Skip to content

Cluster Architecture

Estimated time to read: 5 minutes

Kubernetes is an open-source platform designed to automate the deployment, scaling, and operation of containerized applications. Its architecture is built around the concept of clusters, which include several components working together to manage containerized workloads across multiple environments. Below is a detailed breakdown of the key components of Kubernetes architecture:

components-of-kubernetes.svg


Kubernetes Cluster

A Kubernetes cluster is the foundation of the Kubernetes architecture. It consists of:

  • Master Node (Control Plane): Responsible for managing the entire Kubernetes cluster.
  • Worker Nodes: Run containerized applications in pods, orchestrated by the control plane.

Control Plane (Master Node)

The control plane is the brain of Kubernetes, managing the state of the cluster, scheduling, and controlling the worker nodes. The main components of the control plane are:

API Server (kube-apiserver)

  • Acts as the front end of the Kubernetes control plane, exposing the Kubernetes API. It’s the only component that communicates with the cluster components through RESTful calls.
  • Handles all administrative tasks like managing the cluster’s state and interacting with other components.

etcd

  • A consistent and highly available key-value store that stores the entire state of the Kubernetes cluster (including configurations, node status, secrets, and more).
  • Etcd is the "source of truth" for the cluster’s data.

Controller Manager (kube-controller-manager):

  • Runs various controllers to ensure the desired state of the system is maintained. These controllers constantly monitor the cluster, make decisions, and apply necessary changes (e.g., handling pod replication, node failures, and endpoints).

Scheduler (kube-scheduler):

  • Responsible for scheduling pods to run on specific worker nodes based on resource availability and requirements (like CPU, memory, affinity, and taints/tolerations).
  • Ensures optimal pod placement by considering resource constraints.

Worker Nodes

Worker nodes are where the actual applications (containers) run. Each worker node hosts the following components:

Kubelet

  • An agent running on each worker node, responsible for communicating with the API server and ensuring that the containers are running in the desired state within pods.
  • Monitors the health of pods and reports status back to the control plane.

Kube-proxy

  • Maintains network rules on worker nodes, allowing network communication between pods, services, and external entities.
  • Ensures efficient network routing for service discovery and load balancing.

Container Runtime

  • The software responsible for running containers (e.g., Docker, containerd, or CRI-O). Kubernetes is container runtime-agnostic and interfaces with the runtime through the Container Runtime Interface (CRI).

Kuberneters workloads

Pod

  • The smallest deployable unit in Kubernetes, which encapsulates one or more containers.
  • A pod shares storage and networking resources and represents a single instance of a running process in the cluster.

ReplicaSets

  • ReplicaSets ensure the specified number of pod replicas are running and self-heal by replacing failed pods.
  • They use label selectors to manage pods and scale applications easily.
  • While ReplicaSets can be used independently, they are commonly managed by Deployments, which add more advanced features like rolling updates and rollbacks.

Deployment

  • Deployment abstracts and manages ReplicaSets and Pods, providing tools for managing application updates, scaling, and fault tolerance.
  • It offers rolling updates, automatic scaling, and rollback features, making it a robust choice for managing containerized applications in production environments.
  • By using Deployments, you ensure your applications can be easily maintained and updated without causing downtime.

Services

A Service in Kubernetes is an abstraction that defines a logical set of pods and the policy by which to access them. Services ensure that workloads running in pods are accessible by network and can also provide load balancing.

  • ClusterIP: Exposes the service on a cluster-internal IP.
  • NodePort: Exposes the service on a static port on each worker node.
  • LoadBalancer: Exposes the service externally using a cloud provider's load balancer.

Ingress

Ingress manages external access to services, typically HTTP/HTTPS traffic, by providing routing rules and load balancing capabilities.


Persistent Volumes (PV) and Persistent Volume Claims (PVC)

Kubernetes separates storage management from the lifecycle of pods. PV is a piece of storage, and PVC is a request for storage by a pod. Kubernetes ensures that storage is dynamically provisioned or matched to available storage when needed.


ConfigMaps and Secrets

  • ConfigMaps store configuration data in key-value pairs, enabling decoupling of configuration settings from application logic.
  • Secrets store sensitive data such as passwords, tokens, or keys, encrypted and available for use by the pods.

Control Loop

Kubernetes works on the concept of a desired state and an actual state. The control plane continuously monitors the actual state of the cluster and, if any discrepancies are found, it takes action to drive the actual state towards the desired state, following a control loop mechanism.


Add-ons

Add-ons are additional features that can be deployed in the cluster for enhanced functionality, such as:

  • Metrics Server: For collecting resource metrics from nodes and pods.
  • Dashboard: A web-based UI for Kubernetes cluster management.
  • Network Add-ons: Provide various networking features, such as implementing custom network policies (e.g., Calico, Flannel).

Kubernetes Architecture Summary

  • Master Node manages the cluster and stores its state in etcd.
  • Worker Nodes run the actual workloads in the form of pods.
  • Core components like the API server, Scheduler, Controller Manager, and Kubelet work together to ensure the system maintains the desired state.
  • Services, Ingress, ConfigMaps, and Secrets offer network access, routing, configuration, and secure data handling for applications running on Kubernetes.

This architecture enables Kubernetes to handle dynamic scaling, self-healing, and flexible deployments in highly distributed environments.