Kubelet: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(39 intermediate revisions by the same user not shown)
Line 7: Line 7:


=Overview=
=Overview=
Each node runs an agent called kubelet, which is responsible with the node's registration with the cluster. Once a node is registered, its CPU, RAM and storage are pooled into the wider cluster pools of corresponding resources.  
Each node runs an agent called kubelet, which is responsible with the node's registration with the cluster. Once a node is registered, its CPU, RAM and storage are pooled into the wider cluster pools of corresponding resources. The kubelet is part of the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Control_Plane|control plane]] and acts as a bridge between the Kubernetes [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Master_Node|master]] and the [[Kubernetes_Control_Plane_and_Data_Plane_Concepts#Worker_Node|node]], managing the pods and containers running on the machine it is installed on. The kubelet is watching the API server for work (pod) assignments and attempts to run them. If it is not successful for any reason, it reports the condition back to the API server. The task of actually running the pods is delegated to the local [[Kubernetes_Container_Runtime_Concepts#Container_Runtime|container runtime]]. The kubelet maintains a [[#Cache|cache]], and takes part in [[#Metrics_Collection|resource metrics collection]]. The kubelet has a HTTPS endpoint that exposes APIs which give access to metrics and other data, and also allow perform operations on the node and within containers. The kubelet is also in charge with managing the [[Kubernetes_Pod_and_Container_Concepts#Static_Pods|static pods]] deployed in its node.
 
=<span id='Container_State'></span><span id='Container_Creation_and_State_Monitoring'></span>Container Creation, State Monitoring and Restart=
The kubelet acts as a bridge between the Kubernetes master and the nodes, managing the pods and containers running on a machine.  
Once the scheduler assigns a [[Kubernetes_Pod_and_Container_Concepts#Pod|pod]] to a node, the kubelet starts creating [[Kubernetes_Pod_and_Container_Concepts#Container|containers]] for the pod, using the node's container runtime. The kubelet then tracks pods' containers [[Kubernetes_Pod_and_Container_Concepts#Container_States|states]] and may [[Kubernetes_Pod_and_Container_Concepts#Container_Restart_Policy|restart]] failed containers, depending on the pod configuration.
 
=Container Probe Execution=
The kubelet is watching the API server for work (pod) assignments and attempts to run them. If it is not successful for any reason, it reports the condition back to the API server. The task of actually running the pods is delegated to the local [[Kubernetes Control Plane and Data Plane Concepts#Container_Runtime|container runtime]].
The kubelet executes [[Kubernetes_Container_Probes#Overview|container probes]].
 
The kubelet also takes part in resource metrics collection


=Cache=
=Cache=
The kubelet has a cache it uses to serve various values to the node. For example, the [[Kubernetes_Cluster_Configuration_Concepts#Secrets_Projected_as_Files|secrets projected as files]] in pods running on the node are fed from this cache. The type of the cache is configurable. The cached values can be propagated via watch (default), ttl-based or simply redirecting all requests to the API server.
The kubelet has a cache it uses to serve various values to the node. For example, the [[Kubernetes_Cluster_Configuration_Concepts#Secrets_Projected_as_Files|secrets projected as files]] in pods running on the node are served from this cache. The cache characteristics are configurable. The cached values can be propagated via watch (default), ttl-based or simply redirecting all requests to the API server.


=Image Pulling=
=Image Pulling=
The kubelet performs [[Kubernetes_Container_Image_Pull_Concepts#Overview|image pulling]] on behalf of the pods scheduled on the node.
The kubelet performs [[Kubernetes_Container_Image_Pull_Concepts#Overview|image pulling]] on behalf of the pods scheduled on the node. <font color=darkgray>Verify this, the container runtime says [[Kubernetes_Container_Runtime_Concepts#Container_Runtime|it does image pulling]].</font>
 
=Metrics Collection=
=Metrics Collection=
The kubelet keeps track of constituent containers for each pod and fetches individual container usage statistics from the container runtime through the [[Kubernetes_Container_Runtime_Concepts#Container_Runtime_Interface_.28CRI.29|Container Runtime Interface]]. The kubelet also fetches this information from the integrated <span id='cAdvisor'></span>cAdvisor for the legacy Docker integration. cAdvisor runs in the host network namespace. Finally, the kubelet gathers node-level metrics. It then exposes the aggregated pod resource usage statistics to the [[Kubernetes Metrics Server#Overview|metrics server]], which in turn exposes these statistics via the [[Metrics_in_Kubernetes#Resource_Metrics_API|Resource Metrics API]]. The API is served at <code>/metrics/resource/v1beta1</code> on the kubelet's authenticated and read-only ports. kubelet also exposes metrics in <code>/metrics/cadvisor</code> and <code>/metrics/probes</code>.
=Authentication/Authorization=
{{External|https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/}}
=API Access=
{{External|https://www.deepnetwork.com/blog/kubernetes/2020/01/13/kubelet-api.html}}
Port: 10250
<syntaxhighlight lang='bash'>
</syntaxhighlight>

Latest revision as of 00:29, 16 November 2021

External

Internal

Overview

Each node runs an agent called kubelet, which is responsible with the node's registration with the cluster. Once a node is registered, its CPU, RAM and storage are pooled into the wider cluster pools of corresponding resources. The kubelet is part of the control plane and acts as a bridge between the Kubernetes master and the node, managing the pods and containers running on the machine it is installed on. The kubelet is watching the API server for work (pod) assignments and attempts to run them. If it is not successful for any reason, it reports the condition back to the API server. The task of actually running the pods is delegated to the local container runtime. The kubelet maintains a cache, and takes part in resource metrics collection. The kubelet has a HTTPS endpoint that exposes APIs which give access to metrics and other data, and also allow perform operations on the node and within containers. The kubelet is also in charge with managing the static pods deployed in its node.

Container Creation, State Monitoring and Restart

Once the scheduler assigns a pod to a node, the kubelet starts creating containers for the pod, using the node's container runtime. The kubelet then tracks pods' containers states and may restart failed containers, depending on the pod configuration.

Container Probe Execution

The kubelet executes container probes.

Cache

The kubelet has a cache it uses to serve various values to the node. For example, the secrets projected as files in pods running on the node are served from this cache. The cache characteristics are configurable. The cached values can be propagated via watch (default), ttl-based or simply redirecting all requests to the API server.

Image Pulling

The kubelet performs image pulling on behalf of the pods scheduled on the node. Verify this, the container runtime says it does image pulling.

Metrics Collection

The kubelet keeps track of constituent containers for each pod and fetches individual container usage statistics from the container runtime through the Container Runtime Interface. The kubelet also fetches this information from the integrated cAdvisor for the legacy Docker integration. cAdvisor runs in the host network namespace. Finally, the kubelet gathers node-level metrics. It then exposes the aggregated pod resource usage statistics to the metrics server, which in turn exposes these statistics via the Resource Metrics API. The API is served at /metrics/resource/v1beta1 on the kubelet's authenticated and read-only ports. kubelet also exposes metrics in /metrics/cadvisor and /metrics/probes.

Authentication/Authorization

https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet-authentication-authorization/

API Access

https://www.deepnetwork.com/blog/kubernetes/2020/01/13/kubelet-api.html

Port: 10250