Configuring your kubernetes cluster to self-host the control plane
Self-hosting the Kubernetes control plane
kubeadm allows you to experimentally create a self-hosted Kubernetes control plane. This means that key components such as the API server, controller manager, and scheduler run as DaemonSet pods configured via the Kubernetes API instead of static pods configured in the kubelet via static files.
To create a self-hosted cluster see the kubeadm alpha selfhosting pivot command.
Caveats
Caution: This feature pivots your cluster into an unsupported state, rendering kubeadm unable to manage you cluster any longer. This includeskubeadm upgrade
.
-
Self-hosting in 1.8 and later has some important limitations. In particular, a self-hosted cluster cannot recover from a reboot of the control-plane node without manual intervention.
-
By default, self-hosted control plane Pods rely on credentials loaded from
hostPath
volumes. Except for initial creation, these credentials are not managed by kubeadm. -
The self-hosted portion of the control plane does not include etcd, which still runs as a static Pod.
Process
The self-hosting bootstrap process is documented in the kubeadm design document.
In summary, kubeadm alpha selfhosting
works as follows:
-
Waits for this bootstrap static control plane to be running and healthy. This is identical to the
kubeadm init
process without self-hosting. -
Uses the static control plane Pod manifests to construct a set of DaemonSet manifests that will run the self-hosted control plane. It also modifies these manifests where necessary, for example adding new volumes for secrets.
-
Creates DaemonSets in the
kube-system
namespace and waits for the resulting Pods to be running. -
Once self-hosted Pods are operational, their associated static Pods are deleted and kubeadm moves on to install the next component. This triggers kubelet to stop those static Pods.
-
When the original static control plane stops, the new self-hosted control plane is able to bind to listening ports and become active.