Kube Controller manager manages various controllers in Kubernetes. The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.
- Continuously on the lookout for the status.
- Take necessary actions to remediate the situation.
In the Kubernetes terms, a controller is a process that continuously monitors the state of various components within the system, and works towards bringing the whole system to the desired functioning state.
Controllers
- Node Controller
- Replication Controller
- Deployment Controller
- Namespace Controller
- Many more controllers in Kubernetes
Node Controller is responsible for monitoring the status of the nodes and taking necessary actions to keep the application running. It does that through the Kube API Server. The Node controller checks the status of the nodes every 5 seconds. That way the node controller can monitor the health of the nodes if it stops receiving heartbeat from a node. The node is marked as unreachable but it waits for 40 seconds before marking it unreachable after a node is marked unreachable it gives it five minutes to come back up if it does not, it removes the pods assigned to that node and provisions them on the healthy ones if the pods are part of a replicaset.
Replication controller is responsible for monitoring the status of replicasets and ensuring that the desired number of pods are available at all times within the set. if a pod dies it creates another one.
This is kind of brain behind a lot of things in kubernetes.
How do you see these controllers and where are they located in the cluster. They are all packed into a single process know as Kubernetes Controller Manager. When you install the Kubernetes Controller manager the different controllers get installed as well.
Kubernetes Controller Manager with Kubeadm
$ kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
coredns-f9fd979d6-wtk5k 1/1 Running 1 7d
coredns-f9fd979d6-x5zxv 1/1 Running 1 7d
etcd-kubemaster 1/1 Running 1 7d
kube-apiserver-kubemaster 1/1 Running 1 7d
kube-controller-manager-kubemaster 1/1 Running 1 7d
kube-proxy-jnf5q 1/1 Running 1 6d23h
kube-proxy-m9krm 1/1 Running 1 6d23h
kube-proxy-zfbsh 1/1 Running 1 7d
kube-scheduler-kubemaster 1/1 Running 1 7d
weave-net-g4l7r 2/2 Running 3 7d
weave-net-skdlq 2/2 Running 4 6d23h
weave-net-xg67h 2/2 Running 4 6d23h
- kube-controller-manager-kubemaster
Kubernetes Controller Manager pod definition file information with Kubeadm
$ cat /etc/kubernetes/manifests/kube-controller-manager.yaml apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
component: kube-controller-manager
tier: control-plane
name: kube-controller-manager
namespace: kube-system
spec:
containers:
- command:
- kube-controller-manager
- --allocate-node-cidrs=true
- --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
- --authorization-kubeconfig=/etc/kubernetes/controller-manager.conf
- --bind-address=127.0.0.1
- --client-ca-file=/etc/kubernetes/pki/ca.crt
- --cluster-cidr=10.244.0.0/16
- --cluster-name=kubernetes
- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
- --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
- --controllers=*,bootstrapsigner,tokencleaner
- --kubeconfig=/etc/kubernetes/controller-manager.conf
- --leader-elect=true
- --node-cidr-mask-size=24
- --port=0
- --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
- --root-ca-file=/etc/kubernetes/pki/ca.crt
- --service-account-private-key-file=/etc/kubernetes/pki/sa.key
- --service-cluster-ip-range=10.96.0.0/12
- --use-service-account-credentials=true
image: k8s.gcr.io/kube-controller-manager:v1.19.4
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
host: 127.0.0.1
path: /healthz
port: 10257
scheme: HTTPS
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
name: kube-controller-manager
resources:
requests:
cpu: 200m
startupProbe:
failureThreshold: 24
httpGet:
host: 127.0.0.1
path: /healthz
port: 10257
scheme: HTTPS
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 15
volumeMounts:
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
- mountPath: /etc/ca-certificates
name: etc-ca-certificates
readOnly: true
- mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
name: flexvolume-dir
- mountPath: /etc/kubernetes/pki
name: k8s-certs
readOnly: true
- mountPath: /etc/kubernetes/controller-manager.conf
name: kubeconfig
readOnly: true
- mountPath: /usr/local/share/ca-certificates
name: usr-local-share-ca-certificates
readOnly: true
- mountPath: /usr/share/ca-certificates
name: usr-share-ca-certificates
readOnly: true
hostNetwork: true
priorityClassName: system-node-critical
volumes:
- hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: ca-certs
- hostPath:
path: /etc/ca-certificates
type: DirectoryOrCreate
name: etc-ca-certificates
- hostPath:
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
type: DirectoryOrCreate
name: flexvolume-dir
- hostPath:
path: /etc/kubernetes/pki
type: DirectoryOrCreate
name: k8s-certs
- hostPath:
path: /etc/kubernetes/controller-manager.conf
type: FileOrCreate
name: kubeconfig
- hostPath:
path: /usr/local/share/ca-certificates
type: DirectoryOrCreate
name: usr-local-share-ca-certificates
- hostPath:
path: /usr/share/ca-certificates
type: DirectoryOrCreate
name: usr-share-ca-certificates
status: {}