kubernetesetcd

How do Kubernetes modules communicate with etcd?


I know that Kubernetes has 5 modules: kube-apiserver, kube-controller-manager, kube-scheduler in Master nodes and kubelet, kube-proxy in Minion nodes. How do they communicate with etcd? Will they all query or set data in etcd? or only some of them do?

The docs said that etcd is only accessed by kube-apiserver:

Access Control: give only kube-apiserver read/write access to etcd. You do not want apiserver’s etcd exposed to every node in your cluster (or worse, to the internet at large), because access to etcd is equivalent to root in your cluster.

But some blogs and architecture figures from Google believe etcd is also accessed by other modules, like what this blog said:

The etcd services are the communications bus for the Kubernetes cluster. The app-service posts cluster state changes to the etcd database in response to commands and queries. The kubelets read the contents of the etcd database and act on any changes they detect.

So which said is correct? Thanks!


Solution

  • The docs you linked to are correct -- only the apiserver communicates directly with etcd. The rest of the system components communicate with etcd indirectly through the apiserver.

    Also note that the blog post you linked to is just about 2 years old, and it may have been accurate at the time, but the docs you linked to are for the current release of Kubernetes.