THREAD: What happens when you create a Pod in Kubernetes?
Spoiler: a surprisingly simple task reveals a complicated workflow that touches several components in the cluster.
Spoiler: a surprisingly simple task reveals a complicated workflow that touches several components in the cluster.
1/8
You are probably familiar with the first 4 steps:
1. kubectl sends the YAML to the API
2. The Pod is stored in etcd
3. The scheduler assigns a Node
At this point the Pod is etcd, but no in the node.
4. The kubelet starts creating the Pod.
You are probably familiar with the first 4 steps:
1. kubectl sends the YAML to the API
2. The Pod is stored in etcd
3. The scheduler assigns a Node
At this point the Pod is etcd, but no in the node.
4. The kubelet starts creating the Pod.
2/8
Next:
1. The kubelet delegates creating the container to the CRI
2. The kubelet delegates attaching the container to the network to the CNI
3. The CNI assigns an IP address
4. Probes are checked
5. The kubelet reports the IP address to the control plane
Next:
1. The kubelet delegates creating the container to the CRI
2. The kubelet delegates attaching the container to the network to the CNI
3. The CNI assigns an IP address
4. Probes are checked
5. The kubelet reports the IP address to the control plane
3/8
The Pod was created!
Kubernetes stops here unless that Pod is part of a Service.
If the Pod belongs to a Service, Kubernetes creates an endpoint — it concatenates the IP address and Port (targetPort) of the Pod.
The endpoint is added to the Endpoint (object).
The Pod was created!
Kubernetes stops here unless that Pod is part of a Service.
If the Pod belongs to a Service, Kubernetes creates an endpoint — it concatenates the IP address and Port (targetPort) of the Pod.
The endpoint is added to the Endpoint (object).
4/8
Wait… endpoint what?
In Kubernetes:
- endpoint is a 10.0.0.2:3000 (IP:port) pair
- Endpoint is a collection of endpoints (a list of IP:port pairs)
For every Service in the cluster, Kubernetes creates an Endpoint object with endpoints.
Confusing, isn't it?
Wait… endpoint what?
In Kubernetes:
- endpoint is a 10.0.0.2:3000 (IP:port) pair
- Endpoint is a collection of endpoints (a list of IP:port pairs)
For every Service in the cluster, Kubernetes creates an Endpoint object with endpoints.
Confusing, isn't it?
5/8
The endpoints (IP:port) are used by:
- kube-proxy to set iptables rules
- CoreDNS to update the DNS entries
- Ingress controllers to set up downstreams
- Service meshes
- More operators
As soon as an endpoint is added, the components are notified.
The endpoints (IP:port) are used by:
- kube-proxy to set iptables rules
- CoreDNS to update the DNS entries
- Ingress controllers to set up downstreams
- Service meshes
- More operators
As soon as an endpoint is added, the components are notified.
6/8
When the endpoint (IP:port) is propagated, you can finally start using the Pod!
Can you guess what happens when you delete a Pod?
🤔
The same process but in reverse.
Which is annoying because there are a few opportunities for race conditions.
When the endpoint (IP:port) is propagated, you can finally start using the Pod!
Can you guess what happens when you delete a Pod?
🤔
The same process but in reverse.
Which is annoying because there are a few opportunities for race conditions.
7/8
If you liked this thread, you might like the article that I'm writing for @learnk8s!
It goes into the details of how Pods are created, deleted and how to do graceful shutdown (without dropping connections)
Subscribe, don't miss it!
learnk8s.io/newsletter
If you liked this thread, you might like the article that I'm writing for @learnk8s!
It goes into the details of how Pods are created, deleted and how to do graceful shutdown (without dropping connections)
Subscribe, don't miss it!
learnk8s.io/newsletter
8/8
I also run 3-day Kubernetes courses this month!
If you want to level up your Kubernetes expertise you can sign up here: learnk8s.io/training
I also run 3-day Kubernetes courses this month!
If you want to level up your Kubernetes expertise you can sign up here: learnk8s.io/training
