作者: Marcos Vallim
本文将逐一介绍Kubernetes主节点和工作节点的各个组件,包括控制器管理(Controller Manager)、API服务器、etcd、调度器(Scheduler)、Kubelet等。强烈建议读者扩展阅读参考链接内容,以更好地理解每个组件的工作机制,以及它们在Kubernetes集群中的作用,
Masters are responsible for orchestrating all activities related to the containers that run on the worker nodes. It is responsible for scheduling and deploying clustered applications and collecting information about worker nodes and Pods, among many other activities.
此配置方法中,服务作为容器运行,由kubeadm自动配置。In this approach, the services run as containers and are automatically set up by kubeadm.
A stacked HA cluster is a topology (see the image below) where the distributed data storage cluster provided by etcd is stacked on top of the cluster formed by the nodes managed by kubeadm that run control plane components.
每个控制平面节点均运行API服务器(api-server)、调度器(scheduler)和控制器管理(controller-manager)进程。其中,API服务器进程通过负载均衡器提供给工作节点使用(在此,使用的负载均衡器是HA Proxy),并创建本地etcd成员。该本地成员只与运行在同一节点上的API服务器进程通信。类似地,调度器和控制器管理进程也采用同样机制。
This topology couples the control planes and etcd members on the same node where they run. It is simpler to set up than a cluster with external etcd nodes, and simpler to manage for replication.
However, a stacked cluster runs into the risk of failed coupling. If one node goes down, both an etcd member and a control plane instance are lost, and redundancy is compromised. You can mitigate this risk by adding more control plane nodes.
You should therefore run a minimum of three stacked control plane nodes for an HA cluster.
在此配置方法中,服务作为容器运行,由kubeadm部分配置。In this approach, the services run as containers and are partially configured by kubeadm.
An HA cluster with external etcd nodes is a topology (see the image below) where the distributed data storage cluster provided by etcd is external to the cluster formed by the nodes that run control plane components.
Like in the stacked etcd topology, each control plane node in an external etcd topology runs an instance of the api-server, scheduler, and controller-manager. And the api-server is exposed to worker nodes using a load balancer. However, etcd members run on separate hosts, and each etcd host communicates with the api-server of each control plane node.
This topology decouples the control plane and etcd member. It therefore provides an HA setup where losing a control plane instance or an etcd member has less impact and does not affect the cluster redundancy as much as the stacked HA topology.
However, this topology requires twice the number of hosts as the stacked HA topology. A minimum of three hosts for control plane nodes and three hosts for etcd nodes are required for an HA cluster with this topology.
在此配置方法中,服务作为独立进程运行,不使用kubeadm而采用手工配置。该方法更为灵活,但是在建立集群中需要人工做更多工作。In this approach, the services run as standalone processes and should be manually configured, without using kubeadm. It provides more flexibility but also demands more work to be done by the person setting up the cluster.
An HA cluster Control Plane with external etcd nodes is a topology (see the image below) where the distributed data storage cluster provided by etcd is external to the cluster formed by the nodes that run control plane components.
Like in the stacked control plane and external etcd nodes topology, each control plane node in an external etcd topology runs an instance of the api-server, scheduler, and controller-manager. And the api-server is exposed to worker nodes using a load balancer. etcd members run on separate hosts, and each etcd host communicates with all api-server of the control plane nodes.
This topology runs api-server, controller-manager and scheduler as standalone services in the same node, while etcd is ran on its own node. It therefore provides an HA setup where losing a control plane instance or an etcd member has less impact and does not affect the cluster redundancy as much as in the stacked HA topology.
However, this topology requires twice the number of hosts as the stacked HA topology. A minimum of three hosts for control plane nodes and three hosts for etcd nodes are required for an HA cluster with this topology. Also, you must install and configure the services one-by-one.
DNS集群扩展:Kubernets DNS在集群上调度DNS Pod和服务,并配置kubelets单个容器使用解析DNS名的DNS服务IP。 cluster add-on: Kubernetes DNS schedules a DNS Pod and Service on the cluster, and configures the kubelets to tell individual containers to use the DNS Service’s IP to resolve DNS names.
Every Service defined in the cluster (including the DNS server itself) is assigned a DNS name. By default, a client Pod’s DNS search list will include the Pod’s own namespace and the cluster’s default domain. This is best illustrated by example:
Assume a Service named foo in the Kubernetes namespace bar. A Pod running in namespace bar can look up this service by simply doing a DNS query for foo. A Pod running in namespace quux can look up this service by doing a DNS query for foo.bar.
cni插件:是一类网络插件,符合appc/CNI规范。它支持连接到运行在不同节点上的Pod,提供集成不同类型网络解决方案(例如Overlay网络、完全第三层网络等)的灵活性。: This plugin is a type of Network plugin that adheres to the appc/CNI specification. This is what enables connecting Pods running on different nodes and flexibility to integrate different kind of network solutions (overlays, pure L3, etc).
Workers are the machines (nodes, which can be physical or VMs) where the containers managed by Kubernetes effectively run. In order for worker nodes to be managed by Kubernetes, they must have Kubelet agents installed on them. It is through this agent that all communication with the master happens and, as a consequence, the cluster operations are performed.
在这种配置方法中,服务作为容器运行,由kubeadm自动配置。In this approach, the services run as containers and are automatically set up by kubeadm.
A stacked worker is a topology (see image above) where each node runs an instance of kubelet, kube-proxy, cni-plugins, and containerd.
这种拓扑结构的工作节点易于配置。只需要安装kubeadm、kubelet和containerd。kube-proxy和cni插件等其它组件将在工作节点加入集群时初始化,即在运行kubeadm join命令后。
It is simpler to configure a worker in this topology. It is necessary to have only kubeadm, kubelet and containerd installed. The other components (kube-proxy and cni-plugins) will be initialized when the worker joins the cluster when the kubeadm join command is executed.
This approach runs kube-proxy and cni-plugins as containers.
在这种配置方法中,服务作为独立进程运行,需要手工配置,无需使用kubeadm。更为灵活,但是需要建立集群者做更多的工作。In this approach, the services run as standalone processes and should be manually configured, without using kubeadm. It provides more flexibility but also demands more work to be done by the person setting up the cluster.
A worker service is a topology (see image above) where each node runs an instance of kubelet, kube-proxy, cni-plugins, and containerd. Also you must install and configure the services one-by-one.
This approach runs kube-proxy and cni-plugins as standalone services.
