the node's container runtime. The kubelet then tracks pods' containers states and may restart failed containers, depending on the pod configuration.

Container Probe Execution

The kubelet executes container probes.

Cache

The kubelet has a cache it uses to serve various values to the node. For example, the secrets projected as files in pods running on the node are served from this cache. The cache characteristics are configurable. The cached values can be propagated via watch (default), ttl-based or simply redirecting all requests to the API server.

Image Pulling

The kubelet performs image pulling on behalf of the pods scheduled on the node. Verify this, the container runtime says it does image pulling.

Metrics Collection

The kubelet keeps track of constituent containers for each pod and fetches individual container usage statistics from the container runtime through the Container Runtime Interface. The kubelet also fetches this information from the integrated cAdvisor for the legacy Docker integration. cAdvisor runs in the host network namespace. Finally, the kubelet gathers node-level metrics. It then exposes the aggregated pod resource usage statistics to the metrics server, which in turn exposes these statistics via the Resource Metrics API. The API is served at /metrics/resource/v1beta1 on the kubelet's authenticated and read-only ports. kubelet also exposes metrics in /metrics/cadvisor and /metrics/probes.

Authentication/Authorization

https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/

API Access

https://www.deepnetwork.com/blog/kubernetes/2020/01/13/kubelet-api.html

Port: 10250