Controllers

Controllers execute on the control plane, in the Controller Manager. They're reconciliation loops: continually monitoring the desired and actual states of the cluster to identify and execute changes to bring the two in line.

  1. Watch state, either via watch mechanism or polling.
  2. Determine and perform operations to reconcile the current state with the desired state.
  3. Submit deltas to the API Server.

Controller Manager

The Controller Manager is made up of two components:

  • kube-controller-manager runs the core controllers. There's only one instance per cluster.
  • cloud-controller-manager was farmed out to enable easier implementation of integrations with the host cloud platform environment at the vendor's own pace.

Admission

Admission controllers intercept write requests to the Kubernetes API server after authentication and authorisation but before an object is persisted. There are two types of admission controller, and some controllers are both types:

  • MutatingAdmissionWebhook run first, and can modify admitted objects.
  • ValidatingAdmissionWebhook run later, and can reject admitted objects.

A rejection from any admission controller rejects the request.

Admission controllers are enabled with the API server's --enable-admission-plugins switch. Controllers enabled by default can be disabled with --disable-admission-plugins. The list of plugins enabled by default can be obtained from the help output:

kube-apiserver -h | grep enable-admission-plugins

ReplicaSet

Deploys and maintains a defined number of pods matching the supplied template.

Deployment

Enables declarative updates of pods and ReplicaSets, providing managed roll forward and back.

DaemonSet

DaemonSet allows running a copy of the specified pod on all, or all matching, nodes. It's commonly used for cluster components and monitoring/maintenance agents.

StatefulSet

Allows management of stateful applications, providing unique network names, persistent storage and ordered operations for scaling and rolling updates.

Job

Facilitates batch workloads, creating one or more pods and ensures a defined number of them terminate successfully.

CronJob

Runs a Job on a defined schedule.

Node

Monitors the up/down state of nodes and resources running on them.

Service

Manages the creation and deletion of load balancers.

Endpoint

Manages the endpoints for Kubernetes services based on the configured selectors and readiness states of pods.


Children
  1. Admission controllers

Backlinks