Key Concepts
The key concepts of the Kubernetes Engine service are as follows.
Cluster
A cluster is the fundamental resource of the Kubernetes Engine, where all Kubernetes objects, including containerized applications, are run. The clusters provided by Kubernetes Engine are highly available, consisting of the control plane deployed and managed by KakaoCloud in its VPC and nodes deployed in the user's VPC, which users can manage directly.
The architecture of a Kubernetes Engine cluster is as follows.
Cluster architecture
Control plane
The control plane is the master node that manages the cluster and serves as the unified endpoint for the cluster. All interactions with the cluster are made by calling APIs on the Kubernetes API server in the control plane. You can manage the cluster by executing commands via HTTP, gRPC protocols, or the Kubernetes command-line tool (kubectl), or by using the console UI to communicate with the Kubernetes API server. The control plane of the cluster is deployed and managed in KakaoCloud's VPC, with only the endpoint exposed to the user.
Node
The servers where containerized applications are executed are called nodes or worker nodes. A cluster consists of one or more nodes, which are VM instances provided by the Virtual Machine service. When creating a cluster in the Kubernetes Engine service, users can directly create a node pool. Based on the conditions of the created node pool, nodes are automatically generated and run in a specific subnet within the user-specified VPC.
A node supports the resources and services necessary for running containerized applications and includes the Kubernetes node agent (kubelet), which enables communication with the control plane, allowing the control plane to schedule containers on the node.
Node pool
A node pool is a group of nodes with the same instance type, and in Kubernetes Engine, nodes are managed in units of node pools. The node pool created when the cluster is created becomes the first node pool. Afterward, additional node pools with different instance types can be added to the cluster. Each node in the node pool is labeled with the Kubernetes node label kakaoi.io/kke-nodepool, which holds the name of the node pool as its value.
- You can adjust the number of nodes in the node pool through node pool settings, but it is not possible to delete individual nodes from the node pool.
- During the initial node pool creation, the latest Kubernetes version set for the cluster is selected. After that, each node pool can be independently updated and managed.
CNI
Kubernetes Engine supports CNI (Container Network Interface) plugins. CNI is the standard interface responsible for Kubernetes network communications, managing the configuration and communication of the node and pod network within the cluster. KakaoCloud's Kubernetes Engine supports the Calico and Cilium CNI plugins, and the CNI plugin selected during cluster creation is installed with the cluster. This allows you to efficiently optimize the network for your service environment by choosing the appropriate CNI plugin.
The CNI used by the cluster cannot be changed after the initial creation.
IAM role management
IAM role management in Kubernetes Engine follows role-based access control (RBAC) and integrates with IAM project roles to manage cluster resources. Therefore, users with permissions within a project can manage both the project and the cluster resources within it. All resources are created and managed under the project. Project roles are divided into Project Admin, Project Member, and Project Reader, and users with project permissions can create and manage all resources under the project.
| IAM role | Project Admin | Project Member | Project Reader |
|---|---|---|---|
| Manage project members | ✓ | ||
| Create clusters | ✓ | ✓ | |
| Delete clusters | ✓ | ✓ | |
| Configure clusters | ✓ | ✓ | |
| View clusters | ✓ | ✓ | ✓ |
| Add node pools | ✓ | ✓ | |
| Delete node pools | ✓ | ✓ | |
| Configure node pools | ✓ | ✓ | |
| View node pools | ✓ | ✓ | ✓ |
| Delete nodes | ✓ | ✓ | |
| View nodes | ✓ | ✓ | ✓ |
Kubernetes RBAC
Kubernetes supports RBAC functionality, allowing the creation of fine-grained roles within the cluster. This functionality is also available in Kubernetes Engine. For more details on Kubernetes RBAC, please refer to the Kubernetes reference.
Resource status information
In Kubernetes Engine, the resource status can be checked for clusters, node pools, and nodes. The status information for each resource is as follows.
Cluster lifecycle and status
Cluster lifecycle
| Cluster status | Description |
|---|---|
Provisioned | Cluster provisioning completed |
Pending | Cluster provisioning preparation |
Provisioning | Cluster provisioning in progress |
Deleting | Cluster deletion in progress |
Failed | Failed state requiring user intervention |
Node pool lifecycle and status
Node pool lifecycle
| Node pool status | Description |
|---|---|
Running | Node pool running normally (regardless of node status) |
Running (Scheduling Disable) | All nodes in the node pool are in a scheduling-disabled state |
Updating | Node pool settings are being updated |
ScalingUp | Node count increasing |
ScalingDown | Node count decreasing |
Deleting | Node pool deletion in progress |
Failed | Failed state requiring user intervention |
Node lifecycle and status
Node lifecycle
| Node status | Description |
|---|---|
Running | Node is ready and running |
Running (Scheduling Disable) | New scheduling on this node is disabled (unrelated to running pods) |
Provisioned | Node provisioning completed |
Deleted | Node deletion completed |
Pending | Node provisioning preparation |
Provisioning | Node provisioning in progress |
Deleting | Node deletion in progress |
Failed | Failed state requiring user intervention |
Automatically generated resources during cluster/node pool creation
When creating a cluster or node pool in Kubernetes Engine, certain resources are automatically generated. These resources are also deleted when the cluster is deleted.
Automatically generated resources during cluster/node pool creation
| Type | Description |
|---|---|
| Instance | VM instances used as nodes |
| Volume | All volumes used by VM instances or created by the NFS Client Provisioner |
| Security group | Security groups applied to nodes |
Automatically generated resources (instances, volumes, security groups) cannot have their names or settings changed, nor can they be deleted. Modifying the information of these related resources may cause the Kubernetes Engine service to operate abnormally, so please exercise caution.
Support information
The Kubernetes Engine service provides stable and tested updates for the latest Kubernetes versions.
Supported Kubernetes versions
Kubernetes Engine provides the latest Kubernetes versions after stabilization and testing. Please refer to Update cluster for updates when new versions are released.
| Kubernetes version | Kubernetes Engine support start date | New cluster creation | Existing cluster usage |
|---|---|---|---|
| 1.28 | May 28, 2024 | Available | Available |
| 1.27 | March 18, 2024 | Available | Available |
| 1.26 | August 16, 2023 | Available | Available |
| 1.25 | August 16, 2023 | Not available | Available |
| 1.24 | February 1, 2023 | Not available | Available |
| 1.23 | July 7, 2022 | Not available | Available |
| 1.22 | July 7, 2022 | Not available | Available |
Supported node images
The worker node images provided in Kubernetes Engine are based on Ubuntu and optimized for the Kubernetes version. Please refer to Update node for updating node images when new versions are released.
Supported instances
The instances available for use as nodes in Kubernetes Engine are the same as the instance types provided by the Virtual Machine service. For more details on instance types, please refer to Instance type.