Shulou(Shulou.com)05/31 Report--

This article shows you how to introduce the architecture and components of Kubernetes, which is concise and easy to understand, which will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

1. Brief introduction to Kubernetes

Kubernetes is Google's open source container cluster management system, which is the open source version of Google's large-scale container management technology Borg for many years. The main features include:

Container-based application deployment, maintenance and rolling upgrade

Load balancing and service discovery

Cluster scheduling across machines and regions

Automatic telescopic

Stateless service and stateful service

Extensive Volume support

Plug-in mechanism ensures scalability

Kubernetes has developed rapidly and has become a leader in container orchestration.

2. Introduction to Kubernetes architecture and components 2.1 kubernetes architecture

Kubernetes mainly consists of the following core components:

Etcd saves the state of the entire cluster

Apiserver provides a unique entry for resource operations and provides mechanisms such as authentication, authorization, access control, API registration and discovery.

Controller manager is responsible for maintaining the status of the cluster, such as fault detection, automatic extension, rolling updates, etc.

Scheduler is responsible for resource scheduling and dispatches the instance (Pod) to the corresponding host according to the scheduled scheduling policy.

Kubelet is responsible for maintaining the life cycle of the container, as well as managing storage volumes and networks

Container runtime is responsible for image management and the actual execution of the container, which in our system refers to Docker

Kube-proxy is responsible for providing service discovery and load balancing within the cluster for applications.

Recommended plug-in

Helm-kubernetes package Management tool

Kube-dns/coreDNS is responsible for providing DNS services for the entire cluster.

Ingress Controller provides public network access for services.

Heapster provides resource monitoring

Dashboard provides GUI

Federation provides clusters across availability zones

Fluentd-elasticsearch provides cluster log collection, storage and query.

2.2 introduction to Kubernetes components

2.2.1 etcd

Etcd is a distributed key-value storage developed based on Raft consistency algorithm, which can be used for service discovery, shared configuration and consistency assurance (such as database master selection, distributed locks, etc.)

Main functions of etcd:

Basic key-value Stora

Monitoring mechanism

Key's expiration and renewal mechanism for monitoring and service discovery

Atomic CAS and CAD for distributed locks and leader elections

Consistency of Etcd based on RAFT

Leader node election method

At initial startup, the node is in the follower state and is set to an election timeout. If the heartbeat detection from the leader is not received within this time period, the node will initiate an election and, after switching itself to a candidate (candidate) node, send a request to other follow nodes in the cluster asking whether it elects itself to be leader.

When the acceptance vote is received from more than half of the nodes in the cluster, the node becomes the leader and begins to receive the data that holds the client and synchronize the logs to other follower nodes. If no agreement is reached, the candidate node randomly chooses a waiting time (150ms ~ 300ms) to vote again, and the candidate accepted by more than half of the follower in the cluster will become leader.

The leader node maintains its status by regularly sending heartbeat detection to the follower node.

Any time another follower does not receive a heartbeat test from leader during the election timeout, it will also change its state to candidate and initiate an election. For each successful election, the number of steps (Term) of the new leader will be increased by 1 compared to the previous leader.

Failure treatment

Leader invalidation: other nodes that do not receive heartbeat detection will initiate a new election. When the leader is restored, it will automatically become follower due to a small number of steps (the log will be overwritten by the log of the new leader)

The follower node is not available: the situation where the follower node is not available is relatively easy to resolve. Because the log content in the cluster is always synchronized from the leader node, as long as this node rejoins the cluster, you can copy the log from the leader node again.

Multiple candidates (candidate): after the conflict, the candidate will randomly choose a waiting time (150ms ~ 300ms) to launch the vote again, and the candidate accepted by more than half of the follower in the cluster will become leader.

At this point, some students may find that Etcd and Zookeeper, Consul and other consistency protocol implementation framework are somewhat similar, indeed these middleware are relatively similar, about the similarities and differences, you can consult the data.

2.2.2 kube-apiserver

Kube-apiserver is one of the most important core components of Kubernetes, which mainly provides the following functions:

Provide REST API interface for cluster management, including authentication and authorization, data verification and cluster status change, etc.

Provide data interaction with other modules (other modules query or modify data through API Server, only API Server directly manipulates etcd)

2.2.3 kube-scheduler

Kube-scheduler is responsible for assigning and dispatching Pod to nodes in the cluster. It listens to kube-apiserver, queries the Pod of unassigned Node, and then assigns nodes to these Pod according to the scheduling policy.

You can specify that Pod runs only on specific Node nodes in three ways

NodeSelector: only dispatched to the Node that matches the specified label

NodeAffinity: more feature-rich Node selectors, such as support for collection operations

PodAffinity: dispatched to the Node where the Pod meets the condition

2.2.4 kube-controller-manager

Kube-controller-manager is the brain of Kubernetes, which monitors the status of the entire cluster through kube-apiserver and ensures that the cluster is in the expected working state. It consists of a series of controllers, which mainly include three groups:

1. Controller that must be started

EploymentController

DaemonSetController

NamesapceController

ReplicationController

RelicaSet

JobController

...

two。 Controller started by default

NodeController

ServiceController

PVBinderController

...

3. Optional controller prohibited by default

BootstrapSignerController

TokenCleanerController

...

2.2.5 Kubelet

Each Node node runs a kubelet daemon, which listens to port 10250 by default, receives and executes instructions from master, and manages containers in Pod and Pod. Each kubelet process registers the node's own information on the API Server and periodically reports the node's resource usage to the master node.

Node management

Mainly node self-registration and node status update:

Kubelet can determine whether to register itself with API Server by setting the startup parameter-- register-node.

If Kubelet does not choose self-enrollment mode, you need to configure the Node resource information and the API Server information in the cluster on the Kubelet.

Kubelet registers node information through API Server at startup, and regularly sends node status messages to API Server. After receiving new messages, API Server writes the information to etcd.

Container health examination

Pod uses two types of probes to check the health status of containers.

LivenessProbe Survival probe: use this probe to determine whether the container is healthy and tell Kubelet when a container is in an unhealthy state. If the LivenessProbe probe detects that the container is unhealthy, kubelet will delete the container and handle it accordingly according to the container's restart policy. If a container does not contain a LivenessProbe probe, kubelet assumes that the value returned by the container's LivenessProbe probe is always "Success".

ReadinessProbe ready probe: used to determine whether the container has started and is ready to receive the request. If the ReadinessProbe probe detects a failure, the state of the Pod will be modified. Endpoint Controller removes the Endpoint entry that contains the IP address of the Pod where the container is located from the Endpoint of the Service.

2.2.6 kube-proxy

A kube-proxy service runs on each machine, which listens for changes in service and Pod in API Server, and configures load balancers for the service through proxier such as userspace, iptables, ipvs, etc.

The agent mode (proxy-mode) provides the following three types:

1) userspace

In the earliest load balancing scheme, it listens on a port in user space, forwards all requests to that port via iptables, and then loads it internally to the actual Pod. The request of service will first enter the kernel iptables from user space, and then go back to user space (kube-proxy). Kube-proxy will complete the selection and proxy of the back-end Endpoints, so the performance loss caused by traffic entering and leaving the kernel from user space is unacceptable, so the proxy mode of iptables is generated.

2) iptables:

Iptables mode uses iptables completely for request filtering and forwarding. But if there is a large number of Service/Endpoint in the cluster, then the iptables rules on the Node will be very large, and adding or removing iptables rules will cause a large delay.

3) ipvs:

In order to solve the problem of network delay in the presence of a large number of iptables rules, Kubernetes introduces the ipvs model (ipvs is an important part of LVS-Linux Virtual Server, which was originally an open source project launched by Dr. Zhang Wensong of China to provide a solution for software load balancing). The following is the schematic diagram of the ipvs mode:

The above content is how to introduce the Kubernetes architecture and components. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.