Kubernetes | Architecture Overview

Ilayaraja VeerakalaiIlayaraja Veerakalai
3 min read

Kubernetes (K8s) is an open-source container orchestration platform that automates deployment, scaling, and management of containerized applications.

Kubernetes follows a client-server architecture with a control plane (master nodes) that manages worker nodes where containers are deployed. Here's a detailed breakdown:

Control Plane Components (Master Nodes)

1. API Server (kube-apiserver)

  • Central management entity

  • Exposes the Kubernetes API (REST interface)

  • Validates and processes and executes all API requests

  • Only component that directly interacts with etcd

  • Enforces security policies

  • Facilitates interaction between all components

2. etcd

  • Distributed, Consistent and highly-available key-value store

  • Stores all cluster data (configuration, state, metadata)

  • Implements watches for change notifications

  • Single source of truth for all k8s components

  • Only API server talks to etcd and other components interact via api server

3. Scheduler (kube-scheduler)

  • Watches for newly created Pods with no assigned node

  • Selects a node for Pods to run on based on:

    1. Resource requirements

    2. Affinity/anti-affinity specifications

    3. Taints and tolerations

    4. Data locality

    5. Volume restrictions

    6. Distributes workloads across cluster

4. Controller Manager (kube-controller-manager)

  • Core components of K8s. Runs controller processes that regulate cluster state to ensure the cluster’s actual state matches the desired state declared in api server

    1. Node Controller

      • Monitors node status (ready/not ready)

      • Handles node failure

      • Sync node information from cloud providers

    2. Replication Controller

      • Maintain correct number of pods for replicaSets/Deployments

      • Creates. deletes Pods to match spec.replicas

    3. Endpoints Controller

      • Populates Endpoints objects (links Servces to Pods)

    4. Service Account & Token Controllers

      • Manages service accounts tokens for API server

    5. Namespace Controller

      • Handles namespace lifecycle (creation/deletion)

      • Cascades deletion of resources in a namespace

    6. Persistent Volume Controller

      • Binds PersistentVolumeClaims to PersistentVolumes

      • Handles dynamic provisioning

5. Cloud Controller Manager (optional)

  • Integrates with cloud provider APIs

  • Manages cloud-specific controllers:

    1. Node Controller (for cloud instances)

      • Auto discovers new VM

      • Handles node labeling/tainting

      • Implements cloud provider health checks

    2. Route Controller (for networking)

      • Configure cloud networking routes between pods

    3. Service Controller (for load balancers)

      • Implements service type

        • LoadBalncer (cloud-native LB)

        • NodePort with cloud integration

Worker Node Components

1. kubelet

  • Primary "node agent" that runs on each worker

  • Creates, modifies and deletes containers based on Pod specs from API server and ensures containers are running healthy

  • Ensures containers are running in a Pod

  • Handles container restarts(crash loop backoff)

  • Reports node and Pod status back to control plane

  • Communicates with container runtimes via CRI

  • Enforces Pod security standards

  • Mounts Volume

  • Configures Pod networking

  • Manages container DNS

2. kube-proxy

  • Network proxy that maintains network rules

  • Service abstraction Implementation

    1. Translates service definitions (ClusterIP, NodePort, LoadBalancer) into actual network rules

  • Performs connection forwarding or load balancing

  • Implements Service IPs using iptables/IPVS

3. Container Runtime

  • Software that runs containers. such as

    1. Docker(deprecated)

    2. Containerd(default)

    3. CRI-O(from linux)

  • Responsible for pulling images, starting/stopping containers

  • Kubernetes communicates with container runtime through Container Runtime Interface (CRI)

Addons (Optional Components)

1. DNS (CoreDNS)

  • Default Cluster DNS server

  • Provides name resolution for Services and Pods and other cluster resources

  • Replaces kube-dns in k8s v1.13+

2. Dashboard

  • Web-based Kubernetes UI

3. Ingress Controller

  • Provides external access to Services

  • Implements ingress rules (Nginx, Traefik, etc.)

4. Container Network Interface (CNI) Plugins

  • Implements pod networking

  • Enabling communication between containers, Pods and external services

  • Examples: Calico, Flannel, Weave Net

Data Flow

1. User submits manifest via kubectl to API Server

2. API Server validates and stores state in etcd

3. Scheduler assigns Pods to nodes

4. kubelet on assigned node pulls Pod spec

5. kubelet instructs container runtime to launch containers

6. kube-proxy sets up networking rules

7. Controllers continuously monitor and reconcile state

0
Subscribe to my newsletter

Read articles from Ilayaraja Veerakalai directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Kuberneteskubernetes architecture

Written by

Ilayaraja Veerakalai
Ilayaraja Veerakalai

DevOps Engineer with a strong background in Configuration Management and support roles, skilled in tools like AWS, Docker, Kubernetes, Terraform, and Ansible. I focus on automating processes, improving system performance, and making networks scalable and secure in cloud environments.