API Server

  • The API Server is the only Kubernetes components that connects to etcd; all the other components must go through the API Server to work with the cluster state.
  • The API Server is also responsible for the authentication and authorization mechanism. All API clients should be authenticated in order to interact with the API Server.

当用户创建一个Pod时,时序图如下:

image-20200118104356063

  1. Kubectl writes to the API server(kubectl run mywebserver --image=nginx)
  2. API server will authenticate and authorize. Upon validation, it will write it to etcd.
  3. Upon write to etcd, API Server will invoke the scheduler.
  4. Scheduler decides which node the pod should run and return data to API Server. API will in-turn write it back to etcd.
  5. API Server will invoke the kubelet in the node decided by the scheduler.
  6. Kubelet communicates to the docker daemon via Docker socket to create a container.
  7. Kubelet will update the status of the POD back to the API Server.
  8. API Server will write the status details back to etcd.