When deploying a pod to a kubernetes cluster, which node executes the docker pull
command?
- nodes: I assumed it is executed on whichever node the pod is assigned to, however pulling starts even if I have no
docker
installed on my nodes. - head: the docker configuration on the head node doesn’t effect pulling: I added some certificates for a private registry, which aren’t active when starting the pod, only when I directly interact with docker on the node.
So I’m confused: where is docker pull
executed when starting a pod and how can I modify it’s configuration? (namely adding certificates)
2
Answers
PREMISE: the first step for installing Kubernetes is to have a container runtime active on all hosts in the cluster.
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#preparing-the-hosts
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime
Everything related to the container runtime is managed separately from the Kubernetes "resources".
Only images are managed via YAML Kubernetes (Deployments/StatefulSet).
https://kubernetes.io/docs/concepts/containers/images/
To answer the other question, to download images from Private Registry Docker –> https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
When a pod is deployed to a Kubernetes cluster, the container image specified in the pod specification is pulled by the kubelet running on the node where the pod is scheduled to run.
The kubelet is responsible for managing the containers on a node, and it pulls container images from the specified container image repository (e.g., Docker Hub, Google Container Registry, etc.). The kubelet uses the container runtime (e.g., Docker, containerd, CRI-O, etc.) to pull the image.
If you don’t have Docker installed on your nodes, it’s likely that you’re using a different container runtime such as containerd or CRI-O. The kubelet uses the configured container runtime to pull the container image.
To modify the Docker configuration used by the kubelet, you can modify the Docker configuration file on each node where Docker is installed. This file is typically located at
/etc/docker/daemon.json
. You can add any required certificates to this file, and then restart the Docker daemon for the changes to take effect.Note that if you’re using a different container runtime, you’ll need to modify the configuration file for that runtime instead. For example, if you’re using containerd, you’ll need to modify the
/etc/containerd/config.toml
file.