The kubelet is the agent on each node that ensures containers described in PodSpecs are running and healthy. It communicates with the container runtime to start and stop containers.
kubectl get pods -n kube-system -l k8s-app=kube-proxy on a healthy cluster?The command lists pods labeled with k8s-app=kube-proxy in the kube-system namespace. On a healthy cluster, kube-proxy pods run on each node and show status 'Running'.
The file /var/lib/kubelet/kubeadm-flags.env contains KUBELET_EXTRA_ARGS with the --container-runtime-endpoint flag, which is loaded by the kubelet systemd service.
kube-proxy manages access to Services (ClusterIP, NodePort, LoadBalancer). Direct pod-to-pod IP communication between nodes is handled by the CNI network plugin (e.g., Calico, Flannel). This symptom typically indicates a CNI issue, such as disabled IP forwarding (net.ipv4.ip_forward=0).
Kubernetes recommends containerd as the default container runtime because it is lightweight, stable, and directly supported by the Kubernetes community.