✦ For everyone, free.

Practical knowledge for real and everyday life

Home

10.2 Kubernetes Workload Controller Reconciliation

Kubernetes Workload Controller Reconciliation ensures desired state is achieved by continuously comparing and updating running workloads with defined specifications.

Kubernetes Workload Controller Reconciliation is the continuous control loop pattern by which workload controllers observe the current state of the Pods and related objects they manage, compare that observed state against the desired state declared in their own specification, and take corrective action to close any gap between the two, forming the foundational mechanism through which Kubernetes maintains workloads without requiring constant manual intervention.


The Core Reconciliation Loop

Observe, Compare, Act

Every workload controller follows the same fundamental pattern: it watches relevant objects through the API server, compares the observed state, such as the current number of matching Pods, against the desired state defined in its specification, and issues corrective API calls, such as creating or deleting Pods, whenever a discrepancy is found.

Level-Based Rather Than Edge-Based Triggering

Reconciliation in Kubernetes is designed to be level-triggered rather than edge-triggered, meaning controllers do not rely solely on reacting to individual change events but instead periodically re-evaluate the full current state against the desired state, ensuring that a missed or dropped event does not leave the system permanently out of sync.


Watch-Based Event Consumption

Informers and Local Caches

Controllers typically use informer components that maintain a local, continuously updated cache of relevant objects by watching the API server for changes, allowing reconciliation logic to operate against this local cache rather than issuing a fresh API request for every single evaluation, significantly reducing load on the API server.

Work Queues

Detected changes are placed onto an internal work queue, which the controller's reconciliation function processes one item at a time, often with built-in deduplication so that multiple rapid changes to the same object result in a single reconciliation pass rather than redundant repeated processing.


Idempotency as a Design Requirement

Safe to Run Repeatedly

Reconciliation functions are designed to be idempotent, meaning running the same reconciliation logic multiple times against an unchanged state produces no additional side effects beyond the first run, which is essential since the level-triggered design guarantees that reconciliation will be invoked repeatedly, including for states it has already successfully handled.

Tolerance for Partial Failures

Because a reconciliation pass may fail partway through, such as after creating some but not all needed Pods, idempotency ensures that a subsequent reconciliation pass can safely pick up where the previous one left off without duplicating already-completed work or leaving the system in a worse state than before the failure.


Reconciliation Across Different Controller Types

ReplicaSet Reconciliation

A ReplicaSet's reconciliation loop compares its current count of matching, non-terminating Pods against its desired replicas value, creating new Pods when short and deleting excess Pods, generally preferring to remove the most recently created or least-ready Pods first when scaling down.

StatefulSet Reconciliation

A StatefulSet's reconciliation loop additionally accounts for strict ordering, creating and deleting Pods according to their ordinal index in sequence rather than in parallel, and ensuring each Pod's associated PersistentVolumeClaim exists and is properly bound before considering that ordinal's Pod ready to proceed.

DaemonSet Reconciliation

A DaemonSet's reconciliation loop evaluates every eligible node in the cluster against its Pod template and ensures exactly one matching Pod exists per node, adding Pods to newly joined nodes and removing them from nodes that no longer satisfy the DaemonSet's node selection criteria, such as through tainting.


Backoff and Rate Limiting in Reconciliation

Avoiding Tight Failure Loops

When reconciliation actions fail repeatedly, such as a Pod creation being rejected by admission control, controllers apply exponential backoff to their retry attempts, preventing a persistently failing reconciliation target from consuming disproportionate API server or controller resources through rapid repeated attempts.

Rate-Limited Work Queues

Many controller implementations use rate-limited work queues that combine this backoff behavior with queue-level throttling, ensuring that even a large batch of simultaneously failing reconciliation targets does not overwhelm the controller's processing capacity or the API server it depends on.