🚀 Kubernetes Series – Day 5: Understanding Kubernetes Architecture

Nishank KoulNishank Koul
4 min read

“Kubernetes may seem complex at first glance, but once you understand its architecture, you'll appreciate how it achieves scalability, resilience, and automation at a production level.“

🏗️ High-Level Overview

Kubernetes architecture is divided into two main planes:

  • Control Plane (Master Components): Manages the cluster state and makes global decisions (e.g., scheduling, scaling).

  • Node Components (Worker Nodes): Run the actual applications in the form of containers inside Pods.

🔹 A. Control Plane Components

These components manage the overall state and health of the cluster.

1. kube-apiserver

  • Acts as the entry point to your Kubernetes cluster.

  • All external and internal communication happens via this API.

  • Exposes a RESTful interface for developers, tools (kubectl), and internal services.

2. etcd

  • A distributed, consistent key-value store.

  • Stores all cluster metadata: pods, nodes, secrets, config maps, and more.

  • Ensures high availability and strong consistency.

3. kube-scheduler

  • Assigns Pods to the most suitable node based on:

    • Resource availability

    • Node selectors

    • Taints and tolerations

    • Affinity/anti-affinity rules

4. kube-controller-manager

  • Manages controller loops that ensure the cluster matches the desired state.

  • Includes:

    • Node Controller – Detects node failures

    • Replication Controller – Maintains correct pod counts

    • Job, Endpoint, and Service Account Controllers, among others

🔸 B. Node Components (Worker Nodes)

Worker nodes actually run the applications in your Kubernetes cluster.

1. kubelet

  • Agent that runs on every worker node.

  • Accepts Pod specs from the control plane and ensures containers are running.

2. kube-proxy

  • Handles network routing and exposes services inside the cluster.

  • Manages network rules and enables service discovery and load balancing.

3. Container Runtime

  • The software responsible for running containers (e.g., containerd, CRI-O, or even Docker).

  • Interfaces with kubelet using the Container Runtime Interface (CRI).

4. Pod

  • The smallest deployable unit in Kubernetes.

  • Can contain one or more containers that:

    • Share the same network namespace

    • Share storage volumes

    • Are managed and restarted as a group

  • Pods are ephemeral—Kubernetes can recreate them on failure.

🏛️ Architecture Diagram

Kubernetes Architecture Explained | by Extio Technology | Medium

🔁 How It All Works Together

Here’s the step-by-step flow of how Kubernetes handles a deployment:

  1. A user runs a command like kubectl apply -f deployment.yaml.

  2. The kube-apiserver receives the request and validates it.

  3. The object state is stored in etcd as the “desired state”.

  4. The controller manager observes this state and starts taking action.

  5. The scheduler selects a node to run each Pod.

  6. The kubelet on that node pulls the container image and starts the containers.

  7. The kube-proxy configures networking to route traffic to the correct Pod.

🧩 Core Functionalities of kube-apiserver

The kube-apiserver is the central nervous system of Kubernetes. Every operation—whether initiated by a user, a controller, or another internal component—goes through it.

1. 🔐 Authentication

  • Validates who is making the request.

  • Supports various methods:

    • Client certificates

    • Bearer tokens

    • Service accounts

    • OAuth2 (OIDC)

    • Webhooks

2. ✅ Authorization

  • Determines what the authenticated user/component is allowed to do.

  • Supported models:

    • RBAC (Role-Based Access Control)

    • ABAC (Attribute-Based Access Control)

    • Webhook Authorization

    • Node Authorization

3. 🚦 Admission Control

  • Processes requests after authentication and authorization, but before persistence.

  • Examples:

    • NamespaceLifecycle

    • ResourceQuota

    • LimitRanger

  • Two main types:

    • ValidatingAdmissionWebhook – Reject invalid resources

    • MutatingAdmissionWebhook – Modify resource definitions before saving

4. 📤 API Handling & Validation

  • Parses, validates, and processes all incoming API requests.

  • Converts between API versions (e.g., apps/v1, v1beta1).

  • Rejects malformed or invalid configurations.

5. 💾 State Persistence

  • Saves the desired state of the cluster in etcd.

  • Kubernetes components act to make the current state match this desired state.

  • All cluster data lives here—Pods, Services, Deployments, etc.

6. 🔄 Cluster Communication Hub

  • Facilitates internal communication:

    • Scheduler fetches pending Pods.

    • Controller manager watches for state changes.

    • Kubelets watch for new workloads assigned to their node.

7. 🌐 REST Interface

  • Exposes Kubernetes functionality to tools like:

    • kubectl

    • CI/CD platforms (e.g., ArgoCD, GitLab CI)

    • Dashboards

    • Monitoring tools and third-party integrations

🧠 Final Thoughts

Kubernetes may seem complex at first glance, but its architecture is elegant and purposeful. Each component plays a distinct role in maintaining the reliability and scalability of your workloads.

As you move forward with Kubernetes, understanding this architecture will help you debug, scale, and optimize your deployments with confidence.

1
Subscribe to my newsletter

Read articles from Nishank Koul directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Kuberneteskubernetes architecturecontrol plane

Written by

Nishank Koul
Nishank Koul