1. overview.
md 2025-08-20
🌐 Kubernetes Architecture (Detailed)
🧠 Control Plane (the “brain” of the cluster)
Runs on master nodes and decides the clusterʼs state.
. kube-apiserver
Entry point for all kubectl and REST API calls.
Validates and processes requests.
Talks to etcd for storing/retrieving state.
Example: when you run kubectl apply -f pod.yaml, the YAML is sent here.
. etcd
Distributed key-value store (very similar to a database).
Stores cluster state: pods, services, secrets, configmaps, etc.
If etcd goes down → your cluster loses its “memory.”
. kube-scheduler
Watches for new Pods in etcd that donʼt yet have a node assigned.
Chooses the best node based on CPU, memory, taints/tolerations, affinity/anti-affinity, etc.
. kube-controller-manager
Runs multiple controllers (small reconciliation loops).
Examples:
Node Controller → detects if nodes go down.
ReplicaSet Controller → ensures the correct number of pods are running.
Job Controller → manages batch jobs.
. cloud-controller-manager (if on cloud like AWS, Azure, GCP)
Talks to cloud provider API.
Handles attaching storage, provisioning load balancers, managing nodes in cloud.
💪 Worker Node (the “muscle” of the cluster)
Runs the actual applications (containers).
. kubelet
Agent running on every worker node.
Talks to kube-apiserver.
Makes sure the containers on its node are healthy and match the PodSpec.
. kube-proxy
1/3
�1. overview.md 2025-08-20
Handles networking and service discovery.
Manages iptables/IPVS rules so Pods and Services can talk to each other.
Ensures load balancing across pods.
. Container runtime
Example: Docker, containerd, CRI-O.
Actually pulls images and runs containers.
📦 Default Pods in Kubernetes (in kube-system namespace)
When you install Kubernetes (via kubeadm, minikube, EKS, GKE, AKS, k3s, etc.), some system pods get
deployed automatically. Letʼs go one by one:
1. coredns
What it does: Provides DNS resolution inside the cluster.
Why it matters: Lets pods use service names (nginx.default.svc.cluster.local) instead of
IPs.
How it runs: Usually as a Deployment with 2 replicas.
Check it:
kubectl get pods -n kube-system -l k8s-app=kube-dns
2. kube-proxy
What it does: Manages networking rules for Services.
Why it matters: Ensures traffic to a Service is routed to the right pods.
How it runs: As a DaemonSet (1 pod per node).
Check it:
kubectl get daemonset kube-proxy -n kube-system
3. etcd
What it does: Stores the clusterʼs entire state.
Why it matters: Without etcd, Kubernetes has no memory of desired state.
How it runs: As a Pod on control plane nodes (in kube-system).
2/3
�1. overview.md 2025-08-20
4. kube-apiserver
What it does: Entry point for kubectl/API requests.
Why it matters: Nothing works without it — itʼs the gatekeeper.
How it runs: Static Pod on the control plane node.
5. kube-scheduler
What it does: Assigns pods to nodes.
Why it matters: Decides workload placement.
How it runs: Static Pod on the control plane.
6. kube-controller-manager
What it does: Runs all controllers (like ReplicaSet, Node, Job, etc.).
Why it matters: Ensures actual state matches desired state.
How it runs: Static Pod on control plane node.
7. cloud-controller-manager (if in cloud)
What it does: Connects Kubernetes to your cloud provider.
Why it matters: Needed for provisioning LoadBalancers, Volumes, etc.
How it runs: Pod on control plane node.
👉 So, when you run:
kubectl get pods -A
youʼll see something like this (simplified):
NAMESPACE NAME READY STATUS
kube-system coredns-787d4945fb-abcde 1/1 Running
kube-system coredns-787d4945fb-fghij 1/1 Running
kube-system etcd-master 1/1 Running
kube-system kube-apiserver-master 1/1 Running
kube-system kube-controller-manager-master 1/1 Running
kube-system kube-proxy-xyz123 1/1 Running
kube-system kube-scheduler-master 1/1 Running
3/3
