9 Running Pods: How the kubelet works

This chapter covers

Learning what the kubelet does and how it’s configured
Connecting container runtimes and launching containers
Controlling the Pod’s life cycle
Understanding the CRI
Looking at the Go interfaces inside the kubelet and CRI

The kubelet is the workhorse of a Kubernetes cluster, and there can be thousands of kubelets in a production data center, as every node runs the kubelet. In this chapter, we’ll go through the internals of what the kubelet does and precisely how it uses the CRI (Container Runtime Interface) to run containers and manage the life cycle of workloads.

One of the kubelet’s jobs is to start and stop containers, and the CRI is the interface that the kubelet uses to interact with container runtimes. For example, containerd is categorized as a container runtime because it takes an image and creates a running container. The Docker engine is a container runtime, but it is now depreciated by the Kubernetes community in favor of containerd, runC, or other runtimes.

Note

We want to thank Dawn Chen for allowing us to interview her about the kubelet. Dawn is the original author of the kubelet binary and is currently one of the leads of the Node Special Interest Group for Kubernetes. This group maintains the kubelet codebase.

9.1 The kubelet and the node

9.2 The core kubelet

9.2.1 Container runtimes: Standards and conventions

9.2.2 The kubelet configurations and its API

9.3 Creating a Pod and seeing it in action

9.3.1 Starting the kubelet binary

9.3.2 After startup: Node life cycle

9.3.3 Leasing and locking in etcd and the evolution of the node lease

9.3.4 The kubelet’s management of the Pod life cycle

9.3.5 CRI, containers, and images: How they are related

9.3.6 The kubelet doesn’t run containers: That’s the CRI’s job

9.3.7 Pause container: An “aha” moment

9.4 The Container Runtime Interface (CRI)