Components of Kubernetes cluster Drumato

Attention: This slide was used in the club of our school.

References ● Kubernetes完全ガイド 第2版 ● Kubernetes Documentation ● 実践入門 Kubernetesカスタムコントローラーへの道 ● The Kubebuilder book ● Kubernetes API Reference Docs

Not Following... ● What are these? ○ Container ○ Docker ○ Kubernetes ● How to ... ○ construct k8s cluster ○ use kubectl ○ use built-in resources(e.g. Deployment) properly

Components of k8s cluster

Components of k8s cluster Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster ● A cluster is a set of worker nodes. ● Every worker node runs the Pods ● Kubernetes cluster consists of ○ C-plane components ■ may include an interface providing connection to Cloud provider API ○ Node components

Components of k8s cluster#C-plane Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster#C-plane ● C-plane has a responsibility to ○ manage worker node(s) ○ detect several events in a cluster ○ serve API to interconnect with cloud provider (optional) ■ AWS/GCE/OpenStack/etc ● esp, kube-apiserver is the core-system of it. ● In general, these components are deployed in a Node. ○ the node is known as "master node" ○ in prod, you should deploy C-plane comps to multiple machines(using Kubeadm or stuff)

Components of k8s cluster#kube-apiserver Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster#kube-apiserver ● exposes the Kubernetes API to cluster's outside ○ so it plays an important role as the front-end of C-plane comps. ● Note that kube-apiserver scales "horizontally" (not vertically) ○ this feature enables us to balance traffics between those instances ● kube-apiserver is the only component is connected with etcd. ○ other all components need to communicate with etcd through apiserver. ■ even if it is a C-plane component!

Components of k8s cluster#etcd Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster#etcd ● etcd is well known as "distributed key-value store" ● You can construct a "etcd cluster" ○ a consensus algorithm called "Raft" works in it ○ actually the number of nodes in cluster should be odd

Components of k8s cluster#kube-scheduler Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster#kube-scheduler ● kube-scheduler assigns a Pod to Node ● When a Pod is created newly, It's not determined where It deploys to yet. ● kube-scheduler detects some Pods they're not assigned any node yet ● And apply a scheduling algorithm, then a Node is selected.

Components of k8s cluster#k-c-m(stripped) Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster#k-c-m(stripped) ● A controller is a control loop that watches the state of clusters, nodes, and resources. ○ If a current state isn't desirable, a controller makes changes by requesting to kube-apiserver. ● k-c-m is a set of built-in controllers. ○ includes replicaset/deployment/service/etc

Components of k8s cluster#kubelet Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster#kubelet ● An agent that is in each Node. ● Start some Pods scheduled by kube-scheduler, by communicating with container-runtime. ○ You can deploy pods to a specified node by using a mechanism called "Static Pod".

Components of k8s cluster#container-runtime ● A software that is responsible for running containers ● Kubernetes support any implementation of CRI ○ Docker ○ containerd ○ CRI-O ● If you're operating a cluster in a multi-tenant network ○ preferred to use secure OCI runtime(e.g. kata-runtime)

Components of k8s cluster#kube-proxy Source: https://kubernetes.io/docs/concepts/overview/components/

Components of k8s cluster#kube-proxy ● A network-proxy runs on each Node. ● You may need to know about Kubernetes Service before studying it.

Appendix#Service ● In k8s cluster, each Pod has its IP address. ● A container will communicate to others with "localhost" in a pod. ● There is a few issue if a pod wants to be connected with pods they're created dynamically(e.g. using deployment). ○ How to get their IP addresses? ○ Is there a way to balance traffics to them smart?

Appendix#Service ● A Service is a way to expose an application runs on a cluster. ○ can also load-balance L4 traffics to several Pods. ○ create an endpoint with given ServiceType. ■ ClusterIP … provide a VIP it's only used in a cluster ■ NodePort … allocating a port that is listened to by every Node. ■ LoadBalancer … using an external LB. ● A Service marks pods by label-selector ○ marked Pods are "targeted" by a Service. ● we're going back to kube-proxy.

Components of k8s cluster#kube-proxy ● kube-proxy receives some traffics to ClusterIP/NodePort. ● kube-proxy can be configured with proxy-mode ○ userspace … running transporter in user space ○ iptables … running transporter in kernel space ■ more efficiently than userspace mode ■ iptables isn't designed for load-balancing ○ IPVS … opmizing workloads using IP Virtual Server ■ can use more optimized LB algorithms. ● least-connection ● source-hashing

Components of k8s cluster#Summary Source: https://kubernetes.io/docs/concepts/overview/components/