K
Q

In a Kubernetes cluster. Does the Master Node need always to run alone in a cluster node?

11/3/2019

I am aware that it is possible to enable the master node to execute pods and that is my concern. Since the default configuration is do not allow the master to run pods. Should I change it? What is the reason for the default configuration as it is?

If the change can be performed in some situations. I would like to ask if my cluster in one of these. It has only three nodes with exactly the same hardware and possibly more nodes are not going to be added in the foreseeable future. In my opinion, as I have three equal nodes, it will be a waste of resources to use 1/3 of my cluster computational power to run the kubernetes master. Am I right?

[Edit1]

I have found the following reason in Kubernets documentation. enter image description here It is, the security, the only reason?

-- Rodolfo
kubeadm
kubectl
kubernetes
microservices

Similar Questions

How to install older Docker version (18.06.2) on Ubuntu 18?
How to add custom nameserver under /etc/resolv.conf into pod?
Share storage between worker nodes in Kubernetes?
Can we use AWS VPC CNI on Kubernetes cluster in AWS when not using EKS
Helm add repo fail with connection time out

2 Answers

11/3/2019

Technically, it doesn't need to run on a dedicated node. But for your Kubernetes cluster to run, you need your masters to work properly. And one of the ways how to ensure it can be secure, stable and perform well is to use separate node which runs only the master components and not regular pod. If you share the node with different pods, there could be several ways how it can impact the master. For example:

  • The other pods will impact the perforamnce of the masters (network or disk latencies, CPU cache etc.)
  • They migth be a security risk (if someone manages to hack from some other pod into the master node)
  • A badly written application can cause stability issues to the node

While it can be seen as wasting resources, you can also see it as a price to pay for the stability of your master / Kubernetes cluster. However, it doesn't have to be waste of 1/3 of resources. Depending on how you deploy your Kubernetes cluster you can use different hosts for different nodes. So for example you can use small host for the master and bigger nodes for the workers.

-- Jakub
Source: StackOverflow
11/3/2019

No, this is not required, but strongly recommended. Security is one aspect, but performance is another. Etcd is usually run on those control plane nodes and it tends to chug if it runs out of IOPS. So a rogue pod running application code could destabilize the control plane, which then reduces your ability to fix the problem.

When running small clusters for testing purposes, it is common to run everything (control plane and workloads) on a single node specifically to save money/complexity.

-- coderanger
Source: StackOverflow