k8s组件简介

Kubernetes is constructed using several components, as follows:
f Kubernetes master
f Kubernetes nodes
f etcd
f Overlay network (flannel)
These components are connected via network, as shown in the following screenshot:
The preceding image can be summarized as follows:
f Kubernetes master connects to etcd via HTTP or HTTPS to store the data. It also
connects flannel to access the container application.
f Kubernetes nodes connect to the Kubernetes master via HTTP or HTTPS to get a
command and report the status.
f Kubernetes nodes use an overlay network (for example, flannel) to make a
connection of their container applications.
How to do it…
In this section, we are going to explain the features of Kubernetes master and nodes;
both of them realize the main functions of the Kubernetes system.
Kubernetes master
Kubernetes master is the main component of Kubernetes cluster. It serves several
functionalities, such as the following items:
f Authorization and authentication
f RESTful API entry point
Chapter 1
3
f Container deployment scheduler to the Kubernetes nodes
f Scaling and replicating the controller
f Read and store the configuration
f Command Line Interface
The next image shows how master daemons worked together to fulfill the mentioned
functionalities:
There are several daemon processes that make the Kubernetes master's functionality, such
as kube-apiserver, kube-scheduler, and kube-controller-manager. Hypercube wrapper
launched all of them.
In addition, the Kubernetes Command Line Interface kubectl can control the Kubernetes
master functionality.
API server (kube-apiserver)
The API server provides an HTTP- or HTTPS-based RESTful API, which is the hub between
Kubernetes components, such as kubectl, scheduler, replication controller, etcd datastore,
and kubelet and kube-proxy, which runs on Kubernetes nodes and so on.
Scheduler (kube-scheduler)
Scheduler helps to choose which container runs by which nodes. It is a simple algorithm that
defines the priority to dispatch and bind containers to nodes, for example:
f CPU
f Memory
f How many containers are running?
Building Your Own Kubernetes
4
Controller manager (kube-controller-manager)
Controller manager performs cluster operations. For example:
f Manages Kubernetes nodes
f Creates and updates the Kubernetes internal information
f Attempts to change the current status to the desired status
Command Line Interface (kubectl)
After you install Kubernetes master, you can use the Kubernetes Command Line Interface
kubectl to control the Kubernetes cluster. For example, kubectl get cs returns the status
of each component. Also, kubectl get nodes returns a list of Kubernetes nodes:
//see the ComponentStatuses
# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok nil
scheduler Healthy ok nil
etcd-0 Healthy {"health": "true"} nil
//see the nodes
# kubectl get nodes
NAME LABELS STATUS AGE
kub-node1 kubernetes.io/hostname=kub-node1 Ready 26d
kub-node2 kubernetes.io/hostname=kub-node2 Ready 26d
Kubernetes node
Kubernetes node is a slave node in the Kubernetes cluster. It is controlled by Kubernetes
master to run the container application using Docker ( http://docker.com ) or rkt
( http://coreos.com/rkt/docs/latest/ ) in this book; we will use the Docker
container runtime as the default engine.
Node or slave?
The terminology of slave is used in the computer industry to represent the
cluster worker node; however, it is also associated with discrimination. The
Kubernetes project uses node instead.
Chapter 1
5
The following image displays the role and tasks of daemon processes in node:
Node also has multiple daemon processes, named kubelet and kube-proxy, to support
its functionalities.
kubelet
kubelet is the main process on Kubernetes node that communicates with Kubernetes master
to handle the following operations:
f Periodically access the API Controller to check and report
f Perform container operations
f Runs the HTTP server to provide simple APIs
Proxy (kube-proxy)
Proxy handles the network proxy and load balancer for each container. It performs to change
the Linux iptables rules (nat table) to control TCP and UDP packets across the containers.
After starting the kube-proxy daemon, it will configure iptables rules; you can see
iptables -t nat -L or iptables -t nat -S to check the nat table rules, as follows:
//the result will be vary and dynamically changed by kube-proxy
# sudo iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-N FLANNEL
-N KUBE-NODEPORT-CONTAINER
-N KUBE-NODEPORT-HOST
-N KUBE-PORTALS-CONTAINER
-N KUBE-PORTALS-HOST
Building Your Own Kubernetes
6
-A PREROUTING -m comment --comment "handle ClusterIPs; NOTE: this must be
before the NodePort rules" -j KUBE-PORTALS-CONTAINER
-A PREROUTING -m addrtype --dst-type LOCAL -m comment --comment "handle
service NodePorts; NOTE: this must be the last rule in the chain" -j
KUBE-NODEPORT-CONTAINER
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -m comment --comment "handle ClusterIPs; NOTE: this must be
before the NodePort rules" -j KUBE-PORTALS-HOST
-A OUTPUT -m addrtype --dst-type LOCAL -m comment --comment "handle
service NodePorts; NOTE: this must be the last rule in the chain" -j
KUBE-NODEPORT-HOST
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 192.168.90.0/24 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 192.168.0.0/16 -j FLANNEL
-A FLANNEL -d 192.168.0.0/16 -j ACCEPT
-A FLANNEL ! -d 224.0.0.0/4 -j MASQUERADE