I have just installed my kubernetes cluster on azure using AKS. I have not installed anything and I noticed that the 'tunnelfront' pod was running:
I have tried to find out what this pod is for and why it is running on my cluster, cannot find any reasons for it being there. I used kubectl to describe the pod:
Name: tunnelfront-597b4868b8-8rz4w
Namespace: kube-system
Node: aks-agentpool-22029027-0/10.240.0.5
Start Time: Mon, 07 May 2018 19:51:22 +0200
Labels: component=tunnel
pod-template-hash=1536042464
Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"kube-system","name":"tunnelfront-597b4868b8","uid":"d46dab68-449e-11e8-961c-0a58a...
Status: Running
IP: 10.244.1.72
Controlled By: ReplicaSet/tunnelfront-597b4868b8
Containers:
tunnel-front:
Container ID: docker://a69b8d6dcaef7253d41d44fbd57fd776a0dfbf70dbbbb8303a691bebab169c26
Image: dockerio.azureedge.net/deis/hcp-tunnel-front:v1.9.2-v3.0.3
Image ID: docker-pullable://dockerio.azureedge.net/deis/hcp-tunnel-front@sha256:378db6f97778c6d86de94f72573a97975cd7b5ff6f1f02c1618616329fd94f1f
Port: <none>
Host Port: <none>
State: Running
Started: Tue, 15 May 2018 09:40:10 +0200
Last State: Terminated
Reason: Error
Exit Code: 137
Started: Mon, 07 May 2018 19:56:15 +0200
Finished: Tue, 15 May 2018 09:40:09 +0200
Ready: True
Restart Count: 1
Liveness: exec [/lib/tunnel-front/check-tunnel-connection.sh] delay=10s timeout=1s period=10s #success=1 #failure=12
Environment:
OVERRIDE_TUNNEL_SERVER_NAME: t_XXXXXX-66f17513.hcp.westeurope.azmk8s.io
KUBE_CONFIG: /etc/kubernetes/kubeconfig/kubeconfig
Mounts:
/etc/kubernetes/certs from certificates (ro)
/etc/kubernetes/kubeconfig from kubeconfig (ro)
/var/run/secrets/kubernetes.io/serviceaccount from default-token-xkj92 (ro)
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
Volumes:
kubeconfig:
Type: HostPath (bare host directory volume)
Path: /var/lib/kubelet
HostPathType:
certificates:
Type: HostPath (bare host directory volume)
Path: /etc/kubernetes/certs
HostPathType:
default-token-xkj92:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-xkj92
Optional: false
QoS Class: BestEffort
Node-Selectors: beta.kubernetes.io/os=linux
Tolerations: node.alpha.kubernetes.io/notReady:NoExecute for 300s
node.alpha.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Warning Unhealthy 1m (x54 over 7d) kubelet, aks-agentpool-22029027-0 Liveness probe failed:
I can see that the image is from deis
, but I have not installed helm
or any such tool. What is TunnelFront? And do I need it?
tunnelfront
is an AKS system component that's installed on every cluster that helps to facilitate secure communication from your hosted Kubernetes control plane and your nodes. It's needed for certain operations like kubectl exec
, and will be redeployed to your cluster on version upgrades (note that the tunnelfront version matches the cluster version).
If you run into problems with tunnelfront, please do file an issue on https://github.com/Azure/AKS/issues