Skip to main content
Version: Next

Architecture

The overall architecture of OpenKruise is shown as below:

alt

API#

All features provided by OpenKruise are following Kubernetes API, including:

  • CRD definition, such as
$ kubectl get crd | grep kruise.ioadvancedcronjobs.apps.kruise.io            2021-09-16T06:02:36Zbroadcastjobs.apps.kruise.io               2021-09-16T06:02:36Zclonesets.apps.kruise.io                   2021-09-16T06:02:36Zcontainerrecreaterequests.apps.kruise.io   2021-09-16T06:02:36Zdaemonsets.apps.kruise.io                  2021-09-16T06:02:36Zimagepulljobs.apps.kruise.io               2021-09-16T06:02:36Znodeimages.apps.kruise.io                  2021-09-16T06:02:36Zpodunavailablebudgets.policy.kruise.io     2021-09-16T06:02:36Zresourcedistributions.apps.kruise.io       2021-09-16T06:02:36Zsidecarsets.apps.kruise.io                 2021-09-16T06:02:36Zstatefulsets.apps.kruise.io                2021-09-16T06:02:36Zuniteddeployments.apps.kruise.io           2021-09-16T06:02:37Zworkloadspreads.apps.kruise.io             2021-09-16T06:02:37Z# ...
  • Specific identities (e.g. labels, annotations, envs) in resources, such as
apiVersion: v1kind: Namespacemetadata:  labels:    # To protect pods in this namespace from cascading deletion.    policy.kruise.io/delete-protection: Cascading

Manager#

Kruise-manager is a control plane component that runs controllers and webhooks, it is deployed by a Deployment in kruise-system namespace.

$ kubectl get deploy -n kruise-systemNAME                        READY   UP-TO-DATE   AVAILABLE   AGEkruise-controller-manager   2/2     2            2           4h6m
$ kubectl get pod -n kruise-system -l control-plane=controller-managerNAME                                         READY   STATUS    RESTARTS   AGEkruise-controller-manager-68dc6d87cc-k9vg8   1/1     Running   0          4h6mkruise-controller-manager-68dc6d87cc-w7x82   1/1     Running   0          4h6m

Logically, each controller like cloneset-controller or sidecarset-controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in the kruise-controller-manager-xxx single Pod.

Besides controllers, this Pod also contains the admission webhooks for Kruise CRDs and Pod. It creates webhook configurations to configure which resources should be handled, and provides a Service for kube-apiserver calling.

$ kubectl get svc -n kruise-systemNAME                     TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGEkruise-webhook-service   ClusterIP   172.24.9.234   <none>        443/TCP   4h9m

The kruise-webhook-service is much important for kube-apiserver calling.

Daemon#

This is a new daemon component released since Kruise v0.8.0 version.

It is deployed by DaemonSet, runs on every node and manages things like image pre-download, container restarting.

$ kubectl get pod -n kruise-system -l control-plane=daemonNAME                  READY   STATUS    RESTARTS   AGEkruise-daemon-6hw6d   1/1     Running   0          4h7mkruise-daemon-d7xr4   1/1     Running   0          4h7mkruise-daemon-dqp8z   1/1     Running   0          4h7mkruise-daemon-dv96r   1/1     Running   0          4h7mkruise-daemon-q7594   1/1     Running   0          4h7mkruise-daemon-vnsbw   1/1     Running   0          4h7m