top of page

Kubernetes Architecture

Updated: Feb 16

Kubernetes stands as an open-source platform designed to streamline the deployment and administration of containers. At its core, Kubernetes offers a suite of functionalities encompassing container runtime, orchestration, infrastructure management, self-repair mechanisms, and service discovery with load-balancing capabilities.

Its primary functions include deploying, scaling, managing, and composing application containers across distributed clusters of hosts.

Yet, Kubernetes transcends its role as a mere container orchestrator. It could be likened to the operating system for cloud-native applications, serving as the foundational platform upon which applications operate.

Just as desktop applications rely on operating systems like MacOS, Windows, or Linux for execution, cloud-native applications thrive within the Kubernetes ecosystem, benefiting from its robust infrastructure and management capabilities.

Kubernetes Architecture

Kubernetes Architecture

At a high level, the Kubernetes architecture comprises three key components:

1. Control Plane (Master):

The control plane, often referred to as the master, serves as the brain of the Kubernetes cluster. It oversees and manages the entire cluster's operations, including scheduling, scaling, and maintaining the desired state of the cluster. The control plane consists of various components such as the API server, scheduler, controller manager, and etcd.

2. etcd:

etcd is a distributed key-value store used by Kubernetes to store and manage the cluster's state. It ensures consistency and reliability by providing a centralized repository for configuration data, metadata, and other essential information related to the cluster. etcd plays a crucial role in maintaining the desired state of the cluster and facilitating communication between the control plane components and cluster nodes.

3. Cluster Nodes (Kubelets):

Cluster nodes, also known as worker nodes, are the machines responsible for executing and managing the workload containers within the Kubernetes cluster. Each node runs a kubelet agent, which communicates with the control plane to receive instructions, report status, and manage container operations on the node. Additionally, nodes typically run container runtime software such as Docker or containerd to launch and manage containers as per the instructions received from the control plane.

1. Kubernetes Control Plane

The control plane in Kubernetes serves as the central management system responsible for maintaining the desired state of all Kubernetes objects within the cluster. This includes pods, services, deployments, replica sets, and other resources that define the cluster's configuration and behavior. The control plane continuously monitors the state of these objects and takes actions to ensure that the actual state of the system matches the desired state specified by the user or administrator.

Kubernetes Architecture Control Plane

The control plane is composed of five major components:

  • Kube-apiserver

  • Kube-controller-manager

  • Kube-scheduler

  • Etcd

  • Cloud-controller-manager


The API Server acts as the front end for the Kubernetes control plane. It exposes the Kubernetes API, which allows users, administrators, and other components to interact with the cluster. The API server provides APIs to support various operations such as creating, updating, and deleting resources, as well as handling authentication and authorization of API requests. It acts as the gateway to the cluster, making the API server accessible to clients from outside the cluster.


The Controller Manager is a daemon responsible for running the core control loops in the cluster. These control loops continuously watch the state of various objects and take actions to ensure that the current state matches the desired state. For example, the ReplicaSet controller ensures that the desired number of pod replicas are running, while the Node controller manages node lifecycle operations. Additionally, the Cloud Controller Manager integrates with public cloud providers to optimize support for availability zones, VM instances, storage services, and network services such as DNS, routing, and load balancing.


The Scheduler is responsible for scheduling containers onto nodes in the cluster. It evaluates various factors such as resource requirements, quality of service requirements, and affinity/anti-affinity specifications to make informed scheduling decisions. The scheduler ensures efficient resource utilization and optimal performance of workloads by distributing containers across nodes based on available resources and constraints.


Etcd is a distributed, consistent, and highly-available key-value store used as Kubernetes' backing store for all cluster data. It serves as the primary data store for Kubernetes, storing essential information such as configuration data, metadata, and state information. Etcd ensures that cluster data is consistent and available across all nodes in the cluster, even in the event of node failures or network partitions.

As the backbone of Kubernetes' control plane, Etcd plays a critical role in maintaining the desired state of the cluster and enabling coordination between control plane components. It serves as the source of truth for cluster-wide configuration and state information, allowing Kubernetes components to synchronize and collaborate effectively.

However, since Etcd is a crucial component of the Kubernetes control plane, it's essential to have a backup plan in place to safeguard cluster data against potential data loss or corruption. Regular backups of Etcd data should be performed to ensure data resilience and recoverability in case of disasters or system failures.


The Cloud Controller Manager is a component of the Kubernetes control plane that enables integration with cloud provider-specific APIs and services. It acts as an intermediary between Kubernetes and the underlying cloud infrastructure, allowing Kubernetes to leverage cloud provider capabilities effectively.

In environments where Kubernetes clusters are deployed on public cloud platforms such as AWS, Azure, or Google Cloud Platform (GCP), the Cloud Controller Manager is essential for seamless integration with cloud provider services. It abstracts cloud-specific functionalities and APIs, enabling Kubernetes to interact with cloud resources such as virtual machines, storage services, networking, and load balancers.

The Cloud Controller Manager separates components that interact with the cloud platform from those that interact solely with the Kubernetes cluster. This separation improves modularity and simplifies management by isolating cloud provider dependencies within the control plane.

The Cloud Controller Manager is not required in on-premises or local Kubernetes environments where there is no dependency on cloud-specific APIs and services. In such cases, the Cloud Controller Manager can be disabled or omitted from the deployment configuration. However, in cloud-based deployments, it plays a crucial role in enabling Kubernetes to leverage cloud provider capabilities effectively.

Several controllers within the Cloud Controller Manager have dependencies on cloud provider services, including the

  1. Node controller

  2. Route controller, and

  3. Service controller.

These controllers interact with the cloud platform to perform tasks such as node management, route setup, and load balancer management, enhancing Kubernetes' capabilities in cloud environments.Service controller: For creating, updating and deleting cloud provider load balancers

Cluster Nodes

Cluster nodes in Kubernetes are the machines responsible for running containers and are managed by the master nodes. The primary controller on each node is the Kubelet, which orchestrates container execution, typically through Docker.

Kubernetes Architecture Cluster Nodes

The cluster nodes are made up of three major components:

  • Kubelet

  • Kube-proxy

  • Container Runtime


The Kubelet is an agent that runs on every node within the cluster. Its primary responsibility is to ensure that containers are running within pods, which are the basic execution units in Kubernetes. The Kubelet receives PodSpecs, which define the desired state of pods, and it ensures that the containers described in these PodSpecs are launched and maintained in a healthy state. However, the Kubelet does not manage containers that were not created by Kubernetes.


Kube-proxy is a network proxy service that operates on each node in the cluster. It implements a portion of the Kubernetes Service concept by managing network communication to and from pods.

Kube-proxy maintains network rules on nodes, allowing network sessions to reach pods from both inside and outside the cluster. It utilizes the operating system's packet filtering layer whenever available; otherwise, it handles traffic forwarding itself.

Container Runtime

The container runtime is the underlying software responsible for executing containers. Kubernetes supports various container runtimes, including Docker, containerd, CRI-O, and implementations of the Kubernetes Container Runtime Interface (CRI).

These runtimes provide the necessary environment for launching and managing containers, handling tasks such as container isolation, resource allocation, and lifecycle management.


bottom of page