I have a basic question guys related to image pull and run in kubernetes. Under . . .

biraj mishra:
I have a basic question guys related to image pull and run in kubernetes.

Understand that when we fire Kubectl run command, the image is pulled from docker hub and the pod is created. Which process/service is responsible for downloading the image from docker hub? Is it done by master process or worker process?

Daz Mac:
It depends where the image is being deployed to master or worker. This is done by the container runtime i believe - containerd, crio or docker.

biraj mishra:
Thanks for the response.

I have a 2 part followup question. I assume all workload will run on worker only. isn’t that the case ?

2. Let’s say in some case where the workload image may run in master nodes, then who downloads the image from docker hub, as container runtime is a part of worker process.

Daz Mac:
Kubelet manages the pull of the image (i believe using container runtime under the hood) and it runs on both master and worker and container runtime also runs on both master and workers.

Normally taints are used on the master so that workloads run only on workers. You can remove the taint and schedule workloads on the master (not recommended for production)

biraj mishra:
okay, but i am still not sure if kubelet runs in master. may be lack of my knowledge, as i am still learning it.

As per my understanding
Every worker nodes in K8s needs to have 3 worker processes

1. CONTAINER RUNTIME - for letting the container run
2. KUBELET - for initialising pods and assigning resources.
3. KUBE PROXY - between service and pods.

Every master nodes has master processes.

1. API Server - Receives all the request from client and authenticates and processes it
2. SCHEDULER- responsible for identifying the worker node in which the pod has to be created , and invokes kubelet of that node.
3. CONTROLLER MANAGER - detects the change of state pods and tries to recover the stage.
4. ETCD - Brain of cluster (stores all data of the cluster in a key value pair ).

Daz Mac:
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/|https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/ and https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/|https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/

These 2 links are the install and configuration steps of a cluster using kubeadm.

Normally you do the following

1. Configure hosts (master or worker) for firewall rules, kernel settings etc…
2. Install container runtime (containerd, crio)
3. Install kubectl, kubeadm and kubelet (master and worker)
4. Initialise controlplane (master) with kubeadm
5. Join workers to controlplane
   You can see majority of steps are exactly the same irrespective of whether it is master or worker. Just the Initialise or join is different

Daz Mac:
Test it. Create the cluster and remove the taint and then schedule pod on master. Do a describe on the pod and see iirc it should say kubelet has pulled, started the pod

Daz Mac:
https://stackoverflow.com/questions/58481709/why-kubelet-is-running-on-kubernetes-master-node|https://stackoverflow.com/questions/58481709/why-kubelet-is-running-on-kubernetes-master-node

Daz Mac:
https://kubernetes.io/docs/concepts/overview/components/#node-components|https://kubernetes.io/docs/concepts/overview/components/#node-components

Daz Mac:
Last link says - “Node components run on every node, maintaining running pods and providing the Kubernetes runtime environment.”