Kubernetes deployment architecture

Hi All,

What is the rational to not deploy the control-place, etc and nodes on the same hosts as the worker nodes.
Let’s assume I have 3 blades, I use each blade to be all components (control, etc, workers) x3.

https://rancher.com/learning-paths/introduction-to-kubernetes-architecture/
None of the examples in the link above match such a topology.

I guess this is an anti pattern, to put the master components together with the worker nodes.
Is there any reference material ?

Three nodes with all three roles is relatively common for a small cluster to minimize overhead.

Separating the roles on to separate nodes is more secure when something goes wrong. etcd contains the state and effectively controls what the entire cluster is running. If a workload/node is compromised somehow, and etcd is on the same node, the entire cluster may be compromised from there.

2 Likes

In addition the response from @vincent, you would typically want to have separate nodes for control-Plane, Etcd and worker roles because you often want to scale those resources independently. For example if you wanted to have say 10 nodes on which to deploy business workloads (horizontally scaled to provide greater resilience), you wouldn’t want to have 10 Etcd and 10 CPs as well right.

In addition, etcd is very sensitive to latency, and you want to protect it from load issues. If etcd and users containers reside on the same host, a user container could cause a load issue on the host, and etcd will have problems, which will degrade the entire cluster.

Those are both true, but not really relevant to someone who has/wants 3 nodes.

If you have 3 and they have enough horsepower, use them… there’s little reason to buy 2-4+ more, other than caring a lot about the better security boundary.

If you have 30, workers should probably be a separate pool from control/etcd.

If you have 300, all three roles should probably be separate pools.