Skip to main content

4. Components

4.1.Kubernetes

4.1.1 Kube-API (API Server)

Description: API Server is the central management component of a Kubernetes cluster, providing a RESTful API for interacting with the system. It provides access to cluster data, their modification and deletion, and coordinates all operations related to component and resource management. API Server serves as the link between all other Kubernetes components.

Functions

  • Processing all incoming requests (via REST API), including creation, updating, and deletion of resources.
  • Interacting with etcd for storing and retrieving configuration data.
  • Authentication and authorization of requests through integration with RBAC/ABAC.
  • Ensuring internal synchronization with cluster components through queue and notification mechanisms.

Interfaces

  • HTTP/HTTPS RESTful API.
  • WebSocket for real-time notifications (e.g., via Watch).

4.1.2 Kube-controller-manager

Description: Kube-controller-manager is a Kubernetes component responsible for managing the state of resources in the cluster through various controllers. It monitors the state of resources (e.g., pods, replica sets, deployments) and takes action to bring the actual state to the desired state, ensuring fault tolerance and scalability of applications. Controllers perform tasks such as creating, updating, and deleting resources, as well as enforcing scaling rules and ensuring availability.

Functions

  • Performing control operations to maintain the desired state of resources in the cluster.
  • Managing the lifecycle of Kubernetes objects such as replica sets, deployments, pods, and services.
  • Implementing scaling, update, and rollback strategies for resources.
  • Ensuring fault tolerance and recovery from failures by automatically creating or deleting resources.

Features

  • Includes several types of controllers for performing specific tasks, for example:
    • Replication Controller — maintains the specified number of pod replicas.
    • Deployment Controller — manages smooth updates and rollbacks of deployments.
    • StatefulSet Controller — provides pod state management while preserving stable identifiers and volumes.
  • Provides automatic resource scaling management, including vertical and horizontal scaling.
  • Implements automatic resource state checks, with subsequent correction of desired state violations.

Kube-controller-manager plays a key role in maintaining the stability and availability of applications by automating the processes of creating, updating, and recovering resources in Kubernetes.

4.1.3 Kube-scheduler

Description: Kube-scheduler is a Kubernetes component responsible for distributing pods across cluster nodes. It makes decisions about which node should run a new pod, considering available node resources, labels and annotations, as well as preferences set by users or placement policies. The Scheduler performs the task of optimal load distribution and ensuring efficient resource utilization in the cluster.

Functions

  • Scheduling pods to nodes based on available resources such as CPU, memory, and others.
  • Determining preferences for pod placement, for example, considering geographic proximity or specific network configurations.
  • Evaluating resource state on nodes and distributing load to ensure optimal cluster operation.

Features

  • Plans pod placement based on available node resources such as CPU, memory, network interfaces, and other parameters.
  • Supports pod placement policies through affinity (placing on nodes with specific labels) and anti-affinity (avoiding placement on nodes with specific labels).
  • Ensures fault tolerance and high availability through even load distribution between nodes.
  • Integrates with other Kubernetes components to apply priority strategies, for example, with Taints and Tolerations to exclude nodes with non-standard configurations or state.
  • Uses dynamic node state checking and automatic pod reassignment when resources change or nodes fail.

Kube-scheduler plays a key role in ensuring load balancing and efficiency of the Kubernetes cluster, correctly distributing pods depending on current conditions and constraints.

4.1.4 Kubelet

Description: Kubelet is an agent running on each node of a Kubernetes cluster. It is responsible for starting and managing containers (pods), as well as maintaining their current state. Kubelet performs operations related to container monitoring, interacts with the API Server and the container runtime, and provides information about the state of pods and containers to etcd.

Functions

  • Starting and managing containers on the node, including creating, starting, and stopping pods.
  • Monitoring the state of containers, performing liveness and readiness checks.
  • Reporting the current state of pods and containers to etcd via the API Server.
  • Processing commands from the API Server, such as restarting or updating containers.

Features

  • Interacts with the Container Runtime Interface (CRI), providing integration with container engines (e.g., containerd or CRI-O).
  • Supports liveness and readiness probes, which help determine when containers are ready to serve traffic or when they should be restarted.
  • Ensures the accuracy and consistency of the container state on the node by transmitting the current state information to the API Server.
  • Uses RBAC (Role-Based Access Control) (ABAC) to manage access to Kubernetes resources, allowing the definition of what actions Kubelet can perform within the cluster. This includes access to the API Server and interaction with other components, ensuring security at the node and resource level.
  • Works with ServiceAccount for authentication and authorization of requests to the API Server, using the corresponding role and rolebinding.

Kubelet is a critical element in maintaining the health and security of containers on each node. It ensures correct container execution, monitoring, and interaction with other components through controlled access using RBAC.

4.1.5 Kubeadm

Description: Kubeadm is a tool for simplifying the deployment and configuration of a Kubernetes cluster. It automates the process of installing and configuring cluster components such as API Server, Controller Manager, Scheduler, and Etcd, and also ensures the creation and configuration of connections between cluster nodes.

Kubeadm is not a full-fledged cluster management system but focuses on basic infrastructure setup and installation. It provides the ability to quickly set up a Kubernetes cluster while following best practices and security recommendations.

Functions

  • Initializing the Kubernetes master node, including creating configurations and certificates.
  • Connecting worker nodes to the cluster.
  • Configuring network infrastructure and interaction between components.
  • Managing the certificate lifecycle, including creation, renewal, and rotation.
  • Ensuring secure connections between nodes using TLS certificates for traffic encryption.
  • Creating and configuring the necessary service accounts and roles for cluster operation.

Features

  • Suitable for both test and production environments.
  • Supports configuration of highly available clusters and various storage types.
  • Simplifies the process of upgrading and migrating Kubernetes components, minimizing risks during version transitions.
  • Provides automatic certificate management, significantly simplifying the cluster security process.

4.1.6 Kubectl

Description:
Kubectl is a command-line utility for interacting with the Kubernetes API server. Kubectl is used by administrators and developers to manage Kubernetes cluster resources. With kubectl, you can create, modify, delete, and view resources in the cluster, as well as perform diagnostics and monitor system status. Kubectl serves as the client interface for sending requests to the Kubernetes server, providing convenient access to cluster functionality.

Functions:

  • Interaction with API Server: Kubectl sends HTTP requests to the API Server using the RESTful API to perform various operations (e.g., creating or deleting pods, deploying applications).
  • Cluster resource management: Creating, modifying, deleting, and viewing resources such as pods, replica sets, deployments, services, and other Kubernetes objects.
  • Cluster status retrieval: Viewing resource status, container logs, and troubleshooting issues.
  • Context and configuration operations: Ability to work with multiple clusters through contexts, using different configuration files for access management and settings (e.g., via kubectl config).
  • Running commands and scripts: Ability to execute various commands, including running one-off pods for administrative tasks, as well as executing commands inside containers via kubectl exec.

Features:

  • Multi-cluster support: Kubectl can be configured to interact with multiple Kubernetes clusters, allowing you to switch between them using contexts.
  • Interactive commands: Ability to use flags for outputting information in convenient formats (e.g., -o yaml, -o json) for more detailed analysis or use in scripts.
  • Diagnostics and debugging: Kubectl provides tools for diagnosing and debugging application behavior in the cluster, including access to logs (kubectl logs), executing commands inside containers (kubectl exec), and monitoring the status of pods and nodes.
  • Automation and CI/CD integration: Kubectl is actively used in deployment automation and application management processes in Kubernetes, integrating with CI/CD systems for continuous integration and delivery.

4.2. ETCD

4.2.1. Etcd

Description: Etcd is a distributed open-source key-value store used to store all configuration data and state of a Kubernetes cluster. All key data such as pod states, deployments, secrets, and services are stored in etcd. This store ensures data consistency and allows Kubernetes clusters to recover their state after failures.

etcd is the foundation of the entire cluster, providing reliability and high availability of data. In Kubernetes, it is used as a centralized store for all cluster metadata, including configurations and component statuses.

Functions

  • Storing all configuration and state of the Kubernetes cluster.
  • Ensuring data consistency in a distributed system.
  • Supporting high availability and fault tolerance through data replication.
  • Ability to recover cluster state in case of failures.

Features

  • Consistency: Uses the Raft consensus algorithm to ensure data integrity.
  • High availability: Supports data replication between multiple nodes for fault tolerance.
  • Distribution: Distributed storage with scalability, allowing multiple replicas for high-speed operation and backup.
  • API interface: Provides a REST API for accessing and managing data stored in etcd.

4.2.2. Etcdbrctl

Description: etcdbrctl is a component developed as part of the Gardener project for backing up and restoring ETCD data.

Functions

  • Creating full and incremental ETCD backups on a schedule (cron).
  • Storing backups in a local file system or S3-compatible storage.
  • Managing the number of stored snapshots and their automatic cleanup (garbage collection).
  • Supporting backup compression (gzip) and chunk uploads.
  • Restoring ETCD data from a selected backup.
  • Automatic defragmentation and compaction of ETCD on a schedule.

Features

  • CLI utility (etcdbrctl snapshot, etcdbrctl restore, etcdbrctl server).
  • HTTP endpoint (in server mode) for health checks and metrics.
  • Deployment format via DaemonSet, static pod, or systemd unit.

4.3. Runc

Description: Runc is a low-level tool for creating and managing containers, implementing the Open Container Initiative (OCI) specification. It is used for running containers in Kubernetes via CRI (Container Runtime Interface).

Functions

  • Running containers using container images.
  • Managing the container lifecycle (creation, startup, shutdown).
  • Providing container isolation and security at the operating system level.

Features

  • Works as a container runtime for Kubernetes, ensuring container execution in a strictly isolated environment.
  • Interacts with the container runtime via CRI, using interfaces such as containerd or CRI-O.

4.4. Containerd

Description: Containerd is a high-performance, open-source container runtime used for running and managing containers. It provides the functionality needed to work with containers, such as creation, execution, lifecycle management, and image handling. Containerd integrates with CRI (Container Runtime Interface), providing the necessary abstraction for interaction with Kubernetes through kubelet.

Containerd is a low-level component used for interacting with containers and their execution, while it does not provide full container orchestration or scheduling — these functions are performed by Kubernetes.

Functions

  • Container lifecycle management, including creation, execution, stopping, and deletion of containers.
  • Working with container images: downloading, extracting, and storing images.
  • Support for CRI interaction for integration with Kubernetes through kubelet.
  • Handling network settings and mounting disk volumes for containers.
  • Managing container resources such as CPU, memory, and I/O.
  • Integration with containerd-shim for managing isolation and communication with containers at the operating system level.

Features

  • Compatible with Open Container Initiative (OCI), ensuring support for container image standards and specifications.
  • Lightweight and highly efficient container runtime, focused on supporting scalable and performant container solutions.
  • Uses gRPC API for container management and interaction with other system components.
  • Can be used not only with Kubernetes but also with other container orchestrators and solutions.
  • Supports extensibility through plugins for interaction with various networking solutions, storage, and other systems.

Containerd provides the foundational infrastructure for container management that can be used as part of larger systems such as Kubernetes for working with containers in a distributed environment.

4.5. Crictl

Description: Crictl is a command-line tool for interacting with container environments that use the CRI interface. Crictl allows administrators to perform operations with containers and pods, such as creating, starting, stopping, and retrieving information about containers managed through CRI.

Functions

  • Sending commands to container environments that use CRI.
  • Managing the lifecycle of containers.
  • Retrieving information about containers, pods, and their status.

Features

  • A convenient tool for diagnosing and debugging containerized applications in Kubernetes.
  • Provides functionality similar to standard Docker tools but oriented towards CRI.