Worker nodes

Worker nodes are instances of MCR that participate in a swarm for the purpose of executing containers. Such nodes receive and execute tasks dispatched from manager nodes. Worker nodes must have at least one manager node, as they do not participate in the Raft distributed state, perform scheduling, or serve the swarm mode HTTP API.

Note

Some Kubernetes components are run as Swarm services because the MKE control plane is itself a Docker Swarm cluster.

The following tables detail the MKE services that run on worker nodes.

Swarm services

MKE component

Description

ucp-hardware-info

A container for collecting host information regarding disks and hardware.

ucp-interlock-config

A service that manages Interlock configuration.

ucp-interlock-extension

A helper service that reconfigures the ucp-interlock-proxy service, based on the Swarm workloads that are running.

ucp-interlock-proxy

A service that provides load balancing and proxying for swarm workloads. Only runs when you enable layer 7 routing.

ucp-kube-proxy

The networking proxy running on every node, which enables Pods to contact Kubernetes services and other Pods through cluster IP addresses. Named ucp-kube-proxy-win in Windows systems.

ucp-kubelet

The Kubernetes node agent running on every node, which is responsible for running Kubernetes Pods, reporting the health of the node, and monitoring resource usage. Named ucp-kubelet-win in Windows systems.

ucp-pod-cleaner-win

A service that removes all the Kubernetes Pods that remain once Kubernetes components are removed from Windows nodes. Runs only on Windows nodes.

ucp-proxy

A TLS proxy that allows secure access from the local Mirantis Container Runtime to MKE components.

ucp-tigera-node-win

The Calico node agent that coordinates networking fabric for Windows nodes according to the cluster-wide Calico configuration. Runs on Windows nodes when Kubernetes is set as the orchestrator.

ucp-tigera-felix-win

A Calico component that runs on every machine that provides endpoints. Runs on Windows nodes when Kubernetes is set as the orchestrator.

ucp-worker-agent-x and ucp-worker-agent-y

A service that monitors the worker node and ensures that the correct MKE services are running. The ucp-worker-agent service ensures that only authorized users and other MKE services can run Docker commands on the node. The ucp-worker-agent-<x/y> deploys a set of containers onto worker nodes, which is a subset of the containers that ucp-manager-agent deploys onto manager nodes. This component is named ucp-worker-agent-win-<x/y> on Windows nodes.

Kubernetes components

MKE component

Description

cri-dockerd-mke

An MKE service that accounts for the removal of dockershim from Kubernetes as of version 1.24, thus enabling MKE to continue using Docker as the container runtime.

k8s_calico-node

The Calico node agent that coordinates networking fabric according to the cluster-wide Calico configuration. Part of the calico-node DaemonSet. Runs on all nodes.

k8s_firewalld-policy_calico-node

An init container for calico-node that verifies whether systems with firewalld are compatible with Calico.

k8s_install-cni_calico-node

A container that installs the Calico CNI plugin binaries and configuration on each host. Part of the calico-node DaemonSet. Runs on all nodes.

k8s_ucp-node-feature-discovery-master

A container that provides node feature discovery labels for Kubernetes nodes.

k8s_ucp-node-feature-discovery-worker

A container that provides node feature discovery labels for Kubernetes nodes.

k8s_ucp-nvidia-device-partitioner

A container that provides supports for Multi Instance GPU (MIG) on NVIDIA GPUs.

k8s_ucp-secureoverlay-agent

A container that provides a per-node service that manages the encryption state of the data plane.

Kubernetes pause containers

MKE component

Description

k8s_POD_calico-node

The pause container for the Calico-node Pod. This container is hidden by default, but you can see it by running the following command:

docker ps -a

k8s_POD_ucp-node-feature-discovery

The pause container for the node feature discovery labels on Kubernetes nodes.

k8s_POD_ucp-nvidia-device-partitioner

The pause container for ucp-nvidia-device-partitioner.

k8s_ucp-pause_ucp-nvidia-device-partitioner

The pause container for ucp-nvidia-device-partitioner.