Kubernetes指南
Linux性能优化实战eBPF 核心技术与实战SDN指南个人博客
EN
EN
  • Overview
  • Introduction
    • Kubernetes Introduction
    • Kubernetes Concepts
    • Kubernetes 101
    • Kubernetes 201
    • Kubernetes Cluster
  • Concepts
    • Concepts
    • Architecture
    • Design Principles
    • Components
      • etcd
      • kube-apiserver
      • kube-scheduler
      • kube-controller-manager
      • kubelet
      • kube-proxy
      • kube-dns
      • Federation
      • kubeadm
      • hyperkube
      • kubectl
    • Objects
      • Autoscaling
      • ConfigMap
      • CronJob
      • CustomResourceDefinition
      • DaemonSet
      • Deployment
      • Ingress
      • Job
      • LocalVolume
      • Namespace
      • NetworkPolicy
      • Node
      • PersistentVolume
      • Pod
      • PodPreset
      • ReplicaSet
      • Resource Quota
      • Secret
      • SecurityContext
      • Service
      • ServiceAccount
      • StatefulSet
      • Volume
  • Setup
    • Setup Guidance
    • kubectl Install
    • Single Machine
    • Feature Gates
    • Best Practice
    • Version Support
    • Setup Cluster
      • kubeadm
      • kops
      • Kubespray
      • Azure
      • Windows
      • LinuxKit
      • kubeasz
    • Setup Addons
      • Addon-manager
      • DNS
      • Dashboard
      • Monitoring
      • Logging
      • Metrics
      • GPU
      • Cluster Autoscaler
      • ip-masq-agent
  • Extension
    • API Extension
      • Aggregation
      • CustomResourceDefinition
    • Access Control
      • Authentication
      • RBAC Authz
      • Admission
    • Scheduler Extension
    • Network Plugin
      • CNI
      • Flannel
      • Calico
      • Weave
      • Cilium
      • OVN
      • Contiv
      • SR-IOV
      • Romana
      • OpenContrail
      • Kuryr
    • Container Runtime
      • CRI-tools
      • Frakti
    • Storage Driver
      • CSI
      • FlexVolume
      • glusterfs
    • Network Policy
    • Ingress Controller
      • Ingress + Letsencrypt
      • minikube Ingress
      • Traefik Ingress
      • Keepalived-VIP
    • Cloud Provider
    • Device Plugin
  • Cloud Native Apps
    • Apps Management
      • Patterns
      • Rolling Update
      • Helm
      • Operator
      • Service Mesh
      • Linkerd
      • Linkerd2
    • Istio
      • Deploy
      • Traffic Management
      • Security
      • Policy
      • Metrics
      • Troubleshooting
      • Community
    • Devops
      • Draft
      • Jenkins X
      • Spinnaker
      • Kompose
      • Skaffold
      • Argo
      • Flux GitOps
  • Practices
    • Overview
    • Resource Management
    • Cluster HA
    • Workload HA
    • Debugging
    • Portmap
    • Portforward
    • User Management
    • GPU
    • HugePage
    • Security
    • Audit
    • Backup
    • Cert Rotation
    • Large Cluster
    • Big Data
      • Spark
      • Tensorflow
    • Serverless
  • Troubleshooting
    • Overview
    • Cluster Troubleshooting
    • Pod Troubleshooting
    • Network Troubleshooting
    • PV Troubleshooting
      • AzureDisk
      • AzureFile
    • Windows Troubleshooting
    • Cloud Platform Troubleshooting
      • Azure
    • Troubleshooting Tools
  • Community
    • Development Guide
    • Unit Test and Integration Test
    • Community Contribution
  • Appendix
    • Ecosystem
    • Learning Resources
    • Domestic Mirrors
    • How to Contribute
    • Reference Documents
由 GitBook 提供支持
在本页
  • Component Communication
  • Port Numbers
  • Master node(s)
  • Worker node(s)
  • Version Support Strategy
  • Active Versions
  • Version Compatibility
  • Upgrade Order
  • Reference Documents
  1. Concepts

Components

上一页Design Principles下一页etcd

最后更新于1年前

Kubernetes is mainly composed of the following core components:

  • Etcd that preserves the state of the whole cluster;

  • API Server offers a unique entrance for resource operations, providing mechanisms such as authentication, authorization, access control, API registration and discovery;

  • Controller Manager that maintains the state of the cluster, such as fault detection, automatic expansion, rolling updates, etc.;

  • Scheduler that manages the allocation of resources, scheduling Podes to the corresponding machines based on the predetermined scheduling strategies;

  • Kubelet that maintains the lifecycle of containers, as well as managing Volumes (CVI) and networks (CNI);

  • Container Runtime, being responsible for image management and the actual operation of Pods and containers (CRI);

  • Kube-proxy, providing service discovery and load balancing within the cluster for the service.

Component Communication

The principle of communication between multiple components in Kubernetes is described as follows:

  • API Server manages all operations with the etcd storage, while it’s the only one that operates the etcd cluster directly.

  • API Server provides a unified REST API for the inside (other components in the cluster) and the outside (users), and all other components communicate with each other through the API Server.

    • Controller Manager, Scheduler, Kube-proxy, Kubelet, etc., all watch the changes in the resources through the watch API of the API Server, and manipulate the resources accordingly.

    • All operations that require updating the status of resources happen through the REST API of the API Server.

  • API Server also directly calls Kubelet API (such as logs, exec, attach, etc.), does not verify the Kubelet certificate by default, but can be turned on with --kubelet-certificate-authority (while GKE protects their communication through SSH tunnel).

The typical flow of creating a Pod goes as follows:

  1. A user creates a Pod via REST API

  2. API Server writes into etcd

  3. Scheduler checks unbound node Pod, begins scheduling and updates the node binding of the Pod

  4. Kubelet detects a new scheduled Pod and runs it via Container Runtime

  5. Kubelet gets the status of Pod via Container Runtime and updates it to API Server

Port Numbers

Master node(s)

Protocol
Direction
Port Range
Purpose

TCP

Inbound

6443*

Kubernetes API server

TCP

Inbound

8080

Kubernetes API insecure server

TCP

Inbound

2379-2380

etcd server client API

TCP

Inbound

10250

Kubelet API

TCP

Inbound

10251

kube-scheduler healthz

TCP

Inbound

10252

kube-controller-manager healthz

TCP

Inbound

10253

cloud-controller-manager healthz

TCP

Inbound

10255

Read-only Kubelet API

TCP

Inbound

10256

kube-proxy healthz

Worker node(s)

Protocol
Direction
Port Range
Purpose

TCP

Inbound

4194

Kubelet cAdvisor

TCP

Inbound

10248

Kubelet healthz

TCP

Inbound

10249

kube-proxy metrics

TCP

Inbound

10250

Kubelet API

TCP

Inbound

10255

Read-only Kubelet API

TCP

Inbound

10256

kube-proxy healthz

TCP

Inbound

30000-32767

NodePort Services**

Version Support Strategy

Active Versions

Version Compatibility

  • In a HA cluster, all kube-apiserver instances can only have a minor version difference at most (e.g., some are 1.21, some are 1.20)

  • Kubelet can have up to two minor versions difference with kube-apiserver (like when kube-apiserver is 1.21, kubelet can be 1.21, 1.20, 1.19)

  • Kube-controller-manager, kube-scheduler, and cloud-controller-manager can only have a minor version difference with kube-apiserver (like when kube-apiserver is 1.21, kube-controller-manager is 1.20)

Upgrade Order

When upgrading the Kubernetes cluster (e.g., from 1.20.1 to 1.21.1), the following upgrade order and dependencies should be ensured:

  • Before upgrading, make sure that the ValidatingWebhookConfiguration and MutatingWebhookConfiguration are upgraded to the latest API version (compatible with the new and old versions of kube-apiserver)

  • All instances of kube-apiserver actually need to be upgraded before other components (like kube-controller-manager)

  • Kube-controller-manager, kube-scheduler, and cloud-controller-manager can only be upgraded after kube-apiserver is upgraded

  • Kubelet can only be upgraded after kube-apiserver is upgraded, and before upgrading, you need to kubectl drain <node> (i.e., kubelet does not support minor version upgrades locally)

  • Kube-proxy needs to ensure that it is the same version as the kubelet on the same node.

Reference Documents

The Kubernetes community currently maintains the latest three minor versions (such as 1.21.x, 1.20.x, 1.19.x), and each minor version has a one-year patch support cycle (9 months before 1.18). Patches for active versions are released approximately once a month, and the detailed release schedule can be found .

here
Master-Node communication
Core Kubernetes: Jazz Improv over Orchestration
Installing kubeadm
Version Skew Policy
components
ports