Skip to main content

The Architecture: Brain & Muscle

Key Takeaways for AI & Readers
  • Control Plane vs. Worker Nodes: The cluster is divided into the "Brain" (global decisions) and "Muscle" (workload execution).
  • Single Source of Truth: etcd stores all cluster state; its integrity is critical for cluster survival.
  • Declarative Management: The API Server and Controllers work together to maintain the "Desired State" of the cluster.
  • Node Agents: The kubelet ensures containers are running, while kube-proxy manages networking rules.

A Kubernetes cluster is split into two parts: the Control Plane (the Brain) and the Worker Nodes (the Muscle).

Control Plane

Worker Node

Click on a component above to see what it does.

The Control Plane (The "Brain")

The Control Plane makes global decisions (like scheduling) and detects/responds to cluster events (like a node crashing).

  1. API Server (The Front Desk):

    • The only component that talks to etcd.
    • All tools (kubectl, Dashboard) and other components talk to the API Server.
    • It validates requests and updates the cluster state.

  2. etcd (The Memory):

    • A consistent, highly-available key-value store.
    • The Single Source of Truth. If you lose etcd data, you lose the cluster.
    • Distributed Consensus: etcd uses the RAFT algorithm. This ensures that every node in the Control Plane sees the exact same data at the same time.
    • Trade-off: etcd prioritizes Consistency over Availability (CAP Theorem). If more than half of your etcd nodes go down, the entire cluster stops accepting changes to protect data integrity.

  3. Scheduler (The Matchmaker):

    • Watches for new Pods with no assigned Node.
    • Selects the best Node for them based on CPU/RAM availability, taints, and affinity.

  4. Controller Manager (The Fixer):

    • A binary running multiple background loops.
    • Node Controller: Notices when nodes go down.
    • Replication Controller: Ensures the correct number of pods are running.

  5. Cloud Controller Manager:

    • Embeds cloud-specific logic (AWS, GCP, Azure).
    • Example: When you create a Service of type LoadBalancer, this component talks to the AWS API to provision an ELB.

The Worker Nodes (The "Muscle")

The machines that actually run your applications.

  1. Kubelet (The Agent):

    • An agent running on every node.
    • It talks to the API Server: "Do you have any work for me?"
    • It instructs the Container Runtime to start/stop containers.

  2. Kube-Proxy (The Networker):

    • Maintains network rules on the node.
    • Ensures traffic destined for a Service IP gets routed to the correct Pod IP.
    • Usually uses iptables or IPVS.

  3. Container Runtime:

    • The software that actually runs the containers.
    • Examples: containerd, CRI-O, Docker Engine.