Shulou(Shulou.com)06/03 Report--

1. K8s architecture diagram

Second, k8s architecture model:

Master (cluster) / worker (node) architecture

Master components:

1.kube-apiserver:

Provide restful interface instructions for the client or other components to call. The client refers to the kubectl command line tool, and other communication components include controller and scheduler

2.etcd:

Responsible for storing cluster status

3.controller

Manage and implement various processes of k8s. Use k8s to manage containers instead of using containers directly. The purpose is to provide unified choreography for containers and declarative calls for users. K8s maintains users' expectations. Users only need to tell k8s how many services they need and what configuration they need. They do not need to care about how the underlying k8s is implemented, but k8s is not only created and managed normally, but also accompanied by the occurrence of anomalies. For example, the container is down and the network is not connected. At this time, it is necessary for controller to monitor the status of resources and update it to etcd,controller, which is equivalent to the role of operation and maintenance engineer. K8s regards all kinds of operations as a certain type of method, thus assigning different operations to different methods. K8s believes that everything is resources, and complicated content is abstracted into different resources and executed on different methods.

4.Scheduler

Resource scheduling, according to the use of system resources, reasonably allocate pod to the corresponding node nodes, and tell etcd to update the database through apiserve

Worker components:

1.kubelet

How controller monitors the information of unavailable resources, and how Scheduler allocates resources to pod, the actual operations are handed over to kubelet, for example, creating pod, deleting pod, creating data volumes, etc.

2.kube-proxy

Create a good environment according to users' expectations, how can pod containers provide services to others? Pod generation automatically allocates an ip, but the ip is generated dynamically and is not fixed. In this case, a fixed ip proxy pod is needed to provide services. This is the service resource, which plays the role of service discovery and load balancing. But how does service delegate to pod? At this point, you need core-dns to register the dynamic DNS for the newly created pod. Add iptables/ipvs rules to pod's service for service discovery and load balancing. All network-related requests and responses are completed by kube-proxy agents.

3.container runtime

Responsible for container operation

III. Work flow

1. Create pod

When apiserver receives a request from a user to create a pod, it creates a pod object based on the parameter values submitted by the user, and apiserver detects the parameters submitted by the user. After the creation of the pod object fails, etcd persists the object, and tests that the pod is in a pending state. Scheduler will call apiserver to listen for changes in etcd data through the list-watch mechanism. If a pod is not found to be bind on node, it will read the pod information stored by etcd, according to the policy algorithm. When the pod is dispatched to the corresponding node, each node will also listen for the change of the state of the etcd object by calling the API apiserver. When the assigned node finds that the current node state is inconsistent with the user's desired state, he will create a pod (including mounting the data volume and creating the pause container to take over the application container network). After the creation is successful, the information will be updated to the etcd through apiserver.

2.controller creates pod

After the first step is successful, controller is required to take over the monitoring work.

Users expect the number of pod replicas to be 3 However, when a pod is disabled, controller loop detects that the state of the object stored in the etcd is not consistent with that of the system current state (this example is caused by the container that failed). The definitions of replicationController, replicaSet, deployment, etc., must have three containers. However, the current system has only two running, and then the corresponding controller will respond to the object class type stored in the etcd when the user defines it. When you find that "1 container" is missing and you need to create a new container, the controller requests api server to create a new container. The next step is the same as the first step.

Summary:

Etcd can only access etcd through api server to ensure that the stored data is structured through api server. Controller, scheduler, kubelet, kube-proxy these components are essentially through the object state stored in watch etcd to enter the "row" corresponding work, but must be through api server. There is no scheduled superior-subordinate relationship between them, but the mechanism of triggering the corresponding event to deal with "K8s internal" work through the change of the state of etcd objects is essentially to maintain the expectations submitted by users (stored in etcd) and the current state of the system "consistent with the current state of the system." there is a control loop in K8s to monitor the system status all the time.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.