Kubernetes Architecture - Master và Worker Nodes
Tổng quan
Kubernetes cluster bao gồm hai loại nodes chính: Control Plane (Master nodes) và Worker Nodes. Control Plane quản lý cluster state và decisions, trong khi Worker Nodes chạy actual applications.
Kubernetes Cluster Architecture
┌─────────────────────────────────────────────────────────────────────────┐
│ KUBERNETES CLUSTER │
├─────────────────────────────┬───────────────────────────────────────────┤
│ CONTROL PLANE │ WORKER NODES │
│ (Master Nodes) │ │
│ │ │
│ ┌─────────────────────┐ │ ┌───────────────┐ ┌───────────────┐ │
│ │ │ │ │ Worker 1 │ │ Worker 2 │ │
│ │ ┌─────────────┐ │ │ │ │ │ │ │
│ │ │ API Server │ │ │ │ ┌─────────┐ │ │ ┌─────────┐ │ │
│ │ └─────────────┘ │ │ │ │ kubelet │ │ │ │ kubelet │ │ │
│ │ │ │ │ └─────────┘ │ │ └─────────┘ │ │
│ │ ┌─────────────┐ │ │ │ │ │ │ │
│ │ │ etcd │ │ │ │ ┌─────────┐ │ │ ┌─────────┐ │ │
│ │ └─────────────┘ │ │ │ │kube-proxy│ │ │ │kube-proxy│ │ │
│ │ │ │ │ └─────────┘ │ │ └─────────┘ │ │
│ │ ┌─────────────┐ │ │ │ │ │ │ │
│ │ │ Scheduler │ │ │ │ ┌─────────┐ │ │ ┌─────────┐ │ │
│ │ └─────────────┘ │ │ │ │Container│ │ │ │Container│ │ │
│ │ │ │ │ │ Runtime │ │ │ │ Runtime │ │ │
│ │ ┌─────────────┐ │ │ │ └─────────┘ │ │ └─────────┘ │ │
│ │ │ Controller │ │ │ │ │ │ │ │
│ │ │ Manager │ │ │ │ PODS │ │ PODS │ │
│ │ └─────────────┘ │ │ └───────────────┘ └───────────────┘ │
│ └─────────────────────┘ │ │
└─────────────────────────────┴───────────────────────────────────────────┘
Control Plane Components
Control Plane chứa các components quản lý entire cluster và make global decisions.
🎯 1. API Server (kube-apiserver)
Vai trò: Frontend cho Kubernetes control plane, expose Kubernetes API.
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ kubectl │───▶│ │───▶│ etcd │
└─────────────┘ │ │ └─────────────┘
│ │
┌─────────────┐───▶│ API Server │───▶┌─────────────┐
│ Dashboard │ │ │ │ Scheduler │
└─────────────┘ │ │ └─────────────┘
│ │
┌─────────────┐───▶│ │───▶┌─────────────┐
│ Helm │ │ │ │ Controller │
└─────────────┘ └─────────────┘ │ Manager │
└─────────────┘
Chức năng: - ✅ Authentication & Authorization: Verify users và permissions - ✅ Admission Control: Validate và mutate requests - ✅ RESTful API: HTTP API cho all operations - ✅ etcd Interface: Only component that talks directly to etcd - ✅ Watch Mechanism: Real-time updates to clients
API Groups:
# Core API Group (v1)
apiVersion: v1
kind: Pod
# Apps API Group
apiVersion: apps/v1
kind: Deployment
# Extensions API Group
apiVersion: networking.k8s.io/v1
kind: Ingress
🗄️ 2. etcd
Vai trò: Distributed key-value store, brain của Kubernetes cluster.
etcd Cluster (High Availability):
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ etcd-1 │───▶│ etcd-2 │───▶│ etcd-3 │
│ Leader │ │ Follower │ │ Follower │
└─────────────┘ └─────────────┘ └─────────────┘
▲ │
└──────────────────────────────────────┘
Raft Consensus Algorithm
Lưu trữ: - ✅ Cluster configuration: Nodes, services, pods - ✅ Secrets & ConfigMaps: Application configuration - ✅ Network policies: Security rules - ✅ Resource quotas: Cluster resource limits
Đặc điểm: - Consistency: Strong consistency với Raft algorithm - Reliability: Distributed và fault-tolerant - Performance: Optimized cho read-heavy workloads - Backup: Critical to backup regularly
🗓️ 3. Scheduler (kube-scheduler)
Vai trò: Decide which node để place pods dựa trên resource requirements.
Scheduling Process:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ New Pod │───▶│ Filtering │───▶│ Scoring │
│ (Pending) │ │ Nodes │ │ Nodes │
└─────────────┘ └─────────────┘ └─────────────┘
│ │
▼ ▼
┌─────────────┐ ┌─────────────┐
│ Available │ │ Best Node │
│ Nodes │ │ Selected │
└─────────────┘ └─────────────┘
Scheduling Factors:
# Resource Requirements
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
# Node Affinity
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
# Taints and Tolerations
tolerations:
- key: "special-hardware"
operator: "Equal"
value: "gpu"
effect: "NoSchedule"
Scheduling Algorithm: 1. Filtering: Remove nodes that don't meet requirements 2. Scoring: Rank remaining nodes based on preferences 3. Selection: Choose highest-scored node 4. Binding: Assign pod to selected node
🎛️ 4. Controller Manager (kube-controller-manager)
Vai trò: Run controllers that regulate cluster state.
Controller Manager:
┌─────────────────────────────────────────────────────────┐
│ Controller Manager │
├─────────────┬─────────────┬─────────────┬─────────────┤
│ Deployment │ ReplicaSet │ Service │ Node │
│ Controller │ Controller │ Controller │ Controller │
└─────────────┴─────────────┴─────────────┴─────────────┘
│ │ │ │
▼ ▼ ▼ ▼
┌─────────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Deployment │ │ ReplicaSet │ │ Endpoints │ │ Node │
│ Objects │ │ Objects │ │ Objects │ │ Status │
└─────────────┘ └─────────────┘ └─────────────┘ └─────────────┘
Main Controllers:
Deployment Controller
# Desired State
apiVersion: apps/v1
kind: Deployment
spec:
replicas: 3
# Controller ensures:
# - 3 pods are always running
# - Rolling updates when image changes
# - Rollback capability
ReplicaSet Controller
# Monitors pod count
spec:
replicas: 3
selector:
matchLabels:
app: nginx
# Actions:
# - If pods < 3: Create new pods
# - If pods > 3: Delete excess pods
Service Controller
# Manages service endpoints
apiVersion: v1
kind: Service
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 8080
# Controller maintains:
# - Endpoint list of pod IPs
# - Load balancer configuration
☁️ 5. Cloud Controller Manager
Vai trò: Interact với cloud provider APIs (AWS, GCP, Azure).
Cloud Provider Integration:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ AWS │ │ GCP │ │ Azure │
│ APIs │ │ APIs │ │ APIs │
└─────────────┘ └─────────────┘ └─────────────┘
▲ ▲ ▲
│ │ │
└───────────────────┼───────────────────┘
│
┌─────────────┐
│ Cloud │
│ Controller │
│ Manager │
└─────────────┘
Responsibilities: - Load Balancers: Provision cloud load balancers cho services - Persistent Volumes: Manage cloud storage volumes - Node Management: Add/remove nodes from cloud - Network Routes: Configure cloud networking
Worker Node Components
Worker nodes chạy actual application workloads và provide runtime environment.
🤖 1. kubelet
Vai trò: Primary node agent, đảm bảo containers running trong pods.
kubelet Responsibilities:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ API Server │───▶│ kubelet │───▶│ Container │
│ (Pods) │ │ │ │ Runtime │
└─────────────┘ └─────────────┘ └─────────────┘
│
▼
┌─────────────┐
│ Pod Status │
│ Reporting │
└─────────────┘
Functions: - ✅ Pod Lifecycle: Start, stop, monitor containers - ✅ Health Checks: Liveness và readiness probes - ✅ Resource Management: CPU, memory limits enforcement - ✅ Volume Management: Mount storage volumes - ✅ Status Reporting: Report pod/node status to API server
Pod Lifecycle:
# Pod phases kubelet manages:
Pending → Running → Succeeded/Failed
# Container states:
Waiting → Running → Terminated
🌐 2. kube-proxy
Vai trò: Network proxy, implement Kubernetes service abstraction.
Service Networking:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Client │───▶│ kube-proxy │───▶│ Pod 1 │
└─────────────┘ │ │ └─────────────┘
│ │ ┌─────────────┐
│ │───▶│ Pod 2 │
└─────────────┘ └─────────────┘
Load Balancing
Implementation Modes:
iptables Mode (Default)
# Service definition
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 8080
# kube-proxy creates iptables rules:
iptables -t nat -A KUBE-SERVICES -p tcp --dport 80 \
-j KUBE-SVC-XYZ
iptables -t nat -A KUBE-SVC-XYZ -m statistic \
--mode random --probability 0.5 -j KUBE-SEP-ABC
iptables -t nat -A KUBE-SEP-ABC -p tcp \
-j DNAT --to-destination 10.0.1.10:8080
IPVS Mode (High Performance)
# Better performance cho large clusters
# Uses Linux IPVS (IP Virtual Server)
# Supports more load balancing algorithms:
# - Round Robin
# - Least Connection
# - Shortest Expected Delay
🐳 3. Container Runtime
Vai trò: Software responsible for running containers.
Container Runtime Interface (CRI):
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ kubelet │───▶│ CRI │───▶│ Runtime │
└─────────────┘ │ │ │ (Docker/ │
│ │ │containerd/ │
└─────────────┘ │ CRI-O) │
└─────────────┘
Popular Runtimes:
Docker (Legacy, being deprecated)
# Traditional Docker runtime
docker pull nginx:1.20
docker run -d nginx:1.20
containerd (Recommended)
# High-performance container runtime
# Used by Docker internally
# Direct integration với Kubernetes
CRI-O
# Lightweight container runtime
# Specifically designed cho Kubernetes
# OCI-compliant
Add-on Components
📊 DNS (CoreDNS)
# Every service gets DNS name:
my-service.my-namespace.svc.cluster.local
# Pod DNS:
10-0-1-10.my-namespace.pod.cluster.local
🌐 Ingress Controller
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
📈 Metrics Server
# Provides resource metrics for:
kubectl top nodes
kubectl top pods
Communication Flow
Pod Creation Flow:
1. kubectl apply -f pod.yaml
2. API Server validates request
3. API Server stores in etcd
4. Scheduler watches new pods
5. Scheduler assigns node
6. kubelet on node watches assigned pods
7. kubelet creates containers
8. kubelet reports status back
Service Request Flow:
1. Client makes request to service IP
2. kube-proxy intercepts (iptables/IPVS)
3. Request forwarded to pod IP
4. Pod processes request
5. Response returns to client
High Availability Considerations
Control Plane HA:
┌─────────────┐ ┌─────────────┐ ┌─────────────┐
│ Master 1 │ │ Master 2 │ │ Master 3 │
│ (Active) │ │ (Standby) │ │ (Standby) │
└─────────────┘ └─────────────┘ └─────────────┘
│ │ │
└───────────────────┼───────────────────┘
│
┌─────────────┐
│ Load │
│ Balancer │
└─────────────┘
etcd HA:
# Odd number of nodes (3, 5, 7)
# Quorum needed: (n/2) + 1
3 nodes: Can lose 1 node
5 nodes: Can lose 2 nodes
7 nodes: Can lose 3 nodes
Java Example: Interacting with Kubernetes API Server
Bạn có thể sử dụng Fabric8 Kubernetes Client để tương tác với Kubernetes API Server từ ứng dụng Java của mình. Điều này cho phép bạn tạo, đọc, cập nhật và xóa các tài nguyên Kubernetes một cách lập trình.
import io.fabric8.kubernetes.client.DefaultKubernetesClient;
import io.fabric8.kubernetes.client.KubernetesClient;
import io.fabric8.kubernetes.api.model.Pod;
import io.fabric8.kubernetes.api.model.PodList;
import io.fabric8.kubernetes.api.model.Namespace;
public class KubernetesApiInteraction {
public static void main(String[] args) {
try (KubernetesClient client = new DefaultKubernetesClient()) {
// 1. List all Pods in a namespace
System.out.println("Listing pods in default namespace:");
PodList podList = client.pods().inNamespace("default").list();
for (Pod pod : podList.getItems()) {
System.out.println("- " + pod.getMetadata().getName() + " (Status: " + pod.getStatus().getPhase() + ")");
}
// 2. Get a specific Pod
String podName = "my-nginx-app-deployment-xxxx"; // Replace with an actual pod name
Pod myPod = client.pods().inNamespace("default").withName(podName).get();
if (myPod != null) {
System.out.println("\nDetails for pod " + podName + ":");
System.out.println(" Image: " + myPod.getSpec().getContainers().get(0).getImage());
} else {
System.out.println("\nPod " + podName + " not found.");
}
// 3. Create a new Namespace (example)
String newNamespaceName = "java-created-namespace";
if (client.namespaces().withName(newNamespaceName).get() == null) {
Namespace newNamespace = client.namespaces().createOrReplaceWithNew()
.withNewMetadata().withName(newNamespaceName).endMetadata()
.build();
System.out.println("\nNamespace " + newNamespaceName + " created.");
} else {
System.out.println("\nNamespace " + newNamespaceName + " already exists.");
}
// 4. Delete a Namespace (use with caution!)
// client.namespaces().withName(newNamespaceName).delete();
// System.out.println("\nNamespace " + newNamespaceName + " deleted.");
} catch (Exception e) {
System.err.println("Error interacting with Kubernetes API: " + e.getMessage());
e.printStackTrace();
}
}
}
Next Steps
- 📚 Learn about Pods - Basic workload unit
- 🎯 Study Services - Network abstraction
- 🏗️ Practice kubectl - Command-line tool
- 💻 Setup local cluster - minikube, kind
- 📖 Explore networking - CNI plugins
"Understanding Kubernetes architecture is key to mastering container orchestration. Each component has specific role trong distributed system!"