kubelet

The kubelet process is used to process tasks delivered by master, manage containers in POD, and register its own nodes.

Node management

Start Parameters

--register-node # If set to true will register its node with API server. If set to false will require administrator to manually configure --api-server # location IP address or domain name of API server Cloud-provider: kubeconfig # kubeconfig --node-status-update-frequency set kubelet reporting intervalCopy the code

Pod management

Kubelet gets pod information running on node in the following way

File: Kubelet through startup parameters--configSpecify files in the configuration file directory (default/etc/kubernetes/manifests/Static POD read position), through--file-check-frequencySet the interval for checking directories. The default interval is 20 seconds
HTTP endpoint (URL): Passes--manifest-urlParameter Settings. Yes--http-check-frequencySet check interval, default 20 seconds (another static POD reading position)
API Server: Kubelet listens to the ETCD directory through API Server and synchronizes the POD list

Kubelet watch plus list listens for /registry/nodes/$NODENAME current NODENAME, and registry/pods to synchronize the information to the local cache.

Kubelet reads the listener and does the following for the creation and modification

Create a data directory for this POD
Read the POD manifest from API Server
Mount an External Volume for this POD
Download pod using Secret
Check the pod already running on the node, if the pod does not have a container, orkubernetes/pauseIf the container is not started, stop all container processes first. If any container needs to be deleted, delete it
Create a Kubernetes/Pause container into a POD that takes over the network of all other containers in the POD. Then create other containers.
Do the following for each container in a POD
1. Calculates a hash value for the container and queries the hash value using the container name. If the hash value is incorrect, stop the process in the container and stop the association with the pause container. If the same does not do processing
2. If the container is terminated, its container is not specifiedrestartPolicyDo not do processing
3. Call docker Client to download the container image, call Docker Client to run the container

Container health check

Two types of probes for checking container health

LivenessProbe is used to determine whether the container is healthy and feedback to Kubelet. If the result is unhealthy, Kubelet will delete the container and process it according to the restart policy. If the yamL definition of the container does not contain the LivenessProbe, the container health is considered to always return SUCCESS.
ReadinessProbe, which determines whether the container has been started and is accepting requests. If the ReadinessProbe fails, the container state will be changed. The Endpoint Controller will delete the IP address of the POD where the container resides from the Endpoint of the Service

LivenessProbe implementation of the probe

ExecAction: Execute a command inside the container. If the command exit code is 0, the container is healthy
TCPSocketAction: Performs TCP checks based on the IP address and port of the container. If the port succeeds, the container is healthy
HttpGetAction: Uses HTTP get to access the container IP address and port. If the returned status is greater than 200 and less than 400, the container is considered healthy

Kube-proxy runtime mechanism parsing

Kube-proxy is essentially a reverse proxy. We can think of the Kube-proxy running on each node as a transparent proxy and LB of service.

Second-generation forwarding mechanism: iptables Direct NAT

Kube-proxy listens to service and Endpoint information in apiserver, configures iptables rules, and directly forwards requests to POD through iptables

Advantages: High efficiency
Disadvantages: Iptables rules swell dramatically when service and POD are added, resulting in performance degradation and lost requests.

IPVS + IPset third generation forwarding mechanism

Ipvs is a high-performance load balancer based on Iptables and uses efficient data structures (hashes) to allow unlimited scale

Ipvs advantage

Better scalability and performance
Supports LB algorithms more complex than Iptables
Support service health check and connection enrichment
The set of ipsets can be modified dynamically, even if the iptables rules are using the set

Ipvs defects

Packet filtering, Airpin-Masquerade Tricks, SNAT, etc. are not available, so they need to be used with iptables. In IPVS mode, Kube-proxy uses the extended ipset of Iptables to generate rule chains.

Iptables is a linear data structure, while IPset introduces indexed data structures for efficient matching.

Kube-proxy main iptables rules

Kube-cluster-ip: Masquerade-all =true or clusterCIDR specifies the service CLUSTER IP address to solve packet spooking problems.
Kube-external-ip: wraps data as the EXTERNAL IP address of the service
Kube-load-balancer, kube-load-balancer-local: masquerades service traffic of the Loadbalance type
Kube-node-port-tcp, kube-node-port-local-tcp, kube-node-port-udp, kube-node-local-udp: masquerading service traffic of Nodeport type.

IPVS enable mode

Adding a kernel Configuration

cat > /etc/sysconfig/modules/ipvs.modules <<EOF
#! /bin/bash
modprobe -- ip_vs
modprobe -- ip_vs_rr
modprobe -- ip_vs_wrr
modprobe -- ip_vs_sh
modprobe -- nf_conntrack_ipv4
EOF



#authorization
chmod 755 /etc/sysconfig/modules/ipvs.modules 


#Load module
bash /etc/sysconfig/modules/ipvs.modules


#Check the load
lsmod | grep -e ip_vs -e nf_conntrack_ipv4

#The output is as follows:----------------------------------------------------------------------- nf_conntrack_ipv4 20480 0 nf_defrag_ipv4 16384 1  nf_conntrack_ipv4 ip_vs_sh 16384 0 ip_vs_wrr 16384 0 ip_vs_rr 16384 0 ip_vs 147456 6 ip_vs_rr,ip_vs_sh,ip_vs_wrr nf_conntrack 110592 2 ip_vs,nf_conntrack_ipv4 libcrc32c 16384 2 xfs,ip_vs -----------------------------------------------------------------------Copy the code

K8S configuration

Used with kubeadm:

kubeadm config print init-defaults > init-config.yaml
Copy the code

Add it in config.yaml

kind: MasterConfiguration
apiVersion: kubeadm.k8s.io/v1alpha1
.
kubeProxy:
  config:
    featureGates: SupportIPVSProxyMode=true
    mode: ipvs
Copy the code

Or add

---
apiVersion: kubeproxy.config.k8s.io/v1alpha1
kind: KubeProxyConfiguration
mode: "ipvs"
Copy the code

Choose between the two

Then use the

Kubeadm init --config init-config.yamlCopy the code

Kubeadm Default configuration view

kubeadm config print init-defaults Check the default configuration
kubeadm config print init-defaults --component-configs KubeProxyConfiguration Check the default configuration of a component
Copy the code

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

Analysis of K8S core components Kubelet and Kube-Proxy

kubelet

Node management

Pod management

Container health check

Kube-proxy runtime mechanism parsing

Second-generation forwarding mechanism: iptables Direct NAT

IPVS + IPset third generation forwarding mechanism

Ipvs advantage

Ipvs defects

Kube-proxy main iptables rules

IPVS enable mode

Adding a kernel Configuration

K8S configuration

Kubeadm Default configuration view

Analysis of K8S core components Kubelet and Kube-Proxy

kubelet

Node management

Pod management

Container health check

Kube-proxy runtime mechanism parsing

Second-generation forwarding mechanism: iptables Direct NAT

IPVS + IPset third generation forwarding mechanism

Ipvs advantage

Ipvs defects

Kube-proxy main iptables rules

IPVS enable mode

Adding a kernel Configuration

K8S configuration

Kubeadm Default configuration view

Related Posts

What is the underlying implementation of HashMap? What optimizations have been made in JDK8?

The Python Requests library for requests in Requests is not available

A brief description of spring-IOC principle