Kubernetes(K8s) Architecture and Components, Installation and Configuration - "API server, etcd, kubescheduler, kube-controller-manager and kubelet"
Sparsh Kumar
??Java | ??Spring Boot | ???Microservices | ????OCI Generative AI Professional | ??RHCSA V8 | ??Docker | ??Kubernetes |??Python | Git & GitHub | ??RestAPIs | Spring Framework | Shell Scripting | @Medium | @HashNode
Kubernetes Architecture and Components
Kubernetes is a powerful container orchestration platform that automates the deployment, scaling, and management of containerized applications. Understanding the architecture and components of Kubernetes is crucial for efficiently managing clusters and workloads.
1. Kubernetes Cluster Overview
A Kubernetes cluster consists of two main components:
- Control Plane: Manages the cluster, maintaining the desired state, and making decisions about the cluster.
- Worker Nodes: Execute the workloads (containers) as specified by the control plane.
2. Key Components of Kubernetes
a) Kubernetes API Server
The API server is the central management entity that exposes the Kubernetes API. It serves as the front-end of the control plane, handling requests from users, command-line tools (kubectl), and other components of the control plane. All REST commands used to interact with the cluster pass through the API server.
- Role:
- Validates and configures data for API objects, including pods, services, and replication controllers.
- Acts as the gatekeeper, ensuring that every request meets the requirements of Kubernetes policies.
- Code Example: Starting the API Server
kube-apiserver \
--advertise-address=<Control-Plane-IP> \
--etcd-servers=<https://127.0.0.1:2379> \
--service-cluster-ip-range=<IP-Range> \
--service-account-key-file=<Path-to-Key> \
--tls-cert-file=<Path-to-Cert> \
--tls-private-key-file=<Path-to-Key>
Explanation of above code
The command is a configuration command for the Kubernetes API server (kube-apiserver).
Command Breakdown:
In summary, this command configures the Kubernetes API server with specific parameters related to network settings, data storage, authentication, and security for a Kubernetes cluster.
b) etcd
etcd is a distributed key-value store that Kubernetes uses to store all cluster data, including configuration data, state information, and metadata. It is the single source of truth for the entire cluster, ensuring that every component of Kubernetes is synchronized.
- Role:
- Stores the state of the cluster and ensures consistent configuration across all nodes.
- Provides a reliable way to retrieve the desired state of the system.
- Code Example: Starting etcd
etcd \
--name <etcd-node-name> \
--data-dir=<Path-to-Data> \
--listen-client-urls=<https://127.0.0.1:2379> \
--advertise-client-urls=<https://127.0.0.1:2379>
Explanation of above code
The command is used to start an etcd server, which is a distributed key-value store used by Kubernetes for configuration data.
Command Breakdown:
1. etcd: This is the command to start the etcd server.
2. --name <etcd-node-name>: This sets the name for the etcd node. It's used to identify this instance in a cluster.
3. --data-dir=<Path-to-Data>: This specifies the directory where etcd will store its data (persistent key-value pairs).
4. --listen-client-urls=<https://127.0.0.1:2379>: This defines the URLs that the etcd server will listen on for client connections. In this case, it listens on localhost at port 2379.
5. --advertise-client-urls=<https://127.0.0.1:2379>: This indicates the URLs that etcd will advertise to clients, allowing them to connect to the server. This is also set to localhost at port 2379.
In summary, this command configures and starts an etcd node with a specified name, data directory, and the necessary URLs for clients to connect.
c. Kubernetes Scheduler (kube-scheduler)
The scheduler is responsible for assigning workloads (pods) to nodes in the cluster. It considers several factors, such as resource availability, affinity/anti-affinity rules, and taints/tolerations, to make scheduling decisions.
- Role:
- Watches for newly created pods that have no node assigned.
- Selects an appropriate node for each pod based on various scheduling algorithms.
- Code Example: Starting the Scheduler
kube-scheduler \
--kubeconfig=<Path-to-Kubeconfig> \
--leader-elect=true
Explanation of above code
The command is used to start the Kubernetes scheduler (`kube-scheduler`), which is responsible for assigning pods to nodes in a Kubernetes cluster.
Command Breakdown :
1. kube-scheduler: This is the command to start the Kubernetes scheduler.
2. --kubeconfig=<Path-to-Kubeconfig>: This option specifies the path to the kubeconfig file, which contains the configuration details (such as cluster, user credentials, and API server endpoint) needed for the scheduler to connect to the Kubernetes API server.
3. --leader-elect=true: This enables leader election, which is a mechanism that allows multiple instances of the scheduler to run in a high-availability mode. When leader election is enabled, only one instance of the scheduler will actively schedule pods at a time, while others will remain in standby mode.
In summary, this command starts the Kubernetes scheduler, providing it the necessary configuration to connect to the cluster and enabling leader election for high availability.
d. Kubernetes Controller Manager (kube-controller-manager)
The controller manager runs various controllers that regulate the state of the cluster. Each controller watches the state of the cluster and takes corrective actions if the actual state does not match the desired state.
- Role:
- Includes several controllers such as the node controller, replication controller, and endpoints controller.
- Ensures that the desired state of the system (as defined in etcd) is maintained.
- Code Example: Starting the Controller Manager
kube-controller-manager \
--kubeconfig=<Path-to-Kubeconfig> \
--allocate-node-cidrs=true \
--cluster-cidr=<Cluster-CIDR> \
--leader-elect=true
Explanation of above code
The command is used to start the Kubernetes Controller Manager (`kube-controller-manager`), which manages various controllers that regulate the state of the cluster.
Command Breakdown :
1. kube-controller-manager: This is the command to start the Kubernetes Controller Manager.
2. --kubeconfig=<Path-to-Kubeconfig>: This option specifies the path to the kubeconfig file, which contains the necessary credentials and configuration to connect to the Kubernetes API server.
3. --allocate-node-cidrs=true: This enables the feature that allows the Controller Manager to allocate CIDR blocks (IP ranges) for nodes in the cluster. This is important for managing IP addresses for pods and services.
4. --cluster-cidr=<Cluster-CIDR>: This specifies the CIDR block for the cluster’s pod network. It defines the range of IP addresses that can be assigned to pods within the cluster.
5. --leader-elect=true: This enables leader election for the Controller Manager, allowing multiple instances to run in high availability. With this enabled, only one instance will actively manage the controllers at a time, while others will be on standby.
In summary, this command starts the Kubernetes Controller Manager with specified configurations for connecting to the cluster, allocating node CIDRs, defining the cluster's pod network, and enabling high availability through leader election.
e. Kubelet
Kubelet is an agent that runs on each worker node in the cluster. It ensures that containers are running in the desired state as defined by the control plane. Kubelet communicates with the API server to receive instructions and report back the status of the node.
- Role:
- Manages the containers running on the node.
- Ensures that the containers specified in the PodSpecs are running and healthy.
- Code Example: Starting Kubelet
kubelet \
--kubeconfig=<Path-to-Kubeconfig> \
--network-plugin=<Plugin> \
--container-runtime=<Runtime> \
--pod-infra-container-image=<Infra-Container-Image>
Explanation of above code
The command is used to start the Kubernetes Kubelet, which is the primary agent that runs on each node in a Kubernetes cluster. It is responsible for managing pods and containers.
Command Breakdown :
1. kubelet: This is the command to start the Kubelet service.
2. --kubeconfig=<Path-to-Kubeconfig>: This option specifies the path to the kubeconfig file, which contains the necessary credentials and configuration to connect to the Kubernetes API server.
领英推荐
3. --network-plugin=<Plugin>: This specifies the network plugin to use for managing networking in the cluster. Different plugins provide various networking capabilities, such as Calico, Flannel, or Weave.
4. --container-runtime=<Runtime>: This defines the container runtime to use for managing containers. Common options include Docker, containerd, or CRI-O.
5. --pod-infra-container-image=<Infra-Container-Image>: This option specifies the image for the infrastructure container, which is used to host the pod's networking and storage components. This is typically a lightweight image that provides the necessary environment for running the pod's containers.
In summary, this command starts the Kubelet with configurations for connecting to the cluster, selecting a network plugin, specifying a container runtime, and defining the image for the infrastructure container.
3. Kubernetes Installation and Configuration
a. Prerequisites
- Operating System: Linux (Ubuntu, CentOS, etc.)
- Tools: Docker, kubeadm, kubectl, and kubelet
b. Installing Docker
Docker is the most common container runtime used with Kubernetes. The commands written below are written for Ubuntu Operating System.
sudo apt-get update
sudo apt-get install -y docker.io
sudo systemctl enable docker
sudo systemctl start docker
c. Installing kubeadm, kubelet, and kubectl
Kubeadm is a tool that helps in initializing the Kubernetes cluster.
sudo apt-get update && sudo apt-get install -y apt-transport-https curl
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
Explanation of above code
The command sequence is used to install Kubernetes components on a Debian-based Linux system, specifically Ubuntu. Here’s a step-by-step breakdown:
1. sudo apt-get update: This command updates the package index, on the system to ensure that you have the latest information on available packages.
2. &&: This operator chains commands, executing the next command only if the previous one succeeded.
3. sudo apt-get install -y apt-transport-https curl: This installs the apt-transport-https package (enabling APT to use HTTPS for downloading) and curl (a tool for transferring data using URLs) without prompting for confirmation.
4. "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -" This command downloads the GPG key for the Kubernetes APT repository and adds it to the system’s list of trusted keys, allowing the system to authenticate packages from the Kubernetes repository securely.
5. echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list: This command adds the Kubernetes APT repository to the system’s sources list, specifically for Ubuntu Xenial (16.04). This enables the package manager to find and install Kubernetes packages.
6. sudo apt-get update: This command updates the package index again to include the new Kubernetes repository.
7. sudo apt-get install -y kubelet kubeadm kubectl: This installs the Kubernetes components:
- kubelet: The primary agent that runs on each node.
- kubeadm: A tool for bootstrapping a Kubernetes cluster.
- kubectl: The command-line interface for interacting with the Kubernetes API.
8. sudo apt-mark hold kubelet kubeadm kubectl: This command prevents the specified packages (`kubelet`, kubeadm, and kubectl) from being automatically updated. This is useful to maintain compatibility and avoid breaking changes with upgrades.
In summary, this command sequence prepares the system, adds the necessary Kubernetes repository, installs the required Kubernetes components, and ensures they are held at their current versions.
d. Initializing the Kubernetes Master Node
The following command initializes the Kubernetes control plane on the master node.
sudo kubeadm init --pod-network-cidr=<CIDR-Range>
The command is used to initialize a Kubernetes cluster using kubeadm. Here’s a breakdown of the components:
1. sudo: This runs the command with superuser (root) privileges, which are required for cluster initialization.
2. kubeadm init: This is the command that initializes a new Kubernetes cluster. It performs tasks like creating necessary certificates, setting up configuration files, and starting the control plane components.
3. --pod-network-cidr=<CIDR-Range>: This option specifies the CIDR range for the pod network. The <CIDR-Range> (e.g., 10.244.0.0/16) defines the IP address range that will be used by the pods in the cluster. This is necessary for networking plugins to configure their networking accordingly.
In summary, this command initializes a Kubernetes cluster with a specified network configuration for the pods. This setup is a prerequisite for running applications in the cluster.
->> After the initialization is complete, set up the local kubeconfig:
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Explanation of above code
This command sequence sets up the Kubernetes configuration for a user after initializing a Kubernetes cluster with kubeadm. Here's a breakdown of each command:
1. mkdir -p $HOME/.kube:
- Creates a directory named .kube in the user's home directory.
- The -p option ensures that the command doesn't produce an error if the directory already exists and that parent directories are created as needed.
2. sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config:
- Copies the Kubernetes admin configuration file (`admin.conf`) from /etc/kubernetes/ to the .kube directory as config.
- The -i option prompts for confirmation before overwriting the destination file if it already exists. This file contains the necessary information for the user to interact with the Kubernetes cluster using kubectl.
3. sudo chown $(id -u):$(id -g) $HOME/.kube/config:
- Changes the ownership of the config file to the current user.
- $(id -u) retrieves the current user's ID, and $(id -g) retrieves the current user's group ID. This ensures that the user has the appropriate permissions to read and modify their Kubernetes configuration.
In summary, this sequence creates the necessary directory structure and copies the Kubernetes configuration file, ensuring it's accessible to the current user for managing the cluster with kubectl.
e. Installing a Pod Network
Kubernetes requires a pod network to enable communication between nodes. Here’s an example using Calico:
kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
The command " kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml " is used to deploy the Calico networking solution in a Kubernetes cluster.
1. kubectl: This is the command-line tool for interacting with a Kubernetes cluster.
2. apply: This command is used to apply a configuration to a resource by file or stdin. It creates or updates resources as defined in the provided file.
3. -f: This flag specifies that the following argument is a file containing the configuration. It can be a local file or a remote URL.
4. https://docs.projectcalico.org/manifests/calico.yaml: This is the URL pointing to a YAML file that contains the configuration needed to set up Calico as the network provider for the Kubernetes cluster.
In summary, this command fetches the Calico manifest file from the specified URL and applies its configurations to the Kubernetes cluster, setting up Calico for pod networking.
f. Adding Worker Nodes to the Cluster
On each worker node, run the join command provided by kubeadm init to add the node to the cluster:
sudo kubeadm join <Control-Plane-IP>:6443 --token <Token> --discovery-token-ca-cert-hash sha256:<Hash>
Explanation of above code
The command " sudo kubeadm join <Control-Plane-IP>:6443 --token <Token> --discovery-token-ca-cert-hash sha256:<Hash> " is used to join a worker node to an existing Kubernetes cluster. Here's a concise breakdown:
1. sudo: Runs the command with superuser (root) privileges, which are typically required to join a node to a cluster.
2. kubeadm join: This command initiates the process for a worker node to connect to a Kubernetes control plane (master node).
3. <Control-Plane-IP>:6443: This specifies the IP address of the control plane (master node) and the port (6443) on which the Kubernetes API server is listening.
4. --token <Token>: This is a unique token required for authenticating the joining node with the control plane. It ensures that only authorized nodes can join the cluster.
5. --discovery-token-ca-cert-hash sha256:<Hash>: This parameter provides the SHA256 hash of the CA certificate used by the control plane. It is used to verify the identity of the control plane and prevent man-in-the-middle attacks during the join process.
In summary, this command instructs a worker node to join a Kubernetes cluster by connecting to the specified control plane, using the provided token and certificate hash for authentication.
4. Verifying the Cluster
To verify that the cluster is up and running, use the following command:
kubectl get nodes
This command should display all the nodes in the cluster, including the master and worker nodes.
Conclusion
This guide provides a comprehensive overview of the Kubernetes architecture and step-by-step instructions for installing and configuring a Kubernetes cluster. By understanding these core components, you can effectively manage Kubernetes clusters and ensure they are optimized for your workloads.