bookmark_borderKube Controller Manager in Kubernetes

Kube Controller manager manages various controllers in Kubernetes. The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.

  1. Continuously on the lookout for the status.
  2. Take necessary actions to remediate the situation.

In the Kubernetes terms, a controller is a process that continuously monitors the state of various components within the system, and works towards bringing the whole system to the desired functioning state.

Controllers

  • Node Controller
  • Replication Controller
  • Deployment Controller
  • Namespace Controller
  • Many more controllers in Kubernetes

Node Controller is responsible for monitoring the status of the nodes and taking necessary actions to keep the application running. It does that through the Kube API Server. The Node controller checks the status of the nodes every 5 seconds. That way the node controller can monitor the health of the nodes if it stops receiving heartbeat from a node. The node is marked as unreachable but it waits for 40 seconds before marking it unreachable after a node is marked unreachable it gives it five minutes to come back up if it does not, it removes the pods assigned to that node and provisions them on the healthy ones if the pods are part of a replicaset.

Replication controller is responsible for monitoring the status of replicasets and ensuring that the desired number of pods are available at all times within the set. if a pod dies it creates another one.

This is kind of brain behind a lot of things in kubernetes.

How do you see these controllers and where are they located in the cluster. They are all packed into a single process know as Kubernetes Controller Manager. When you install the Kubernetes Controller manager the different controllers get installed as well.

Kubernetes Controller Manager with Kubeadm

$ kubectl get pods -n kube-system
NAME                                 READY   STATUS    RESTARTS   AGE
coredns-f9fd979d6-wtk5k              1/1     Running   1          7d
coredns-f9fd979d6-x5zxv              1/1     Running   1          7d
etcd-kubemaster                      1/1     Running   1          7d
kube-apiserver-kubemaster            1/1     Running   1          7d
kube-controller-manager-kubemaster   1/1     Running   1          7d
kube-proxy-jnf5q                     1/1     Running   1          6d23h
kube-proxy-m9krm                     1/1     Running   1          6d23h
kube-proxy-zfbsh                     1/1     Running   1          7d
kube-scheduler-kubemaster            1/1     Running   1          7d
weave-net-g4l7r                      2/2     Running   3          7d
weave-net-skdlq                      2/2     Running   4          6d23h
weave-net-xg67h                      2/2     Running   4          6d23h
  • kube-controller-manager-kubemaster

Kubernetes Controller Manager pod definition file information with Kubeadm

$ cat /etc/kubernetes/manifests/kube-controller-manager.yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    component: kube-controller-manager
    tier: control-plane
  name: kube-controller-manager
  namespace: kube-system
spec:
  containers:
  - command:
    - kube-controller-manager
    - --allocate-node-cidrs=true
    - --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
    - --bind-address=127.0.0.1
    - --client-ca-file=/etc/kubernetes/pki/ca.crt
    - --cluster-cidr=10.244.0.0/16
    - --cluster-name=kubernetes
    - --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
    - --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
    - --controllers=*,bootstrapsigner,tokencleaner
    - --kubeconfig=/etc/kubernetes/controller-manager.conf
    - --leader-elect=true
    - --node-cidr-mask-size=24
    - --port=0
    - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
    - --root-ca-file=/etc/kubernetes/pki/ca.crt
    - --service-account-private-key-file=/etc/kubernetes/pki/sa.key
    - --service-cluster-ip-range=10.96.0.0/12
    - --use-service-account-credentials=true
    image: k8s.gcr.io/kube-controller-manager:v1.19.4
    imagePullPolicy: IfNotPresent
    livenessProbe:
      failureThreshold: 8
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: 10257
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    name: kube-controller-manager
    resources:
      requests:
        cpu: 200m
    startupProbe:
      failureThreshold: 24
      httpGet:
        host: 127.0.0.1
        path: /healthz
        port: 10257
        scheme: HTTPS
      initialDelaySeconds: 10
      periodSeconds: 10
      timeoutSeconds: 15
    volumeMounts:
    - mountPath: /etc/ssl/certs
      name: ca-certs
      readOnly: true
    - mountPath: /etc/ca-certificates
      name: etc-ca-certificates
      readOnly: true
    - mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
      name: flexvolume-dir
    - mountPath: /etc/kubernetes/pki
      name: k8s-certs
      readOnly: true
    - mountPath: /etc/kubernetes/controller-manager.conf
      name: kubeconfig
      readOnly: true
    - mountPath: /usr/local/share/ca-certificates
      name: usr-local-share-ca-certificates
      readOnly: true
    - mountPath: /usr/share/ca-certificates
      name: usr-share-ca-certificates
      readOnly: true
  hostNetwork: true
  priorityClassName: system-node-critical
  volumes:
  - hostPath:
      path: /etc/ssl/certs
      type: DirectoryOrCreate
    name: ca-certs
  - hostPath:
      path: /etc/ca-certificates
      type: DirectoryOrCreate
    name: etc-ca-certificates
  - hostPath:
      path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
      type: DirectoryOrCreate
    name: flexvolume-dir
  - hostPath:
      path: /etc/kubernetes/pki
      type: DirectoryOrCreate
    name: k8s-certs
  - hostPath:
      path: /etc/kubernetes/controller-manager.conf
      type: FileOrCreate
    name: kubeconfig
  - hostPath:
      path: /usr/local/share/ca-certificates
      type: DirectoryOrCreate
    name: usr-local-share-ca-certificates
  - hostPath:
      path: /usr/share/ca-certificates
      type: DirectoryOrCreate
    name: usr-share-ca-certificates
status: {}
ANOTE.DEV