Kubernetes directory structure and process on Control Plane / Master:
Kubelet environment file - /var/lib/kubelet/kubeadm-flags.env
Kubelet configuration file - /var/lib/kubelet/config.yaml
Certificate directory folder - /etc/kubernetes/pki
Kube config directory - /etc/kubernetes
admin config file - /etc/kubernetes/admin.conf
kube config file - /etc/kubernetes/kubelet.conf
control manager config file - /etc/kubernetes/controller-manager.conf
scheduler config file - /etc/kubernetes/scheduler.conf
Manifest directory - /etc/kubernetes/manifests
Cluster store - /etc/kubernetes/manifests
/etc/kubernetes/manifests/etcd.yaml
/etc/kubernetes/manifests/kube-apiserver.yaml
/etc/kubernetes/manifests/kube-controller-manager.yaml
/etc/kubernetes/manifests/kube-scheduler.yaml
/etc/kubernetes/pki:
Has following key, crt files and one directory for etcd
apiserver.crt apiserver.key ca.crt front-proxy-ca.crt front-proxy-client.key
apiserver-etcd-client.crt apiserver-kubelet-client.crt ca.key front-proxy-ca.key sa.key
apiserver-etcd-client.key apiserver-kubelet-client.key etcd front-proxy-client.crt sa.pub
/etc/kubernetes/pki/etcd:
Has following files
ca.crt ca.key healthcheck-client.crt healthcheck-client.key peer.crt peer.key server.crt server.key
Containerd directory : /var/lib/containerd
Installation create pods
kube-public Namespace - cluster-info
Token: 2folj8.j7pq6glnjuy
K8s APISERVER process:
kube-apiserver --advertise-address=<ControlPlane_IP_Address>
--allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt
--enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true
--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379
--insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
--requestheader-allowed-names=front-proxy-client
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User
--secure-port=6443 --service-account-key-file=/etc/kubernetes/pki/sa.pub
--service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
--tls-private-key-file=/etc/kubernetes/pki/apiserver.key
K8s SCHEDULER process:
kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf
--authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1
--kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=true
K8s CONTROl-MANAGER process:
kube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1
--client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-name=kubernetes
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
--controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf
--leader-elect=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
--root-ca-file=/etc/kubernetes/pki/ca.crt --service-account-private-key-file=/etc/kubernetes/pki/sa.key
--use-service-account-credentials=true
K8s etcd process:
etcd --advertise-client-urls=https://<ControlPlane_IP_Address>:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd
--initial-advertise-peer-urls=https://<ControlPlane_IP_Address>:2380
--initial-cluster=<ControlPlane_HostName>=https://<ControlPlane_IP_Address>:2380
--key-file=/etc/kubernetes/pki/etcd/server.key
--listen-client-urls=https://127.0.0.1:2379,https://<ControlPlane_IP_Address>:2379
--listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://<ControlPlane_IP_Address>:2380
--name=<ControlPlane_HostName> --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
K8s KUBELET process:
/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf
--config=/var/lib/kubelet/config.yaml --cgroup-driver=cgroupfs --network-plugin=cni
--pod-infra-container-image=k8s.gcr.io/pause:3.2
K8s KUBE-PROXY process:
/usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=<ControlPlane_Hostname>
Containerd processes: Several Docker containerd processes.
containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/01a30ed6cf52f098168ff18b0fc4ef5f5a87fd7923e075cb25e74326a2c4095c \
-address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd
-runtime-root /var/run/docker/runtime-runc
K8s Networking processes:
WEAVE Launch Script:
/bin/sh /home/weave/launch.sh
WEAVER:
/home/weave/weaver --port=6783 --datapath=datapath --name=a6:95:c6:85:a6:ef --host-root=/host
--http-addr=127.0.0.1:6784 --metrics-addr=0.0.0.0:6782 --docker-api= --no-dns
--db-prefix=/weavedb/weave-net --ipalloc-range=10.32.0.0/12 --nickname=<ControlPlane_Hostname>
--ipalloc-init consensus=0 --conn-limit=200 --expect-npc
Kube Utils:
/home/weave/kube-utils -run-reclaim-daemon -node-name=<ControlPlane_Hostname> -peer-name=a6:95:c6:85:a6:ef
-log-level=debug
WEAVE NPC:
/usr/bin/weave-npc
/bin/sh /home/weave/launch.sh
WEAVER:
/home/weave/weaver --port=6783 --datapath=datapath --name=3e:ad:e3:5c:0a:67 --host-root=/host --http-addr=127.0.0.1:6784 --metrics-addr=0.0.0.0:6782 --docker-api= --no-dns --db-prefix=/weavedb/weave-net --ipalloc-range=10.32.0.0/12 --nickname=<Node_HostName> --ipalloc-init consensus=1 --conn-limit=200 --expect-npc <ControlPlane_IP_Address>
Kube Utils:
/home/weave/kube-utils -run-reclaim-daemon -node-name=<Node_HostName> -peer-name=3e:ad:e3:5c:0a:67 -log-level=debug
Kubelet environment file - /var/lib/kubelet/kubeadm-flags.env
Kubelet configuration file - /var/lib/kubelet/config.yaml
Certificate directory folder - /etc/kubernetes/pki
Kube config directory - /etc/kubernetes
admin config file - /etc/kubernetes/admin.conf
kube config file - /etc/kubernetes/kubelet.conf
control manager config file - /etc/kubernetes/controller-manager.conf
scheduler config file - /etc/kubernetes/scheduler.conf
Manifest directory - /etc/kubernetes/manifests
Cluster store - /etc/kubernetes/manifests
/etc/kubernetes/manifests/etcd.yaml
/etc/kubernetes/manifests/kube-apiserver.yaml
/etc/kubernetes/manifests/kube-controller-manager.yaml
/etc/kubernetes/manifests/kube-scheduler.yaml
/etc/kubernetes/pki:
Has following key, crt files and one directory for etcd
apiserver.crt apiserver.key ca.crt front-proxy-ca.crt front-proxy-client.key
apiserver-etcd-client.crt apiserver-kubelet-client.crt ca.key front-proxy-ca.key sa.key
apiserver-etcd-client.key apiserver-kubelet-client.key etcd front-proxy-client.crt sa.pub
/etc/kubernetes/pki/etcd:
Has following files
ca.crt ca.key healthcheck-client.crt healthcheck-client.key peer.crt peer.key server.crt server.key
Containerd directory : /var/lib/containerd
Installation create pods
- kube-apiserver
- kube-controller-manager
- kube-scheduler
kube-public Namespace - cluster-info
Token: 2folj8.j7pq6glnjuy
K8s APISERVER process:
kube-apiserver --advertise-address=<ControlPlane_IP_Address>
--allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt
--enable-admission-plugins=NodeRestriction --enable-bootstrap-token-auth=true
--etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
--etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key --etcd-servers=https://127.0.0.1:2379
--insecure-port=0 --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt
--kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key
--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
--proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt
--proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key
--requestheader-allowed-names=front-proxy-client
--requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
--requestheader-extra-headers-prefix=X-Remote-Extra-
--requestheader-group-headers=X-Remote-Group --requestheader-username-headers=X-Remote-User
--secure-port=6443 --service-account-key-file=/etc/kubernetes/pki/sa.pub
--service-cluster-ip-range=10.96.0.0/12 --tls-cert-file=/etc/kubernetes/pki/apiserver.crt
--tls-private-key-file=/etc/kubernetes/pki/apiserver.key
K8s SCHEDULER process:
kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf
--authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-address=127.0.0.1
--kubeconfig=/etc/kubernetes/scheduler.conf --leader-elect=true
K8s CONTROl-MANAGER process:
kube-controller-manager --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf
--authorization-kubeconfig=/etc/kubernetes/controller-manager.conf --bind-address=127.0.0.1
--client-ca-file=/etc/kubernetes/pki/ca.crt --cluster-name=kubernetes
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt --cluster-signing-key-file=/etc/kubernetes/pki/ca.key
--controllers=*,bootstrapsigner,tokencleaner --kubeconfig=/etc/kubernetes/controller-manager.conf
--leader-elect=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt
--root-ca-file=/etc/kubernetes/pki/ca.crt --service-account-private-key-file=/etc/kubernetes/pki/sa.key
--use-service-account-credentials=true
K8s etcd process:
etcd --advertise-client-urls=https://<ControlPlane_IP_Address>:2379
--cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib/etcd
--initial-advertise-peer-urls=https://<ControlPlane_IP_Address>:2380
--initial-cluster=<ControlPlane_HostName>=https://<ControlPlane_IP_Address>:2380
--key-file=/etc/kubernetes/pki/etcd/server.key
--listen-client-urls=https://127.0.0.1:2379,https://<ControlPlane_IP_Address>:2379
--listen-metrics-urls=http://127.0.0.1:2381 --listen-peer-urls=https://<ControlPlane_IP_Address>:2380
--name=<ControlPlane_HostName> --peer-cert-file=/etc/kubernetes/pki/etcd/peer.crt
--peer-client-cert-auth=true --peer-key-file=/etc/kubernetes/pki/etcd/peer.key
--peer-trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt --snapshot-count=10000
--trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
K8s KUBELET process:
/usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf
--config=/var/lib/kubelet/config.yaml --cgroup-driver=cgroupfs --network-plugin=cni
--pod-infra-container-image=k8s.gcr.io/pause:3.2
K8s KUBE-PROXY process:
/usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=<ControlPlane_Hostname>
Containerd processes: Several Docker containerd processes.
containerd-shim -namespace moby -workdir /var/lib/containerd/io.containerd.runtime.v1.linux/moby/01a30ed6cf52f098168ff18b0fc4ef5f5a87fd7923e075cb25e74326a2c4095c \
-address /run/containerd/containerd.sock -containerd-binary /usr/bin/containerd
-runtime-root /var/run/docker/runtime-runc
K8s Networking processes:
WEAVE Launch Script:
/bin/sh /home/weave/launch.sh
WEAVER:
/home/weave/weaver --port=6783 --datapath=datapath --name=a6:95:c6:85:a6:ef --host-root=/host
--http-addr=127.0.0.1:6784 --metrics-addr=0.0.0.0:6782 --docker-api= --no-dns
--db-prefix=/weavedb/weave-net --ipalloc-range=10.32.0.0/12 --nickname=<ControlPlane_Hostname>
--ipalloc-init consensus=0 --conn-limit=200 --expect-npc
Kube Utils:
/home/weave/kube-utils -run-reclaim-daemon -node-name=<ControlPlane_Hostname> -peer-name=a6:95:c6:85:a6:ef
-log-level=debug
WEAVE NPC:
/usr/bin/weave-npc
Kubernetes process on Node:
WEAVE Launch Script:/bin/sh /home/weave/launch.sh
WEAVER:
/home/weave/weaver --port=6783 --datapath=datapath --name=3e:ad:e3:5c:0a:67 --host-root=/host --http-addr=127.0.0.1:6784 --metrics-addr=0.0.0.0:6782 --docker-api= --no-dns --db-prefix=/weavedb/weave-net --ipalloc-range=10.32.0.0/12 --nickname=<Node_HostName> --ipalloc-init consensus=1 --conn-limit=200 --expect-npc <ControlPlane_IP_Address>
Kube Utils:
/home/weave/kube-utils -run-reclaim-daemon -node-name=<Node_HostName> -peer-name=3e:ad:e3:5c:0a:67 -log-level=debug
Comments
Post a Comment