K8S - Masters & Minions

15 Jul 2018

A kubernetes cluster is effectively a bunch of master & minions
Well, we need something to run these on, but it is not opinionated on what the underlying infra is. Let’s delve a little deeper into them.

So the kubernetes cluster runs on any underlying infrastructure. It doesn’t care. It could be bare metal, VMs, cloud instances, openstack, its just not bothered as long as it is linux.

Teach Me - My Master

A master is actually a bunch of moving parts & in most common set ups, they all run on a single server.
But multi master HA is the way to go. We could even get into a distributed control plane in the near future. Mostly though, it is a bit of a monolith.

Its also a general practice to keep the master free of user workloads. So the apps are run on the nodes & keep the master free for “baby-sitting”. It just keeps things clean & simple

Let’s drill in a bit & start peeling the labels off

Api Server

The api server is the front end into the master or the control plane. In fact it is the only master components that clients would be interacting with and the only one with a proper external facing interface.
And like all good things these days, it exposes its external interface via restful apis and consumes a json.

What that means on lay man terms is that

  • We send in our manifest files which declare the state of our app like a record of intent
  • Master validates it & attempts to deploy it on the cluster

Cluster Store

If the api serves as the brain of the cluster, then the cluster store is its memory as the state of the cluster gets persistently stored here. K8S currently uses etcd as its store which is battle hardened already.

For those who are unaware, Etcd is an opensource distributed key value store developed by CoreOS.
It is distributed & consistent.

It is important to note, etcd is the source of truth for the cluster. Meaning, no etcd, no K8s cluster.

Controller Manager (kube-controller)

This is the king of kings, the controller of controllers. It could very well be a bit of a monolith.
Currently, this component implements a few features & functions which could very well be split out to multiple services. There are a bunch of controllers

  • Node Controller
  • Endpoints Controller
  • Namespace Controller
  • Bah, there is practically a controller for everything

They all sit in a loop & watch for changes; the aim of the game being to make sure the current state of cluster matches the desired state.

Scheduler (kube-scheduler)

It watches for new pods and assigns them to minions. Might sound trivial but it has a ton of things to think about

  • affinity/anti-affinity
  • constraints
  • resource management

Winding up

In short, the master is the brains of the K8S. Commands and queries come into the api server via the kubectl utility (or other sdk libs), further to which a bit of chatter goes on between other master components & eventually commands & action items make their way to the minions

Thou art my Minion

Kubernetes is way over on the cattle side on the pets v cattle battle. And cattle is all about worker nodes being these faceless, characterless drones that we don’t really care about and that we can swap out without even noticing.
That’s what is a minion is. This unimportant faceless figure that does what the master says, and if the minion fails or dies, we swap it out & its business as usual.

Anyway, let’s take a closer look.

They are much simpler than the master. There only 3 things that we care

  • kubelet
  • container runtime
  • kube proxy

Kubelet

The kubelet is the main kubernetes agent on the node. In fact it is synonymous to the node/minion.
It performs the below

  • It registers the node as a minion to the k8s cluster
  • It watches the api server on the master for work assignments
  • It carries out the task
  • Maintains a reporting channel back to the master

Container Runtime

The kubelet works with pods which are basic unit of deployment in K8S.
Since the pod is made up of containers packaged together and deployed as single unit, the kubelet needs to work with the container runtime to do all the container management

  • Pulling images
  • Starting & stopping container

For most parts, the container runtime is docker, but rkt is also very much on the scene.

Kubeproxy

The last piece of the puzzle is kube-proxy. This is like the network brains of the minion.

  • IP Addressing
    For one thing it makes sure every pod gets its own unique ip.
  • Load Balancing
    The proxy also does light weight load balancing via a service.
    A Service is a way of hiding multiple pods behind a single network address.

So you have made it !!! Well done !!! You are no longer a kubernetes noob anymore. Cya until next time.
Shout me out on twitter if you need anything, until then

who am i

I'm Balajee Mohan
A self proclaimed geek, creative genius, visionary, brave risk-taker, healthy sport, avocational writer and an astute liar. ;)
A humorous entertainer nonetheless.

A passionate Software Techy, hailing from Bangalore, India, who is inclined towards problem solving.
I strongly believe addressing the root cause is more important than addressing the symptoms.

Here you can find my Résumé.
Hop in as we explore the fun around us.

what is this

After Monday and Tuesday, even the calendar says 'WTF'.

WTF - disappointingly for some, is an acronym of 'What's The Fun?'

Buckle up, let's see the funside of everything
Science, Prose, Poetry, Tech, Puzzles, whatever under the sky and beyond!
Stand out of the crowd.
Remove the jargon, take out the abstraction, discard the sugarcoats!
Come Let's have fun!
Let's unjargon!

where am i

github//balajeetm
twitter//balajeetm
linkedin//balajeetm
by Balajee Mohan.
Content available under Creative Commons (BY-NC-SA) unless otherwise noted.