Shulou(Shulou.com)05/31 Report--

This article introduces the relevant knowledge of "how to start Kubernetes Node Controller". In the operation of actual cases, many people will encounter such a dilemma. Then let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

The startup if ctx.IsControllerEnabled (nodeControllerName) of Node Controller is parsed to get Cluster CIDR, # clusterCIDR is CIDR Range for Pods in cluster. _, clusterCIDR, err: = net.ParseCIDR (s.ClusterCIDR) / / parse to get Service CIDR,# serviceCIDR is CIDR Range for Services in cluster. _, serviceCIDR, err: = net.ParseCIDR (s.ServiceCIDR) / / create NodeController instance nodeController, err: = nodecontroller.NewNodeController (sharedInformers.Core (). V1 (). Pods (), sharedInformers.Core (). V1 (). Nodes (), sharedInformers.Extensions (). V1beta1 (). DaemonSets (), cloud ClientBuilder.ClientOrDie ("node-controller"), s.PodEvictionTimeout.Duration, s.NodeEvictionRate, s.SecondaryNodeEvictionRate, s.LargeClusterSizeThreshold, s.UnhealthyZoneThreshold, s.NodeMonitorGracePeriod.Duration, s.NodeStartupGracePeriod.Duration, s.NodeMonitorPeriod.Duration ClusterCIDR, serviceCIDR, int (s.NodeCIDRMaskSize), s.AllocateNodeCIDRs, s.EnableTaintManager, utilfeature.DefaultFeatureGate.Enabled (features.TaintBasedEvictions), / / execute the Run method to start the Controller nodeController.Run () / / sleep for a random time The time size is "ControllerStartInterval + rand.Float64 () * 1.0*float64 (ControllerStartInterval)", where ControllerStartInterval can be specified by configuring the "--controller-start-interval" parameter of kube-controller-manager. Time.Sleep (wait.Jitter (s.ControllerStartInterval.Duration, ControllerStartJitter))}

Therefore, it is clear that the key lies in the following two steps:

NodeController, err: = nodecontroller.NewNodeController to create a NodeController instance.

NodeController.Run () executes the Run method to start the Controller.

Definition of NodeController

Before analyzing the principle of NodeController, it is necessary to take a look at how NodeController is defined. The complete definition is as follows:

Type NodeController struct {allocateNodeCIDRs bool cloud cloudprovider.Interface clusterCIDR * net.IPNet serviceCIDR * net.IPNet knownNodeSet map [string] * v1.Node kubeClient clientset.Interface / / Method for easy mocking in unittest. LookupIP func (host string) ([] net.IP, error) / / Value used if sync_nodes_status=False. NodeController will not proactively / / sync node status in this case, but will monitor node status updated from kubelet. If / / it doesn't receive update for this amount of time, it will start posting "NodeReady== / / ConditionUnknown". The amount of time before which NodeController start evicting pods / / is controlled via flag 'pod-eviction-timeout'. / / Note: be cautious when changing the constant, it must work with nodeStatusUpdateFrequency / / in kubelet. There are several constraints: / / 1. NodeMonitorGracePeriod must be N times more than nodeStatusUpdateFrequency, where / / N means number of retries allowed for kubelet to post node status. It is pointless / / to make nodeMonitorGracePeriod be less than nodeStatusUpdateFrequency, since there / / will only be fresh values from Kubelet at an interval of nodeStatusUpdateFrequency. / / The constant must be less than podEvictionTimeout. / 2. NodeMonitorGracePeriod can't be too large for user experience-larger value takes / / longer for user to see up-to-date node status. NodeMonitorGracePeriod time.Duration / / Value controlling NodeController monitoring period, i.e. How often does NodeController / / check node status posted from kubelet. This value should be lower than nodeMonitorGracePeriod. / / TODO: Change node status monitor to watch based. NodeMonitorPeriod time.Duration / / Value used if sync_nodes_status=False, only for node startup. When node / / is just created, e.g. Cluster bootstrap or node creation, we give a longer grace period. NodeStartupGracePeriod time.Duration / / per Node map storing last observed Status together with a local time when it was observed. / / This timestamp is to be used instead of LastProbeTime stored in Condition. We do this / / to aviod the problem with time skew across the cluster. NodeStatusMap map [string] nodeStatusData now func () metav1.Time / / Lock to access evictor workers evictorLock sync.Mutex / / workers that evicts pods from unresponsive nodes. ZonePodEvictor map [string] * RateLimitedTimedQueue / / workers that are responsible for tainting nodes. ZoneNotReadyOrUnreachableTainer map [string] * RateLimitedTimedQueue podEvictionTimeout time.Duration / / The maximum duration before a pod evicted from a node can be forcefully terminated. MaximumGracePeriod time.Duration recorder record.EventRecorder nodeLister corelisters.NodeLister nodeInformerSynced cache.InformerSynced daemonSetStore extensionslisters.DaemonSetLister daemonSetInformerSynced cache.InformerSynced podInformerSynced cache.InformerSynced / / allocate/recycle CIDRs for node if allocateNodeCIDRs = = true cidrAllocator CIDRAllocator / / manages taints taintManager * NoExecuteTaintManager forcefullyDeletePod func (* v1.Pod) error nodeExistsInCloudProvider func (types.NodeName) (bool Error) computeZoneStateFunc func (nodeConditions [] * v1.NodeCondition) (int, zoneState) enterPartialDisruptionFunc func (nodeNum int) float32 enterFullDisruptionFunc func (nodeNum int) float32 zoneStates map [string] zoneState evictionLimiterQPS float32 secondaryEvictionLimiterQPS float32 largeClusterThreshold int32 unhealthyZoneThreshold float32 / / if set to true NodeController will start TaintManager that will evict Pods from / / tainted nodes, if they're not tolerated. RunTaintManager bool / / if set to true NodeController will taint Nodes with 'TaintNodeNotReady' and' TaintNodeUnreachable' / / taints instead of evicting Pods itself. Behavior configuration of useTaintBasedEvictions bool} NodeController

The entire NodeController structure is very complex, containing 30 + items, and we will focus on:

ClusterCIDR-set through-- cluster-cidr, which represents CIDR Range for Pods in cluster.

SerivceCIDR-set through-- service-cluster-ip-range, which represents CIDR Range for Services in cluster.

KnownNodeSet-used to record a collection of NodeController observed nodes.

NodeMonitorGracePeriod-set through-- node-monitor-grace-period, which defaults to 40s, which means that a Node is allowed for 40s before it is marked as unhealthy.

NodeMonitorPeriod-set through-- node-monitor-period, which defaults to 5s, indicating the cycle of synchronizing NodeStatus in NodeController.

NodeStatusMap-used to record the last Status observed by each Node.

ZonePodEvictor-workers that evicts pods from unresponsive nodes.

ZoneNotReadyOrUnreachableTainer-workers that are responsible for tainting nodes.

PodEvictionTimeout-set through-- pod-eviction-timeout, which defaults to 5min, which represents the maximum Pod eviction time allowed when the Pod is forcibly deleted.

MaximumGracePeriod-The maximum duration before a pod evicted from a node can be forcefully terminated. Not configurable, the code is written as 5min.

NodeLister-the Interface used to get Node data.

DaemonSetStore-the Interface used to get daemonSet data. When a Pods is deleted through Eviction, the corresponding Pods of all daemonSet on that Node is skipped.

TaintManager-it is a NoExecuteTaintManager object when runTaintManager (default true) is true:

PodInformer and NodeInformer will listen after the PodAdd,PodDelete,PodUpdate and NodeAdd,NodeDelete,NodeUpdate events

Trigger TraintManager to execute the corresponding NoExecuteTaintManager.PodUpdated and NoExecuteTaintManager.NodeUpdated methods

Add events to the corresponding queue (podUpdateQueue and nodeUpdateQueue), and TaintController consumes these messages from these queue

TaintController calls handlePodUpdate and handleNodeUpdate processing respectively.

The specific processing logic of TaintController will be analyzed separately later.

ForcefullyDeletePod-this method is used for NodeController to call the apiserver interface to force the Pod to be deleted. It is used to delete Pod that is scheduled to Node with kubelet version less than v1.1.0, because versions prior to kubelet v1.1.0 do not support graceful termination.

ComputeZoneStateFunc-this method returns the number of NotReadyNodes in the Zone and the state of the Zone.

If there is no Ready Node, then the node state is FullDisruption

If the proportion of unhealthy Nodes is greater than or equal to unhealthyZoneThreshold, then the node state is PartialDisruption

Otherwise, the node state is Narmal.

EnterPartialDisruptionFunc-this method compares largeClusterThreshold with the current node num:

Returns secondaryEvictionLimiterQPS if nodeNum > largeClusterThreshold (default is 0.01)

Otherwise, 0 is returned, which means that the evict operation is stopped.

EnterFullDisruptionFunc-the method used to get evictionLimiterQPS (default is 0. 1). For an understanding of evictionLimiterQPS, see below.

ZoneStates-indicates the status of each zone, which can be

Initial

Normal

FullDisruption

PartialDisruption

EvictionLimiterQPS-through the-- node-eviction-rate setting, the default is 0.1, which indicates the number of Nodes that should be removed per second when a Zone status is healthy, that is, 1 Node per 10 seconds.

SecondaryEvictionLimiterQPS-through the-- secondary-node-eviction-rate setting, the default is 0.01, which indicates the number of Nodes that should be removed per second when a Zone status is unhealthy, that is, 1 Node per 100s.

LargeClusterThreshold-through-- large-cluster-size-threshold setting, default is 50, which means that when the size of the cluster composed of healthy nodes is less than or equal to 50, secondary-node-eviction-rate will be set to 0.

UnhealthyZoneThreshold-through-- unhealthy-zone-threshold setting, the default is 0.55, which means that when the proportion of unhealthy Nodes (at least 3) in a Zone reaches 0.55, the state of the Zone is considered to be unhealthy.

RunTaintManager-specified in-- enable-taint-manager and defaults to true. If true, it means that NodeController will start TaintManager, and TaintManager will be responsible for evict the Pods on the Nodes that cannot tolerate the Taint.

UseTaintBasedEvictions-specified in-- feature-gates, the default TaintBasedEvictions=false, is still an Alpha feature. If true, it means that Evict Pods will be done through Taint Nodes.

This is the end of "how to start Kubernetes Node Controller". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.