Kubernetes kubelet hard core knowledge architecture

controller-manager Contains a set of controllers , It is the brain of the whole cluster , Each controller will pay attention to its own object , There will be a fixed mode in these controllers , Each controller will pass list watcher, Go to watch What it focuses on , When these objects change , In the form of event notification , inform controller,controller The callback function of these events will be registered , And put these events in a queue , At the same time, I will start a pile worker Threads , To take these objects out of the queue , And carry out relevant processing .

in other words , When reading any one controller manager Code for , You can apply the same idea to other controller Inside .

A component called kubelet.

Kubelet framework

It is such a component that undertakes many responsibilities .

At the top , It will provide a api layer , This api There will be a lot of responsibilities , For example, do your own exploration , And how to report business indicators , It's all through api, You can see that it works on different ports and has listeners , Take on different responsibilities .

In the middle is kubelet It runs one by one manager, You can understand it as a small manager with independent responsibilities .

probemanager： It is for the node above pod Such a manager to do exploration ,liveless readyless probe, These explorations are made by kubelet launch ,kubelet Of probemanager It will read all the information on the current node probe The definition of , Then it will look at these probe Is there a definition of exploratory activity , If the attribute of probe activity is defined , that probemanager It will follow your definition interval Listen .

oomwatcher：kubelet It is the patron saint of the whole node , It's an agent , It is responsible for the life cycle of all applications , At the same time, it has the responsibility of containing the current normal work of the node , So it consists of oomwatcher To listen to , For example, the node appears oom problem , For example, some processes appear oom Error of ,oomwathcer Would pass oom This event to get these exceptions , And report to kubelet.

GPU manager： It's for management GPU And so on device, When there is... On the node GPU When it's stuck ,GPUmanager Is used to manage this GPU Card .

cadvisor： Is an independent open source software ,kubelet There will be embedded cadvisor, It is actually based on cgroup Technology to obtain the resource status of the application running on the node , The whole cluster is monitored by cadvisor Collected , And through kubelet Reported .

diskspacemanager： The disk space size of this node , Include each application , You went up to the temporary space , Are you super , from diskspacemanager To manage .

statusmanager： Used to manage the state of nodes .

evictionmanager：kubelet It is the patron saint of this node , It will listen to all on the current node pod The resources consumed , Like memory , Memory is an incompressible resource , Compressible resources cpu,cpu It is based on time-sharing multiplexing , When you have multiple processes to grab cpu When , Anyway, we will divide according to the negotiated proportion cpu Time slice , When there is competition , Damage at most , Will not exit abnormally . But memory is different , Memory is an incompressible resource , For memory ,kubelet Will do more radical actions ,eviction,evictionmanager It is the component that bears this responsibility . It will monitor the resource usage of the current node , If it finds that the memory has reached a water level , such as 10g Memory used 9g, If this situation is not stopped , Then the whole node may be affected .evictionmanager Will monitor the water level , When the memory reaches a certain level , It will expel , It will follow the established strategy to put low priority businesses , And it takes up a lot of memory , These processes that exceed their preset values are expelled , Also is to pod Delete from this node . Protect the whole node in this extreme way .

volumemanager：pod Start to mount the disk , To mount the storage volume , This is by volumemanager To do .

imagegc： If my node keeps launching applications , Each application needs to pull its own image, If I don't do some cleaning , This will lead to the image More and more , Fill the disk , So-called imagegc I will scan some inactive images , Remove these images .

containegc Is that your process may exit , It will have a exit Of container, This container In fact, its file layer is not cleaned up , So-called container gc It will clear these exiting containers .

imagemanager： Is to do image management .

certificatesmanager：kubelet Ability to have a visa , When we need kubelet When you manage certificates ,certificatesmanager It can work .

There's another one in the middle syncgroup, So-called syncgroup Controller mode again , It's going to watch A bunch of objects , That is, the of the current node pod object ,syncgroup After finishing , A pile of worker,pod worker That's when I syncgroup Received pod Change notice of , So this podworker Will go to work , That is to maintain pod Life cycle of .

kubelet To monitor apiserver To get the current node pod detailed list , obtain pod After the list , And then you get pod detailed list , Every pod Are notification events one by one , then podworker Will handle these events .

It will call cri, Then get the current node pod Is the corresponding container in the startup state . If not started , Then he will start these container processes , Pull up this application , It's through cri The interface of .

cri Interfaces are traditionally through dockershim To do , But as the kubernetes The architecture is constantly upgraded , It's abandoned docker-shim This line , It decided not to support the more bloated dokcer shim, But through remote container interface, Such as through containerd, perhaps cri To support the entire runtime .