Worker nodes

Worker nodes

Worker nodes are instances of MCR that participate in a swarm for the purpose of executing containers. Such nodes receive and execute tasks dispatched from manager nodes. Worker nodes must have at least one manager node, as they do not participate in the Raft distributed state, perform scheduling, or serve the swarm mode HTTP API.

The following table details the MKE services that run on worker nodes.

MKE components on worker nodes

MKE component

Description

k8s_calico-node

A cluster-scoped Kubernetes controller used to coordinate Calico networking. Runs on all nodes.

k8s_install-cni_calico-node

A container that installs the Calico CNI plugin binaries and configuration on each host. Part of the calico-node DaemonSet. Runs on all nodes.

k8s_POD_calico-node

The Pause containers for the Calico-node pod. By default, this container is hidden, but you can see it by running the following command:

docker ps -a

ucp-agent

A service that monitors the node and ensures that the correct MKE services are running. On worker nodes, the ucp-agent service ensures that only authorized users and other MKE services can run Docker commands on the node. The ucp-agent deploys a subset of containers on worker nodes.

ucp-interlock-extension

A helper service that reconfigures the ucp-interlock-proxy service, based on the swarm workloads that are running.

ucp-interlock-proxy

A service that provides load balancing and proxying for swarm workloads. Only runs when you enable Layer 7 routing.

ucp-dsinfo

A Docker system script for collecting information that assists with troubleshooting. On Windows nodes the component name is ucp-dsinfo-win.

ucp-kubelet

The kubernetes node agent running on every node, which is responsible for running Kubernetes pods, reporting the health of the node, and monitoring resource usage.

ucp-kube-proxy

The networking proxy running on every node, which enables pods to contact Kubernetes services and other pods through cluster IP addresses.

ucp-reconcile

A container that converges the node to its desired state whenever the ucp-agent service detects that the node is not running the correct MKE components. This container should remain in an exited state when the node is healthy.

ucp-proxy

A TLS proxy that allows secure access from the local Mirantis Container Runtime to MKE components.