Worker nodes

Worker nodes are instances of MCR that participate in a swarm for the purpose of executing containers. Such nodes receive and execute tasks dispatched from manager nodes. Worker nodes must have at least one manager node, as they do not participate in the Raft distributed state, perform scheduling, or serve the swarm mode HTTP API.

The following table details the MKE services that run on worker nodes.

MKE components on worker nodes

MKE component



A cluster-scoped Kubernetes controller used to coordinate Calico networking. Runs on all nodes.


A container that installs the Calico CNI plugin binaries and configuration on each host. Part of the calico-node DaemonSet. Runs on all nodes.


The Pause containers for the Calico-node pod. By default, this container is hidden, but you can see it by running the following command:

docker ps -a


A helper service that reconfigures the ucp-interlock-proxy service, based on the Swarm workloads that are running.


A service that provides load balancing and proxying for swarm workloads. Only runs when you enable layer 7 routing.


A Docker system script for collecting information that assists with troubleshooting. On Windows nodes the component name is ucp-dsinfo-win.


A container for collecting disk and hardware information about the host.


The kubernetes node agent running on every node, which is responsible for running Kubernetes pods, reporting the health of the node, and monitoring resource usage.


The networking proxy running on every node, which enables pods to contact Kubernetes services and other pods through cluster IP addresses.


A container that provides node feature discovery labels for Kubernetes nodes.


A container that provides GPU feature discovery to automatically label nodes with NVIDIA hardware devices.


A container that allows GPU-enabled Kubernetes workloads to run on MKE.


A container that converges the node to its desired state whenever the ucp-worker-agent service detects that the node is not running the correct MKE components. This container should remain in an exited state when the node is healthy.


A TLS proxy that allows secure access from the local Mirantis Container Runtime to MKE components.


A service that monitors the worker node and ensures that the correct MKE services are running. The ucp-worker-agent service ensures that only authorized users and other MKE services can run Docker commands on the node. The ucp-worker-agent deploys a set of containers onto worker nodes, which is a subset of the containers that ucp-manager-agent deploys onto manager nodes. This component is named ucp-worker-agent-win on Windows nodes.

See also