Kubernetes overall architecture diagram

Kubernetes components

Kube-master control node

  • Workflow flowchart for Kube-Master





  1. Kubecfg sends specific requests to the Kubernetes Client (e.g., requests to create pods).

  2. The Kubernetes Client sends the request to the API Server.

  3. The API Server chooses which REST API to use to process the request based on the type of request (for example, REST Storage API for Pods created when the Storage type is Pods).

  4. The REST Storage API processes the request and stores the result to the high availability key-value Storage system Etcd.

  5. After API Server responds to Kubecfg’s request, Scheduler dispatches undistributed pods to available Minion/Node nodes based on the information about running pods and Minion/Node in the cluster that Kubernetes Client obtains.

API Server “Resource Operation Portal”

  • The API Server provides a unique entry point for resource objects through which all other components must manipulate resource data. Only the API Server communicates with the storage, and all other modules must access the cluster state through the API Server.

  • As the entrance of Kubernetes system, API Server encapsulates the operation of adding, deleting, changing and checking core objects. API Server provides RESTFul interfaces for external customers and internal components to call. API Server then performs operations on related resource data (full query + change monitoring) to complete related service functions in real time.

  • API Server as Kubernetes entry design has the following benefits: 1. This ensures the security of cluster status access. 2. API Server isolates cluster state access and back-end storage implementation, so that the way of API Server state access will not change because of the change of back-end storage technology Etcd, so that the choice of back-end storage mode is more flexible, convenient expansion of the entire architecture.

The Internal Management control Center

The Controller Manager is used to automate fault detection and recovery of the Kubernetes cluster. The Controller Manager is responsible for executing the following controllers:

  • Replication Controller

The Replication Controller is mainly used to periodically associate a Replication Controller (RC) with A Pod to ensure that the number of Pod copies associated with an RC (a resource object) in the cluster is always the same as the preset value.

  • Node Controller

Kubelet registers its node information through the API Server during startup and periodically reports status information to the API Server. The API Server updates the information to the Etcd when it receives it.

Node Controller Uses the API Server to obtain real-time Node information and manage and monitor nodes in the cluster.

  • ResourceQuota Controller

The resource quota management controller is used to ensure that the specified resource object does not occupy excessive physical resources on the system at any time.

  • Namespace Controller

Users can use the API Server to create new namespaces and store them in the Etcd. The Namespace Controller periodically reads the Namespace information through the API Server to operate the Namespace.

For example, if a Namespace is marked as gracefully deleted by the API, the Namespace state is set to Terminating and saved to Etcd. In addition, the Namespace Controller deletes resource objects such as ServiceAccount, RC, and Pod from the Namespace.

  • Service Account Controller

ServiceAccount Controller: Manages Service Accounts in the namespace to ensure that the ServiceAccount default exists in each namespace.

  • Token Controller

As part of the Controller Manager, the Token Controller listens for the creation and deletion of serviceAccount and the addition and deletion of secret.

  • Service Controller

The Service Controller is an interface Controller between Kubernetes cluster and external platform. The Service Controller is mainly used to listen for Service changes.

For example, if a Service of the LoadBalancer type is created, the Service Controller must ensure that the LoadBalancer instance of the Service is created and deleted from the external cloud platform, and the corresponding routing table is updated.

  • Endpoint Controller

Endpoints represent the access addresses for all Pod copies of a Service, and Endpoints Controller is the Controller responsible for generating and maintaining all Endpoints objects.

The Endpoint Controller listens for changes to the Service and its corresponding Pod copy. Periodically associate Service and Pod (the association information is maintained by the Endpoint object) to ensure that the mapping from Service to Pod is always up to date.

Scheduler Scheduler

  • Scheduler is mainly used to collect and analyze the resource load (including memory and CPU) of all Minion/Node nodes in the current Kubernetes cluster, and then distribute newly created pods to available nodes in the Kubernetes cluster based on the resource usage.

  • Scheduler monitors all running undistributed and distributed pods in the Kubernetes cluster in real time.

  • Scheduler monitors Minion/Node information in real time. Due to frequent Minion/Node searches, Scheduler also caches the latest information locally.

  • After dispatching a Pod to a specified Minion/Node, the Scheduler writes the Pod Binding back to the API Server for use by other components.

Kube-node service Node

  • Kubelet structure

Kubelet “Pod Manager on Nodes”

  • Create, modify, monitor, and delete pods on nodes.

  • Periodically reports the status information of local nodes to the API Server.

  • Kubelet is the bridge between Master API Server and Minion/Node, receiving Commands and Work assigned to it by Master API Server.

  • Kubelet indirectly interacts with the Etcd cluster via Kube ApiServer to read cluster configuration information.

  • Set the environment variables of the container, bind Volume to the container, bind Port to the container, run a single container according to the specified Pod, and create a Network container for the specified Pod. 2. Synchronize the Pod status and obtain the Container Info, Pod Info, Root Info, and Machine Info from the cAdvisor. 3. Run the command in the container, kill the container, and delete all containers of Pod.

Proxy Load Balancing, Routing and Forwarding

  • Proxy is designed to enable external networks to access application services provided by containers in the cluster. Proxy runs on each Minion/Node.

  • Proxy provides TCP/UDP socket connection. Each time a Service is created, the Proxy gets the configuration information for Services and Endpoints from Etcd (or from File), Then, according to its configuration information, start a Proxy process on Minion/Node and listen to the corresponding service port. When an external request occurs, the Proxy dispatches the request to the correct container processing on the back end based on the Load Balancer.

  • Proxy not only solves the conflict of the same Service port on the same host, but also provides the capability of Service forwarding Service port to provide services externally. The Proxy back-end uses load balancing algorithms such as random and round robin for scheduling.

Kubectl “Cluster Management Command Line Tool Set”

  • Kubectl is a client tool for Kubernetes. Through Kubectl command to API Server operation, API Server response and return the corresponding command results, so as to achieve the management of Kubernetes cluster.

This paper is arranged and modified on the basis of “Kubernetes general architecture Diagram”.

Reference documentation

http://www.google.com

http://t.cn/RdHiHXX

http://t.cn/RdHimG5

http://t.cn/RdHRDq8