Question 80493 in Docker Question posted in
The official documentation can be found here.

kubernetes – where is docker pull executed when starting a pod?

When deploying a pod to a kubernetes cluster, which node executes the docker pull command?

  • nodes: I assumed it is executed on whichever node the pod is assigned to, however pulling starts even if I have no docker installed on my nodes.
  • head: the docker configuration on the head node doesn’t effect pulling: I added some certificates for a private registry, which aren’t active when starting the pod, only when I directly interact with docker on the node.

So I’m confused: where is docker pull executed when starting a pod and how can I modify it’s configuration? (namely adding certificates)

Tags:

2

Answers


  1. 0

    PREMISE: the first step for installing Kubernetes is to have a container runtime active on all hosts in the cluster.

    Install a container runtime and kubeadm on all the hosts.

    https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/#preparing-the-hosts

    To run containers in Pods, Kubernetes uses a container runtime.
    By default, Kubernetes uses the Container Runtime Interface (CRI) to interface with your chosen container runtime.
    If you don’t specify a runtime, kubeadm automatically tries to detect an installed container runtime by scanning through a list of known endpoints.
    If multiple or no container runtimes are detected kubeadm will throw an error and will request that you specify which one you want to use.

    https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#installing-runtime

    Everything related to the container runtime is managed separately from the Kubernetes "resources".

    Only images are managed via YAML Kubernetes (Deployments/StatefulSet).

    https://kubernetes.io/docs/concepts/containers/images/

    To answer the other question, to download images from Private Registry Docker –> https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

    Login or Signup to reply.
  2. 0

    When a pod is deployed to a Kubernetes cluster, the container image specified in the pod specification is pulled by the kubelet running on the node where the pod is scheduled to run.

    The kubelet is responsible for managing the containers on a node, and it pulls container images from the specified container image repository (e.g., Docker Hub, Google Container Registry, etc.). The kubelet uses the container runtime (e.g., Docker, containerd, CRI-O, etc.) to pull the image.

    If you don’t have Docker installed on your nodes, it’s likely that you’re using a different container runtime such as containerd or CRI-O. The kubelet uses the configured container runtime to pull the container image.

    To modify the Docker configuration used by the kubelet, you can modify the Docker configuration file on each node where Docker is installed. This file is typically located at /etc/docker/daemon.json. You can add any required certificates to this file, and then restart the Docker daemon for the changes to take effect.

    Note that if you’re using a different container runtime, you’ll need to modify the configuration file for that runtime instead. For example, if you’re using containerd, you’ll need to modify the /etc/containerd/config.toml file.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search