A cluster is the foundation of Google Kubernetes Engine (GKE): the Kubernetes objects that represent your containerized applications all run on top of a cluster.
The following diagram provides an overview of the architecture for a zonal cluster in GKE.
The cluster master runs the Kubernetes control plane processes, including the Kubernetes API server, scheduler, and core resource controllers. The master's lifecycle is managed by GKE when you create or delete a cluster. This includes upgrades to the Kubernetes version running on the cluster master, which GKE performs automatically, or manually at your request if you prefer to upgrade earlier than the automatic schedule.
Cluster master and the Kubernetes API
The master is the unified endpoint for your cluster. All interactions with the
cluster are done via Kubernetes API calls, and the master runs the Kubernetes
API Server process to handle those requests. You can make Kubernetes API calls
directly via HTTP/gRPC, or indirectly, by running commands from the
Kubernetes command-line client (
kubectl) or interacting with the UI in the
The cluster master's API server process is the hub for all communication for the cluster. All internal cluster processes (such as the cluster nodes, system and components, application controllers) all act as clients of the API server; the API server is the single "source of truth" for the entire cluster.
Master and node interaction
The cluster master is responsible for deciding what runs on all of the cluster's nodes. This can include scheduling workloads, like containerized applications, and managing the workloads' lifecycle, scaling, and upgrades. The master also manages network and storage resources for those workloads.
The master and nodes also communicate using Kubernetes APIs.
Master interactions with the gcr.io container registry
When you create or update a cluster, container images for the Kubernetes software running on the masters (and nodes) are pulled from the gcr.io container registry. An outage affecting the gcr.io registry may cause the following types of failures:
- Creating new clusters will fail during the outage.
- Upgrading clusters will fail during the outage.
- Disruptions to workloads may occur even without user intervention, depending on the specific nature and duration of the outage.
In the event of a zonal or regional outage of the gcr.io container registry, Google may redirect requests to a zone or region not affected by the outage.
To check the current status of Google Cloud services, go to the Google Cloud status dashboard.
A cluster typically has one or more nodes, which are the worker machines that run your containerized applications and other workloads. The individual machines are Compute Engine VM instances that GKE creates on your behalf when you create a cluster.
Each node is managed from the master, which receives updates on each node's self-reported status. You can exercise some manual control over node lifecycle, or you can have GKE perform automatic repairs and automatic upgrades on your cluster's nodes.
A node runs the services necessary to support the Docker containers that
make up your cluster's workloads. These include the Docker runtime and the
Kubernetes node agent (
kubelet) which communicates with the master and is
responsible for starting and running Docker containers scheduled on that node.
In GKE, there are also a number of special containers that run as per-node agents to provide functionality such as log collection and intra-cluster network connectivity.
Node machine type
Node OS images
Each node runs a specialized OS image for running your containers. You can specify which OS image your clusters and node pools use.
Minimum CPU platform
When you create a cluster or node pool, you can specify a baseline minimum CPU platform for its nodes. Choosing a specific CPU platform can be advantageous for advanced or compute-intensive workloads. For more information, refer to Minimum CPU Platform.
Node allocatable resources
Some of a node's resources are required to run the GKE and Kubernetes node components necessary to make that node function as part of your cluster. As such, you may notice a disparity between your node's total resources (as specified in the machine type documentation) and the node's allocatable resources in GKE.
As larger machine types tend to run more containers (and by extension, more Pods), the amount of resources that GKE reserves for Kubernetes components scales upward for larger machines. Windows Server nodes also require more resources than a typical Linux node. The nodes need the extra resources to account for running the Windows OS and for the Windows Server components that can't run in containers.
You can make a request for resources for your Pods or limit their resource usage. To learn how to request or limit resource usage for Pods, refer to Managing Compute Resources for Containers.
To inspect the node allocatable resources available in a cluster, run the following command:
kubectl describe node node-name | grep Allocatable -B 7 -A 6
where node-name is the name of the node to inspect.
The returned output contains
Allocatable fields with
measurements for ephemeral storage, memory, and CPU.
To determine how much memory is available for Pods, you must also consider the eviction threshold. GKE reserves an additional 100 MiB of memory on each node for kubelet eviction.
Allocatable memory and CPU resources
Allocatable resources are calculated in the following way:
Allocatable = Capacity - Reserved - Eviction Threshold
For memory resources, GKE reserves the following:
- 255 MiB of memory for machines with less than 1 GB of memory
- 25% of the first 4GB of memory
- 20% of the next 4GB of memory (up to 8GB)
- 10% of the next 8GB of memory (up to 16GB)
- 6% of the next 112GB of memory (up to 128GB)
- 2% of any memory above 128GB
For CPU resources, GKE reserves the following:
- 6% of the first core
- 1% of the next core (up to 2 cores)
- 0.5% of the next 2 cores (up to 4 cores)
- 0.25% of any cores above 4 cores
The following table shows the amount of allocatable memory and CPU resources that are available for scheduling your cluster's Linux workloads for each standard node machine type.
|Machine type||Memory capacity (GB)||Allocatable memory (GB)||CPU capacity (cores)||Allocatable CPU (cores)|
1GKE has decided to reduce the allocatable CPU resources available to schedule user workloads (known as the node allocatable resources) on e2-micro, e2-small, and e2-medium machine types. For more details, see the GKE release notes.
Allocatable local ephemeral storage resources
Beginning in GKE version 1.10, you can manage your local ephemeral storage resources as you do your CPU and memory resources. System reservations for local storage are made primarily for disk space used by container images.
If your node does not consume all reserved storage, Pods are still able to use the space. This does not prevent disk space from being used in any scenario.
Allocatable local ephemeral storage resources are calculated using the following formula, with an eviction threshold of 10% of storage capacity:
Allocatable = Capacity - Reserved - Eviction Threshold
|Disk Capacity (GB)||Reserved (GB)||Allocatable (GB)|