Architecture Components

About Kubernetes

Although container images and the containers that run from them are the primary building blocks for modern application development, to run them at scale requires a reliable and flexible distribution system. Kubernetes is the defacto standard for orchestrating containers.

Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications. The general concept of Kubernetes is fairly simple:

Start with one or more worker nodes to run the container workloads.

Manage the deployment of those workloads from one or more master nodes.

Wrap containers in a deployment unit called a pod. Using pods provides extra metadata with the container and offers the ability to group several containers in a single deployment entity.

Create special kinds of assets. For example, services are represented by a set of pods and a policy that defines how they are accessed. This policy allows containers to connect to the services that they need even if they do not have the specific IP addresses for the services. Replication controllers are another special asset that indicates how many pod replicas are required to run at a time. You can use this capability to automatically scale your application to adapt to its current demand.

In only a few years, Kubernetes has seen massive cloud and on-premise adoption. The open source development model allows many people to extend Kubernetes by implementing different technologies for components such as networking, storage, and authentication.

Introducing the Declarative Architecture of Kubernetes

The architecture of OKD is based on the declarative nature of Kubernetes. Most system administrators are used to imperative architectures, where you perform actions that indirectly change the state of the system, such as starting and stopping containers on a given server. In a declarative architecture, you change the state of the system and the system updates itself to comply with the new state.

For example, with Kubernetes, you define a pod resource that specifies that a certain container should run under specific conditions. Then Kubernetes finds a server (a node) that can run that container under these specific conditions.

Declarative architectures allow for self-optimizing and self-healing systems that are easier to manage than imperative architectures.

Kubernetes defines the state of its cluster, including the set of deployed applications, as a set of resources stored in the etcd database. Kubernetes also runs controllers that monitor these resources and compares them to the current state of the cluster. These controllers take any action necessary to reconcile the state of the cluster with the state of the resources, for example by finding a node with sufficient CPU capacity to start a new container from a new pod resource.

Kubernetes provides a REST API to manage these resources. All actions that an OKD user takes, either using the command-line interface or the web console, are performed by invoking this REST API.

Introducing the OKD Control Plane

The control plane, which is composed of master machines, manages the OKD cluster. The control plane machines manage workloads on the compute machines, which are also known as worker machines. The cluster itself manages all upgrades to the machines by the actions of the Cluster Version Operator, the Machine Config Operator, and a set of individual Operators.

A Kubernetes cluster consists of a set of nodes that run the kubelet system service and a container engine. OKD runs exclusively the CRI-O container engine. Some nodes are master nodes that run the REST API, the etcd database, and the platform controllers. OKD configures its master nodes so that they are not schedulable to run enduser application pods and are dedicated to running the control plane services. OKD calls its non-master nodes worker nodes.

Depending on the node settings, the kubelet agent starts different sets of static pods. Static pods are pods that do not require connection to the API server to start. The kubelet agent manages the pod’s life-cycle.

Static pods can provide either control plane services, such as the scheduler, or node services, such as software-defined networking (SDN). OKD provides operators that create pod resources for these static pods so that they are monitored like regular pods.