"Kubernetes/k8s Source Analysis" Kubelet Source analysis-start operation and information processing

Kubelet runs a kubelet service process on each node, listens to port 10250 by default, receives and executes commands from master, and manages containers in pod and pod. Each kubelet process registers the node's own information on the API server, periodically reports the resource usage of the node to the master node, and monitors the nodes and container resources through Cadvisor. Node management node management is mainly node self-registration and Node State Update: Kubelet can determine whether to register itself with API server by setting the startup parameter--register-node, if Kubelet does not select from registration mode, You need the user to configure node resource information, and you need to tell the location of the API server on the Kubelet cluster, kubelet to register the node information through API server at startup, and periodically send node new messages to API server, API When the server receives a new message, it writes the information to ETCD--api-server//Set up the API server location--kubeconfig//Set the certificate to access the API server--cloud-provider// How to read the relevant metadata from the cloud service--node-status-update-frequency//reporting time to API server, default 10s
Container Health Check Kubelet periodically invokes the Livenessprobe probe in the container to diagnose the health of the container. Livenessprobe contains the following three implementations: execaction: Executes a command inside the container, indicating that the container is healthy if the command's exit status code is 0; Tcpsocketaction: Performs a TCP check through the container's IP address and port number. If the port can be accessed, the container is healthy; Httpgetaction: Calls the HTTP GET method through the container's IP address and port number and path, if the response state code is greater than or equal to 200 and less than 400, the container state is considered healthy. Brief Introduction

In the Kubernetes cluster, a kubelet process is started for each node nodes. Used to handle the tasks assigned to the master node, manage pod and container in pod. Each Kubelet process registers node information with the Apiserver, periodically reports resource usage to the master node, and monitors the container and node resources through Cadvise.

--node-sync-period: Sets the time period for synchronization--register-node parameter is set to True (default is True), Kubelet registers itself with Apiserver--kubeconfig: landing apiserver Required Directory--api-servers:apiserver address of credential/certificate

Key Structure

Type kubeletconfiguration struct slightly too much content

  type  Pod  struct  {metav1.
       Typemeta ' JSON:, inline '//Standard object ' s metadata. More Info:https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata//+optional Metav 1.ObjectMeta ' JSON: "Metadata,omitempty" Protobuf: "Bytes,1,opt,name=metadata" '//specification of the desired Beha
       Vior of the pod.
       More Info:https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status//+optional Spec Podspec ' JSON: "Spec,omitempty" Protobuf: "Bytes,2,opt,name=spec" '//Most recently observed status of the PO
       D.//This The data may isn't up to date.
       populated by the system.
       Read-only.
       More Info:https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status//+optional Status podstatus ' json: ' Status,omitempty ' protobuf: ' Bytes,3,opt,name=status '} 

is a collection of containers running on a host that is created and dispatched via the client to the hosts

one. Kubelet START process main entrance

Cmd/kubelet/kubelet.go source code is as follows:

FuncMain () {
       s: = options. Newkubeletserver ()
       s.addflags (pflag.commandline)

       flag. Initflags ()
       logs. Initlogs ()
       logs. Flushlogs ()

       Verflag. printandexitifrequested ()

       s.experimentaldockershim {
              err: = App. Rundockershim (&s.kubeletconfiguration, &s.containerruntimeoptions); Err!= Nil {
                     FMT. fprintf (OS. Stderr, "Error:%v\n", err)
                     OS. Exit (1)
              }

       err: = App. Run (s, nil); Err!= Nil {
              FMT. fprintf (OS. Stderr, "Error:%v\n", err)
              OS. Exit (1)
       }
}

Options. Newkubeletserver (): Creates an initialization verflag for kubeletserver structure logs. Printandexitifrequested (): Determines whether the parameter is help, and if so, direct print help exits. Finally, the key function app. Run (s, nil) Run Interface

funcRun (S *options. Kubeletserver, Kubedeps *kubelet. Kubeletdeps) (err Error) {//todo:this should is replaced by a--standalone flag standalonemode: = (len (s). apiserverlist) = = 0 &&!s.requirekubeconfig)ifS.exitonlockcontention && S.lockfilepath = "" { returnErrors. New ("Cannot exit on lock file Contention:no lock file specified") Does: = Make (Chan struct{})ifS.lockfilepath!= "" {glog.infof ("acquiring file lock on%q", S.lockfilepath)ifERR: = Flock. Acquire (S.lockfilepath); Err!= Nil { returnFmt. Errorf ("Unable to acquire file lock on%q:%v", S.lockfilepath, Err)}ifs.exitonlockcontention {glog.infof ("Watching for inotify events for:%v", S.lockfilepath)ifERR: = Watchforlockfilecontention (S.lockfilepath, done); Err!= Nil { returnERR}}//Set feature gates based on the value in Kubeletconfiguratio n Err = utilfeature. Defaultfeaturegate.set (S.kubeletconfiguration.featuregates)ifErr!= Nil { returnERR}

The whole process is a preliminary preparation, such as the preparation of some parameters. unsecuredkubeletdeps () interface

funcUnsecuredkubeletdeps (S *options. Kubeletserver) (*kubelet. Kubeletdeps, error) {//Initialize the TLS Options tlsoptions, err: = Initializetls (&s.kubeletflags, &A Mp;s.kubeletconfiguration)ifErr!= Nil { returnNil, err} mounter: = mount. New (S.experimentalmounterpath)varWriter Kubeio. Writer = &kubeio. stdwriter{}ifs.containerized {Glog. V (2). Info ("Running Kubelet in containerized mode (experimental)") Mounter = mount. Newnsentermounter () writer = &kubeio. nsenterwriter{}}varDockerclient Libdocker. InterfaceifS.containerruntime = = Kubetypes. dockercontainerruntime {dockerclient = Libdocker. Connecttodockerordie (S.dockerendpoint, S.runtimerequesttimeout.duration, S.imagepullprogressdeadline. Duration)}Else{dockerclient = nil} return&kubelet.  kubeletdeps{Auth:nil,//default does not enforce AUTH[NZ] Cadvisorinterface: Nil,//cadvisor. New launches background processes (BG http. Listenandserve, and some BG cleaners), not set here Cloud:nil,//Cloud provider might start B Ackground processes Containermanager:nil, dockerclient:dockerclient, K Ubeclient:nil, Externalkubeclient:nil, Mounter:mounter, Ne Tworkplugins:probenetworkplugins (S.networkplugindir, S.cniconfdir, S.cnibindir), Oomadjuster:oo M.newoomadjuster (), Osinterface:kubecontainer. realos{}, Writer:writer, Volumeplugins:probevolumeplugins (s.volumeplugindir ), Tlsoptions:tlsoptions,}, nil}

Initializing the TLS certificate what Kubelet may be deployed as a container, need to configure standard output, if deployed into a container, there will be namespace quarantine issues, resulting in kubelet cannot access the Docker container namespace, so this will be judged, If you are running in a container, you need to use Nsenter, which can assist in Kubelet to the specified namespace Run command. Return to Kuneletdeps structure body
two. Kubelet Operation
Inside the Runkubelet, we see that it will eventually call the Startkublet function

  func    runkubelet (kubeflags *options. Kubeletflags, Kubecfg *componentconfig. Kubeletconfiguration, Kubedeps *kubelet.

       Kubeletdeps, runOnce bool, standalonemode bool) error {...............
       Process pods and exit.
                      if  runOnce { If  _, Err: = K.runonce (Podcfg.updates ()); Err!= Nil {  return  FMT. Errorf ("RunOnce failed:%v", err)} glog. Infof ("started Kubelet%s as RunOnce", version. Get (). String ())}  else  {startkubelet (k, podcfg, Kubecfg, Kubedeps) glog. Infof ("Started Kubelet%s", version. Get (). String ())}  return  nil} 

Run Kubelet main launch two functions, K.run () to enter the main loop, the execution of a pipeline, will be sent in real time the latest configuration information is K.run (Podcfg.updates ()), K.listenandserve () Start Kubele      API Services for T. Run's code is as follows:

func(KL *kubelet) Run (Updates <-ChanKubetypes. Podupdate) {//init modulers, such as Imagemanager, Containermanager, Oomwathcer, ResourceanalyzerifERR: = Kl.initializemodules (); Err!= Nil {kl.recorder.Eventf (kl.noderef, v1. Eventtypewarning, events. Kubeletsetupfailed, Err. Error ()) Glog. Error (Err) Kl.runtimeState.setInitError (ERR)}//Start volume Manager GoKl.volumeManager.Run (Kl.sourcesready, wait.) Neverstop)//Start up, update node status periodically to ApiserverifKl.kubeclient!= Nil {//Start syncing node status immediately, this could set up things the runtime to Run. GoWait. Until (Kl.syncnodestatus, Kl.nodestatusupdatefrequency, wait.) Neverstop)}//Up, timed synchronization network status GoWait. Until (Kl.syncnetworkstatus, 30*time. Second, wait. Neverstop) GoWait. Until (Kl.updateruntimeup, 5*time. Second, wait. Neverstop)