Introduction
Kubernetes, an open-source platform designed to automate deploying, scaling, and operating application containers, has become a cornerstone of modern application infrastructure. Understanding the master node’s role is essential for anyone working with Kubernetes. This guide aims to elucidate the master node’s responsibilities and demonstrate them through progressive code examples.
What is a Master Node?
A master node in Kubernetes is the coordinating node that controls and manages the entire Kubernetes cluster. It is responsible for the global decision-making and the management of the cluster state. The master node runs several critical components, including the API server, scheduler, controller manager, and etcd, Kubernetes’ distributed key-value store.
API Server
kubectl get nodes
The output should look like this:
NAME STATUS ROLES AGE VERSION
master Ready master 5d v1.20.2
node1 Ready 5d v1.20.2
etcd
ETCDCTL_API=3 etcdctl --endpoints=$ENDPOINTS snapshot save snapshot.db
This saves a snapshot of the etcd store, where ‘$ENDPOINTS’ includes the etcd cluster endpoints.
Scheduler
Although the scheduler component mostly works behind the scenes, it is possible to influence scheduling decisions using various strategies, such as node selectors:
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginx
nodeSelector:
disktype: ssd
This instructs the scheduler to only place the ‘nginx-pod’ on nodes with the label ‘disktype: ssd’.
Controller Manager
The controller manager oversees a slew of Kubernetes controllers. Below we touch on creating a Replication Controller which ensures a specified number of pod replicas:
apiVersion: v1
kind: ReplicationController
metadata:
name: nginx-replication-controller
spec:
replicas: 3
selector:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
Login to the master node to view replicaset information:
kubectl get rc/nginx-replication-controller
Advanced Responsibilities
Master nodes handle crucial tasks regarding network policies, pod security policies, and more advanced resource management like Quality of Service (QoS) for pods.
Network Policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
This network policy by default denies all incoming traffic to all pods.
Pod Security Policies
To define acceptable pod permissions, we apply a PodSecurityPolicy. Below is an example of creating a restrictive PSP:
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted-psp
spec:
privileged: false
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
hostNetwork: false
hostIPC: false
hostPID: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
runAsUser:
rule: 'MustRunAsNonRoot'
seLinux:
rule: 'RunAsAny'
Resource Quotas and Limits
Resource quotas restrict resource consumption per namespace. Here’s how you might set a quota:
apiVersion: v1
kind: ResourceQuota
metadata:
name: mem-cpu-demo
spec:
hard:
requests.cpu: '1'
requests.memory: 1Gi
limits.cpu: '2'
limits.memory: 2Gi
Custom Controllers
For advanced users, Kubernetes allows the creation of custom controllers. An Operator is an example of a custom controller that can manage complex application-specific logic.
# Example of creating a Custom Resource Definition (CRD)
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.stable.example.com
spec:
group: stable.example.com
versions:
- name: v1
served: true
storage: true
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct
Conclusion
In closing, the master node is pivotal in a Kubernetes cluster, handling vital functions that enable a robust, scalable, and dynamic orchestration platform. By mastering the master node functions, you can optimize your workload management and leverage Kubernetes more effectively.