https://buddy.works/blog/thumbnails/gke-authentication.png

The Kubernetes Control Plane

https://kubernetes.io

Let’s look at how kubernetes carries out communication internally.

The kubectl command is what the user interacts with and that is what is used to establish internal connection with the kubernetes backend. The command needs to be first configured with the appropriate credentials and th elocation of the kubernetes cluster.

$> kubectl get pods

• This sends an API call through HTTPs to the cluster
• An API response is sent back via HTTPS to the console and is displayed to the user.

Let’s further dive into what exactly happens at the backend. Take a look at the diagram below :

Kubernetes Control Plane

The Master :

• The master makes global decisions about the cluster and they also detect and respond to cluster events like starting up a new pod when a deployment’s field “replicas” is unsatisfied. (replicas dictate the number of identical structures of nodes to be kept at any given point in time)
• Master components, set up scripts typically start all master components on the same machine, and do not run user containers on this machine for the sake of simplicity.

The Master Components :

1. Kube API server:

• Accepts commands that view or change state of the cluster, including that of launching of pods.
• It authenticates requests and determines if they are authorised and valid, thereby managing admission control.
• This is the component of master that receives the API call and appropriately serves it.
• It is the Kube API server that also establishes connection with the kubelet.(kubelets will be covered shortly.. hang in there!).

2. etcd:

• It is the clusters database.
• It reliably stores the state of the cluster, including all information with regard to cluster configuration and more dynamic information like what nodes need to be running, etc.
• As you can see in the diagram the kube API server interacts directly with etcd.
• If your Kubernetes cluster uses etcd as its backing store, make sure you have a safe back up plan for that data.

3. Kube-Scheduler:

• Its task is to schedule pods onto nodes and evaluate the requirement of each pod.
• After the evaluation is complete it has to select the most suitable node.
• In reality it does not actually launch pods onto nodes, rather it looks for pods with no nodes assigned and then simply writes the name of that node into the pod object.(It’s more like a manager making a reservation in a restaurant as soon as a table is seen empty or vacated, as per requirement).
• Since it is a scheduler it also keeps a track of the state of all pods. Also take care of hardware, software and policy constraints.

4. Kube Controller Manager:

• It continuously monitors the state of the cluster via the kube API server.
• When the current state does not match the desired state, it makes changes to achieve the desired state.(A reservation was made but since no table was vacant the manager decides to add another table to accommodate the customer).
• It is called the controller manager as Kubernetes objects are maintained by loops of code called controllers.
• The controller also communicates with important information if a node goes offline.

5. Kube Cloud Manager:

• cloud-controller-manager runs controllers that interact with the underlying cloud providers.
• cloud-controller-manager allows the cloud vendor’s code and the Kubernetes code to evolve independently of each other. In prior releases, the core Kubernetes code was dependent upon cloud-provider-specific code for functionality.
• It’s responsible for features like load balancing, storage volumes as and when required.

The Node :

By now we all know what a node is, if not i’m surprised how you’ve understood up until this point… (Quick Read1, Quick Read2).

The Node Components :

1. Kubelet:

• It is the kubernetes agent on each node.
• When the start of a pod is required, a connection kubelet is required.
• The kubelet uses the container runtime to start the pod, monitors its lifecycle, checks for the readiness, etc.
• The Kubelet reports to the kube API server.
• One point to note about GKE is that it makes use of only the Docker container runtime.

2. Kube-proxy:

• It is a network proxy that runs on each node in your cluster.
• It maintains network connectivity among the pods in a cluster.(kube-proxy maintains network rules on nodes which allows it to maintain network connectivity).

All these come together to form the Kubernetes control plane. Now you should have a clear understanding of how these components interact and what tasks they perform.

In the next article we’ll try to jump into the operations in kubernetes and more of the kubectl command and how it works. Until then, Keep learning :)