Today, I want to dive into Kubernetes architecture. To explore this, let’s follow the flow of a kubectl command. Essentially, a kubectl command is just data sent to a server. We could achieve the same result with a simple curl request or by using a language library (such as Python, Go, or Java).
In this example, we’ll push a deployment to create a pod.
Kubernetes architecture
The kube-api-server
Here the 5min kubernetes tutorial : kubernetes architecture
Our kubectl client is simply a client for a web server, communicating with the Kubernetes API server (APIServer). The APIServer handles authentication, authorization, and admission control for our requests, ensuring that you have permission to perform the actions you’re attempting.
If all checks pass, the APIServer stores our data in the etcd server.
ETCD database engine
Etcd is a key/value store database.
This database store all datas in the cluster :
cluster state
node states
resource states
…
But for our request, this is the desirated state. Now the cluster needs to reconcile its with the real state.
Controller Manager
The controller manager is responsible for ensuring that the actual state of the cluster matches the desired state stored in etcd. It also responds to incidents, working to resolve them and bring the cluster back in sync with the desired state.
A controller manager manages many controllers like :
deployments
nodes
services
…
Each controller has its own algorithm to manage and reconcile the state. For example, when creating a deployment, the deployment controller watches the APIServer to track new deployments. If the deployment controller detects a new or updated deployment, it updates other resources through the APIServer.
For instance, if a new deployment is discovered, the controller recognizes that it needs to create a new pod. To do so, it requests the creation of a new pod through the APIServer, updating the desired state in etcd.
The Scheduler
Now we have a new pod to create in our cluster. This means the pod exists in etcd but is unscheduled — no node has been assigned to it yet.
To assign a pod to a worker node, the Scheduler considers factors such as available resources, node availability, and affinity rules. This process involves two steps: filtering (narrowing down the list of nodes) and scoring (prioritizing nodes).
At the end of this process, the Scheduler updates the pod’s metadata by changing the NodeName field from none to the name of the selected worker node, thereby assigning it.
All components into kubernetes cluster
Kubelet, the agent
Then, the master did its job.
On the worker node, the kubelet (a kubernetes agent) watches permanently the kube-api-server and check if there is some stuffs which need to do on the worker… for example create a pod.
Then if the kubelet finds a new pod with its NodeName, it starts to create a pod. For that the kubelet manages the container runtime (for example containerd). And the container runtime creates a container or many containers (a pod can be compose with many containers).
And finally, the container is just a process which has some reserved resources with cgroups and isolation with namespaces.
Top comments (0)