Parsing the Kubernetes architecture

I. Introduction:

Kubernetes is an open source container management tool, based on the Go language implementation, lightweight and portable applications, you can put kubernetes cluster on the Linux host deployment, management and expansion of the Docker container application on multiple hosts.

Two. Architecture: 1. The kubernetes consists of the following components:

• Kubernetes Master
• Kubernetes nodes
• Etcd
• Kubernetes Network

2. The component is connected over the network, as shown in:

3. The above diagram can summarize the following information:

• Kubernetes Master: Etcd to store data via HTTP or HTTPS connection.
• Kubernetes nodes: Connect kubernetes master via http or HTTPS to get command and report status.
• Kubernetes Network: A connection is established between the L2,L3 or overlay and the container.

(1) Kubernetes Master:

Kubernetes mainly has the following functions:

• Certifications and authorizations
• RESTful API Entry point
• Scheduling for Kubernetes nodes container deployments
• Expansion and Replication containers
• Read configuration to create a cluster

Shows how Master daemon works to achieve the above features:

API Server (Kube-apiserver)

API server provides a RESTful API based on HTTP or HTTPS, which is the center of the kubernetes component, such as Kubectl, the scheduler, the replication controller, and ETCD data storage , and Kubelet and Kube-proxy running on the kubernetes nodes.

Scheduler (Kube-scheduler)

The scheduler helps to choose which container is running on which node, and for dispatching and binding containers to nodes, it simply uses a simple algorithm to define the priority.

Like what:

• Cpu
• Memory
• How many containers are running

Controller Manager (Kube-controller-manager)

This control manages the operations that perform the cluster. Like what:

• Management kubernetes Nodes
• Create and update kubernetes internal information
• Try to change the current state to a satisfactory state.

Command-Line interface (KUBECTL)

After installing Kubernetes master, you can use the Kubernetes command line interface, KUBERCTL, to manage kubernetes clusters, such as using Kubectl get CS to return the status of each component, Kubectl get Nodes returns a list of Kubernetes nodes.

//see the Component Statuses# kubectl get csNAME STATUS MESSAGE ERRORcontroller-manager Healthy ok nilscheduler Healthy ok niletcd-0 Healthy {"health": "true"} nil//see the nodes# kubectl get nodesNAME LABELS STATUS AGEkub-node1 kubernetes.io/hostname=kub-node1 Ready 26dkub-node2 kubernetes.io/hostname=kub-node2 Ready 26d

(2) Kubernetes node

Kubernetes node in the kubernetes cluster is slave node, which is controlled by Kubernetes Master and uses the Docker branch application.

Describes the tasks and roles in a node:

It can be seen that the node has two daemons, Kubelet and Kube-proxy.

Kubelet is the primary process in the Kubernetes node, and it is responsible for communicating with Kubernetes master to complete the following operations.

• Periodic access to API controller to check and report
• Perform the operation of the container
• The branch HTTP server provides simple APIs.

Proxy (Kube-proxy)

Proxy handles the load balancing of network agents and each container, and it controls TCP and UDP packets on the container by changing the Linux iptables rules.

After configuring the Kube-proxy daemon, it configures the iptables rule and can use iptables–t nat–l or iptables–t nat–s to check the rules of the NAT table as follows:

The result is vary and dynamically changed by Kube-proxy
# sudo iptables-t nat-s
-P prerouting ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P postrouting ACCEPT
-N DOCKER
-N Flannel
-N Kube-nodeport-container
-N Kube-nodeport-host
-N Kube-portals-container
-N Kube-portals-host
-A prerouting-m comment--comment "handle clusterips; Note:this must be before the Nodeport rules "-j kube-portals-container
-A prerouting-m addrtype--dst-type local-m comment--comment "handle service nodeports; Note:this must is the last rule in the chain "-j Kube-nodeport-container
-A prerouting-m addrtype--dst-type local-j DOCKER
-A output-m comment--comment "handle clusterips; Note:this must be before the Nodeport rules "-j kube-portals-host
-A output-m addrtype--dst-type local-m comment--comment "handle service nodeports; Note:this must is the last rule in the chain "-j kube-nodeport-host
-A OUTPUT! -D 127.0.0.0/8-M addrtype--dst-type local-j DOCKER
-A postrouting-s 192.168.90.0/24! -O Docker0-j Masquerade
-A postrouting-s 192.168.0.0/16-j flannel
-A flannel-d 192.168.0.0/16-j ACCEPT
-A flannel! -D 224.0.0.0/4-j Masquerade

(3) Etcd

ETCD is a distributed key-value data store that can perform crud operations through the RESTful API, kubernetes using ETCD as the primary data store.

You can use the Curl command to get:

EXAMPLE:ETCD server is localhost and default port is 4001
# curl-l Http://127.0.0.1:4001/v2/keys/registry
{"Action": "Get", "node": {"key": "/registry", "dir": True, "nodes": [{"Key": "/registry/namespaces", "dir": true, " Modifiedindex ": 6," Createdindex ": 6},{" key ":"/registry/pods "," dir ": True," Modifiedindex ": 187," Createdindex ": 187}, {"Key": "/registry/clusterroles", "dir": True, "Modifiedindex": 196, "Createdindex": 196},{"key": "/registry/ Replicasets "," dir ": True," Modifiedindex ": 178," Createdindex ": 178},{" key ":"/registry/limitranges "," dir ": true," Modifiedindex ": 202," Createdindex ": 202},{" key ":"/registry/storageclasses "," dir ": True," Modifiedindex ": 215," Createdindex ": 215},{" key ":"/registry/apiregistration.k8s.io "," dir ": True," Modifiedindex ": 7," Createdindex ": 7},{" Key ":"/registry/serviceaccounts "," dir ": True," modifiedindex ": +," Createdindex ": 70},{" key ":"/registry/secrets "," Dir ": True," Modifiedindex ":" Createdindex ": 71},{" key ":"/registry/deployments "," dir ": True," Modifiedindex ": 177, "Createdindex": 177},{"key": "/registry/services", "dir": True, "Modifiedindex": "Createdindex": 13},{"Key": "/ Registry/configmaps "," dir ": true," ModiFiedindex ": Createdindex": 52},{"key": "/registry/ranges", "dir": True, "Modifiedindex": 4, "Createdindex": 4},{" Key ":"/registry/minions "," dir ": True," modifiedindex ": +," Createdindex ": 58},{" key ":"/registry/ Clusterrolebindings "," dir ": True," Modifiedindex ": 171," Createdindex ": 171}]," Modifiedindex ": 4," Createdindex ": 4}}

(4) Kubernetes network:

Containers can use Docker network or Docker compose to discover each other if they are communicating between a single node. If communication is made between multiple nodes, Kubernetes uses overlay network or container network interface (the MLM) to complete the communication between multiple containers.

Parsing the Kubernetes architecture