chapter ten

10 kubelet and CRI

 

This chapter covers:

  • How kubelet launches containers
  • A look at specific runtimes, such as containerd
  • How the container runtime interface (CRI) has evolved as an abstraction for starting containers
  • kubelet internal functions

Kubelet is the workhorse of a Kubernetes cluster, and there may be thousands of kubelets in a production data center. In this chapter, we’ll go through the internals of what kubelets do, and precisely how they leverage the container runtime interface (CRI) to run containers and manage the lifecycle of workloads.

Note

We want to thank Dawn Chen for allowing us to interview her about kubelet. Dawn is the original author of the kubelet binary and is currently one of the leads of the Kubernetes Node Special Interest Group. This group maintains the kubelet code base.

10.1  kubelet and the Node

Each of the Nodes, including the control plane in the following figure, has a kubelet installed.

Figure 10.1. Basic cluster
Basic Cluster

10.2  Container runtimes: standards and conventions

10.3  Linux primitives + containerd = kubelet

10.4  kubelet in depth

10.4.1  What happens when you start up a kubelet

10.4.2  After startup: Node lifecycle

10.4.3  Leasing and locking in etcd, and the evolution of the node-lease

10.4.4  kubelet’s management of Pod lifecycle

10.5  CRI, Containers and images: How are they related?

10.5.1  kubelet doesn’t run containers: That is CRI’s job

10.5.2  Pause container: An ah-ha moment

10.6  The Container Runtime Interface

10.6.1  Two options tell Kubernetes where your container runtime lives

10.6.2  The CRI routines

10.6.3  kubelet’s abstraction around CRI: The GenericRuntimeManager

10.6.4  How is the CRI invoked?

10.7  kubelet’s interfaces