🚀 How the Kubernetes Controller Manager Detects Cluster Changes and how Kubelet Works Under the Hood?
The Kubernetes Controller Manager (kube-controller-manager) is responsible for maintaining the desired state of the cluster. If something goes wrong (e.g., a Pod crashes, a Node fails, or a ReplicaSet loses a Pod), the Controller Manager automatically detects it and takes corrective actions.
🔹 How Does the Controller Manager Know Something Happened?
The Controller Manager continuously monitors cluster changes using:
✅ Watch Mechanism (API Server Watcher) – Watches for changes in cluster state.
✅ Event-Based Triggers – Reacts to events like Pod failures, Node failures, etc.
✅ Polling & Reconciliation Loops – Periodically checks the cluster state in etcd.
🔍 It doesn’t directly watch the cluster but depends on the kube-apiserver to get updates!
🔹 Step-by-Step: How It Detects Issues & Fixes Them
1️⃣ The API Server Continuously Watches the Cluster
The
kube-apiservercontinuously watches Pods, Nodes, Deployments, Services, etc.If anything changes, the API Server records it in
etcd.
2️⃣ The Controller Manager Watches API Server for Changes
The
kube-controller-managerwatches the API Server for state changes using the Watch API.If it detects a problem (e.g., a Pod is missing), it triggers the necessary controllers.
3️⃣ The Relevant Controller Takes Action
Different controllers inside
kube-controller-managertake action:Node Controller – Detects if a Node is down and marks it
NotReady.Replication Controller – Detects missing Pods and recreates them.
Service Controller – Manages Service Endpoints and networking.
Job Controller – Ensures batch jobs are completed.
4️⃣ Reconciliation: Bringing Back the Desired State
If a Pod crashes, the Replication Controller sees the discrepancy (
desired replicas ≠ actual replicas).It then recreates the missing Pod on an available Node.
This ensures the cluster self-heals without manual intervention.
🔹 Example Scenario: Pod Failure Recovery
🔍 What Happens When a Pod Crashes?
1️⃣ A running Pod crashes due to an application failure.
2️⃣ The API Server detects that the Pod has stopped running.
3️⃣ The Replication Controller (inside kube-controller-manager) detects the Pod is missing.
4️⃣ It creates a new Pod to match the desired state.
5️⃣ The new Pod gets scheduled on an available Worker Node.
📝 Example: Checking Controller Logs
kubectl get events --sort-by=.metadata.creationTimestamp
This will show events like Pod restarts, node failures, rescheduling, etc.
🔹 How Does Kubernetes Handle Node Failures?
🔍 What Happens If a Node Fails?
1️⃣ The Node Controller (inside kube-controller-manager) continuously checks Node health.
2️⃣ If a Node fails to report back within 40 seconds, it is marked as NotReady.
3️⃣ If the Node remains unresponsive for 5 minutes, the Controller evicts all Pods on that Node.
4️⃣ The Replication Controller reschedules the evicted Pods on healthy nodes.
📝 Check Node Status
kubectl get nodes
If a node is down, it will show as NotReady.
🔹 How Does Kubernetes Handle Deployment Scaling?
1️⃣ You increase replicas in a Deployment (kubectl scale deployment my-app --replicas=5).
2️⃣ The API Server updates etcd with the new desired state.
3️⃣ The Replication Controller detects the difference and creates new Pods.
4️⃣ The Scheduler assigns the new Pods to worker nodes.
🔹 Kubernetes Watch Mechanism (Why No Need for Polling?)
Kubernetes does NOT continuously poll the cluster for changes (which would be inefficient).
Instead, it uses an Event-Driven Watch API mechanism.
Whenever something changes, the API Server notifies controllers in real-time.
🚀 How Kubelet Works Under the Hood?
Kubelet is the core agent running on each Kubernetes Worker Node. It ensures that Pods and their containers are running as expected. Kubelet continuously communicates with the Kubernetes API Server to get Pod definitions, monitor their health, and restart them if necessary.
🔹 1. What is Kubelet?
Kubelet is a lightweight daemon running on each worker node. It:
✅ Registers the node with the Kubernetes API Server.
✅ Continuously monitors assigned Pods and ensures they match the desired state.
✅ Interacts with the Container Runtime (Docker, containerd, CRI-O) to start & stop containers.
✅ Sends heartbeat signals to the API Server to report node health.
✅ Collects Pod logs & metrics for monitoring.
🔹 Without Kubelet, Pods wouldn't start, stop, or restart!
🔹 2. How Kubelet Works – Step-by-Step
1️⃣ Node Registration: Kubelet Joins the Cluster
1️⃣ When a new Worker Node boots up, kubelet registers the node with the Kubernetes cluster via the API Server.
2️⃣ It reports node information (CPU, memory, network status).
3️⃣ The API Server adds the node to the cluster and marks it as Ready.
📝 Check Node Registration Logs
journalctl -u kubelet -f
🔹 Without Kubelet, a node cannot be part of the Kubernetes cluster!
2️⃣ Pod Lifecycle Management
1️⃣ Kubelet continuously watches for new Pod assignments.
The API Server assigns Pods to the worker node.
Kubelet fetches the Pod details from the API Server.
2️⃣ Kubelet instructs the Container Runtime to start the containers.
It pulls the required container images (from Docker Hub, AWS ECR, etc.).
It starts the containers inside the Pod.
3️⃣ Kubelet monitors Pod health and restarts failed containers.
- It uses liveness probes & readiness probes to check if the container is healthy.
📝 Check Running Pods
kubectl get pods -o wide
🔹 Without Kubelet, Pods wouldn’t start, and Kubernetes wouldn't know their status!
3️⃣ Health Monitoring & Self-Healing
Kubelet continuously monitors container health using probes: ✅ Liveness Probe – Checks if the container is alive; if not, Kubelet restarts it.
✅ Readiness Probe – Checks if the container is ready to receive traffic.If a container crashes, Kubelet automatically restarts it based on the restart policy.
📝 Example: Check Kubelet Restarting a Failed Pod
kubectl describe pod my-pod
🔹 Without Kubelet, failed Pods wouldn’t be restarted!
4️⃣ Node Health Monitoring
1️⃣ Kubelet sends heartbeats to the API Server every few seconds.
2️⃣ If a node stops responding for 40 seconds, it is marked NotReady.
3️⃣ If a node is down for 5 minutes, Kubernetes evicts its Pods and reschedules them elsewhere.
📝 Check Node Health
kubectl get nodes
If a node is unhealthy, it will show as NotReady.
🔹 Without Kubelet, Kubernetes wouldn’t know if a node is down!
5️⃣ Logging & Monitoring
Kubelet collects logs from running containers.
Sends logs to logging systems (Fluentd, ELK, Prometheus).
Helps in troubleshooting and monitoring cluster performance.
📝 Check Kubelet Logs
journalctl -u kubelet -f
🔹 Without Kubelet, we wouldn’t get container logs for debugging!
🔹 3. How Kubelet Interacts with Other Kubernetes Components
| Component | Kubelet’s Role |
| API Server | Fetches Pod specs, reports health status |
| Container Runtime | Starts, stops, and monitors containers |
| Scheduler | Receives assigned Pods from the Master |
| Networking (CNI) | Works with CNI plugins (Calico, Flannel) for Pod networking |
| Logging Systems | Collects container logs for monitoring |
🔥 Summary: How Kubelet Works Internally
✅ Registers the node with the API Server.
✅ Manages Pods and starts/stops containers via the Container Runtime.
✅ Monitors container health and restarts failed containers.
✅ Sends node heartbeats to the API Server to report health.
✅ Collects logs & metrics for monitoring.
🚀 Kubelet is the heart of every Kubernetes worker node! 💡
🔥 Summary: How the Controller Manager Detects and Fixes Cluster Issues
✅ The API Server continuously watches all resources and records changes in etcd.
✅ The Controller Manager listens to the API Server for changes.
✅ If the actual state ≠ desired state, the relevant controller takes action.
✅ Self-Healing: If a Pod, Node, or Service fails, Kubernetes automatically fixes it.
✅ No polling needed! Kubernetes is event-driven and uses the Watch API for efficiency.
The Kubernetes Controller Manager is like a team of auto-pilots constantly keeping your cluster healthy! 💡