I have a K8s cluster created in the context of the Linux Foundation's CKAD course (LFD259). So it is a "bare metal" cluster created with kubeadm.
So I have a metrics-server deployment running on the worker node:
student@master:~$ k get deployments.apps metrics-server -o yaml | grep -A10 args
- args:
- --secure-port=4443
- --cert-dir=/tmp
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
- --kubelet-insecure-tls
image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
student@master:~$ k get pod metrics-server-6894588c69-fpvtt -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
metrics-server-6894588c69-fpvtt 1/1 Running 0 4d15h 192.168.171.98 worker <none> <none>
student@master:~$
It is my understanding that the pod's process runs inside a container running on the worker node. However, I am completely puzzled by the fact that the linux ps
command "sees" it:
student@worker:~$ ps aux | grep kubelet-preferred-address-types
ubuntu 1343092 0.3 0.6 752468 49612 ? Ssl Oct28 20:25 /metrics-server --secure-port=4443 --cert-dir=/tmp --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --kubelet-use-node-status-port --metric-resolution=15s --kubelet-insecure-tls
student 3310743 0.0 0.0 8184 2532 pts/0 S+ 17:39 0:00 grep --color=auto kubelet-preferred-address-types
student@worker:~$
What am I missing?
A container is just a process running on your host with some isolation features enabled. The isolation only works in one way: a container can't see resources on your host, but your host has access to all the resources running in a container.
Because a container is just a process, it shows up in ps
(as do any processes that are spawned inside the container).
See e.g.: