Learn Kubernetes Basics

Concepts

Concepts
Overview
What is Kubernetes
Kubernetes Components
The Kubernetes API
Working with Kubernetes Objects
Understanding Kubernetes Objects
Kubernetes Object Management
Names
Namespaces
Labels and Selectors
Annotations
Field Selectors
Recommended Labels
Kubernetes Architecture
Nodes
Master-Node Communication
Concepts Underlying the Cloud Controller Manager
Containers
Images
Container Environment Variables
Runtime Class
Container Lifecycle Hooks
Workloads
Pods
Pod Overview
Pods
Pod Lifecycle
Init Containers
Pod Preset
Pod Topology Spread Constraints
Disruptions
Ephemeral Containers
Controllers
ReplicaSet
ReplicationController
Deployments
StatefulSets
DaemonSet
Garbage Collection
TTL Controller for Finished Resources
Jobs - Run to Completion
CronJob
Services, Load Balancing, and Networking
Endpoint Slices
Service
DNS for Services and Pods
Connecting Applications with Services
Ingress
Ingress Controllers
Network Policies
Adding entries to Pod /etc/hosts with HostAliases
IPv4/IPv6 dual-stack
Storage
Volumes
Persistent Volumes
Volume Snapshots
CSI Volume Cloning
Storage Classes
Volume Snapshot Classes
Dynamic Volume Provisioning
Node-specific Volume Limits
Configuration
Configuration Best Practices
Resource Bin Packing for Extended Resources
Managing Compute Resources for Containers
Pod Overhead
Assigning Pods to Nodes
Taints and Tolerations
Secrets
Organizing Cluster Access Using kubeconfig Files
Pod Priority and Preemption
Scheduling Framework
Security
Overview of Cloud Native Security
Scheduling
Kubernetes Scheduler
Scheduler Performance Tuning
Policies
Limit Ranges
Resource Quotas
Pod Security Policies
Cluster Administration
Cluster Administration Overview
Certificates
Cloud Providers
Managing Resources
Cluster Networking
Logging Architecture
Configuring kubelet Garbage Collection
Federation
Proxies in Kubernetes
Controller manager metrics
Installing Addons
Extending Kubernetes
Extending your Kubernetes Cluster
Extending the Kubernetes API
Extending the Kubernetes API with the aggregation layer
Custom Resources
Compute, Storage, and Networking Extensions
Network Plugins
Device Plugins
Operator pattern
Service Catalog
Poseidon-Firmament - An alternate scheduler

Edit This Page

Device Plugins

FEATURE STATE: Kubernetes v1.10 beta

Kubernetes provides a device plugin framework that you can use to advertise system hardware resources to the KubeletAn agent that runs on each node in the cluster. It makes sure that containers are running in a pod. .

Instead of customising the code for Kubernetes itself, vendors can implement a device plugin that you deploy either manually or as a DaemonSetEnsures a copy of a Pod is running across a set of nodes in a cluster. . The targeted devices include GPUs, high-performance NICs, FPGAs, InfiniBand adapters, and other similar computing resources that may require vendor specific initialization and setup.

Device plugin registration

The kubelet exports a Registration gRPC service:

service Registration {
	rpc Register(RegisterRequest) returns (Empty) {}
}

A device plugin can register itself with the kubelet through this gRPC service. During the registration, the device plugin needs to send:

Following a successful registration, the device plugin sends the kubelet the list of devices it manages, and the kubelet is then in charge of advertising those resources to the API server as part of the kubelet node status update. For example, after a device plugin registers hardware-vendor.example/foo with the kubelet and reports two healthy devices on a node, the node status is updated to advertise that the node has 2 “Foo” devices installed and available.

Then, users can request devices in a Container specification as they request other types of resources, with the following limitations:

Suppose a Kubernetes cluster is running a device plugin that advertises resource hardware-vendor.example/foo on certain nodes. Here is an example of a pod requesting this resource to run a demo workload:

---
apiVersion: v1
kind: Pod
metadata:
  name: demo-pod
spec:
  containers:
    - name: demo-container-1
      image: k8s.gcr.io/pause:2.0
      resources:
        limits:
          hardware-vendor.example/foo: 2
#
# This Pod needs 2 of the hardware-vendor.example/foo devices
# and can only schedule onto a Node that's able to satisfy
# that need.
#
# If the Node has more than 2 of those devices available, the
# remainder would be available for other Pods to use.

Device plugin implementation

The general workflow of a device plugin includes the following steps:

  service DevicePlugin {
        // ListAndWatch returns a stream of List of Devices
        // Whenever a Device state change or a Device disappears, ListAndWatch
        // returns the new list
        rpc ListAndWatch(Empty) returns (stream ListAndWatchResponse) {}

        // Allocate is called during container creation so that the Device
        // Plugin can run device specific operations and instruct Kubelet
        // of the steps to make the Device available in the container
        rpc Allocate(AllocateRequest) returns (AllocateResponse) {}
  }

Handling kubelet restarts

A device plugin is expected to detect kubelet restarts and re-register itself with the new kubelet instance. In the current implementation, a new kubelet instance deletes all the existing Unix sockets under /var/lib/kubelet/device-plugins when it starts. A device plugin can monitor the deletion of its Unix socket and re-register itself upon such an event.

Device plugin deployment

You can deploy a device plugin as a DaemonSet, as a package for your node’s operating system, or manually.

The canonical directory /var/lib/kubelet/device-plugins requires privileged access, so a device plugin must run in a privileged security context. If you’re deploying a device plugin as a DaemonSet, /var/lib/kubelet/device-plugins must be mounted as a VolumeA directory containing data, accessible to the containers in a pod. in the plugin’s PodSpec.

If you choose the DaemonSet approach you can rely on Kubernetes to: place the device plugin’s Pod onto Nodes, to restart the daemon Pod after failure, and to help automate upgrades.

API compatibility

Kubernetes device plugin support is in beta. The API may change before stabilization, in incompatible ways. As a project, Kubernetes recommends that device plugin developers:

If you enable the DevicePlugins feature and run device plugins on nodes that need to be upgraded to a Kubernetes release with a newer device plugin API version, upgrade your device plugins to support both versions before upgrading these nodes. Taking that approach will ensure the continuous functioning of the device allocations during the upgrade.

Monitoring Device Plugin Resources

FEATURE STATE: Kubernetes v1.13 alpha

In order to monitor resources provided by device plugins, monitoring agents need to be able to discover the set of devices that are in-use on the node and obtain metadata to describe which container the metric should be associated with. Prometheus metrics exposed by device monitoring agents should follow the Kubernetes Instrumentation Guidelines, identifying containers using pod, namespace, and container prometheus labels.

The kubelet provides a gRPC service to enable discovery of in-use devices, and to provide metadata for these devices:

// PodResourcesLister is a service provided by the kubelet that provides information about the
// node resources consumed by pods and containers on the node
service PodResourcesLister {
    rpc List(ListPodResourcesRequest) returns (ListPodResourcesResponse) {}
}

The gRPC service is served over a unix socket at /var/lib/kubelet/pod-resources/kubelet.sock. Monitoring agents for device plugin resources can be deployed as a daemon, or as a DaemonSet. The canonical directory /var/lib/kubelet/pod-resources requires privileged access, so monitoring agents must run in a privileged security context. If a device monitoring agent is running as a DaemonSet, /var/lib/kubelet/pod-resources must be mounted as a VolumeA directory containing data, accessible to the containers in a pod. in the plugin’s PodSpec.

Support for the “PodResources service” is in beta, and is enabled by default.

Device plugin examples

Here are some examples of device plugin implementations:

What's next

Feedback