☸️ Kubernetes Architecture Visualized: Pods, Nodes, and the Control Plane Explained
If Kubernetes feels like a black box of YAML and magic, you’re not alone.
At its core, Kubernetes is just a smart scheduler and manager for containerized applications. But understanding its architecture is the key to unlocking its power.
In this blog, we’ll break down Kubernetes architecture from the inside out — Pods, Nodes, and the Control Plane — and show you how they work together like an intelligent operating system for the cloud.
Let’s dive in. 👇
📦 1. What is Kubernetes? (Quick Refresher)
Kubernetes (K8s) is an open-source platform for orchestrating containers (usually Docker) — automating deployment, scaling, load balancing, and management.
You tell Kubernetes what your app should look like, and it makes it happen — even when things go wrong.
🧱 2. High-Level Kubernetes Architecture
Your Cluster
├── Control Plane (Master)
│ ├── kube-apiserver
│ ├── etcd
│ ├── kube-controller-manager
│ ├── kube-scheduler
│ └── cloud-controller-manager
└── Worker Nodes
├── kubelet
├── kube-proxy
└── Container Runtime (e.g., containerd)
└── Pods
└── Containers
🎛️ 3. The Control Plane – The Brain of Kubernetes
The Control Plane is the cluster’s central nervous system. It decides what to do and sends instructions to worker nodes.
🧩 Components of the Control Plane:
✅ kube-apiserver
- The front door to your cluster
- Accepts REST API requests (e.g.,
kubectl) - Authenticates & validates requests
✅ etcd
- The database for all cluster state (config, secrets, node status)
- A fast, distributed key-value store
✅ kube-scheduler
- Assigns Pods to Nodes
- Based on CPU, memory, taints/tolerations, affinity rules
✅ kube-controller-manager
- Runs background loops (controllers)
- Watches the cluster and makes it match your desired state
- Includes:
- Node controller
- Replication controller
- Endpoints controller
✅ cloud-controller-manager
- Interacts with cloud APIs (AWS, GCP, Azure)
- Handles:
- Load balancers
- Persistent volumes
- Node metadata
🧠 Think of the Control Plane as the cluster’s brain — it knows the state of everything and acts accordingly.
🖥️ 4. Worker Nodes – The Muscle of Kubernetes
A Node is a VM or physical machine that runs your workloads.
Each Node includes:
✅ kubelet
- Talks to the Control Plane
- Ensures containers in a Pod are running
- Reports status back to the API Server
✅ kube-proxy
- Handles network routing for Services
- Uses IPTables or IPVS to direct traffic to the right Pod
✅ Container Runtime
- The engine that runs containers (e.g., containerd, Docker, CRI-O)
🧠 If the Control Plane is the brain, Nodes are the hands and legs that do the actual work.
📦 5. Pods – The Smallest Deployable Unit
A Pod is the basic execution unit in Kubernetes.
Each Pod:
- Contains one or more containers
- Shares the same network IP and storage
- Is ephemeral (can be destroyed & recreated)
📌 Containers live inside Pods, not directly on Nodes.
Types of Pods:
| Pod Type | Description |
|---|---|
| Single-container Pod | Most common pattern |
| Multi-container Pod | Containers share the same space (sidecars, init containers) |
🧠 6. How Everything Works Together
Let’s say you apply a Deployment YAML that asks for 3 replicas of your app.
What happens?
kubectl applysends the request tokube-apiserver- It’s stored in
etcdas desired state kube-controller-managernotices the deployment → creates 3 Podskube-schedulerfinds Nodes with enough resourceskubeleton those Nodes starts the containerskube-proxyupdates routing so traffic reaches the Pods
Voila! Your app is running.
🌐 7. Services & Ingress – Exposing Your App
✅ Service
- Abstracts access to Pods
- Routes traffic evenly (load balancing)
- Types:
ClusterIP– Internal accessNodePort– Exposed via node IP + portLoadBalancer– Managed by cloud provider
✅ Ingress
- Smart HTTP router (URL/path-based)
- Uses controllers like NGINX or Traefik
- Allows TLS termination, routing, auth
📊 8. Storage & Volumes
Pods are ephemeral — if they die, so does their data (unless you use volumes).
| Type | Purpose |
|---|---|
emptyDir | Temporary storage |
hostPath | Uses node’s local disk |
PersistentVolume (PV) | Abstract storage object |
PersistentVolumeClaim (PVC) | Request for a PV |
Supported backends: AWS EBS, Azure Disk, NFS, CSI drivers
🔐 9. Security in Kubernetes
| Feature | Use |
|---|---|
| RBAC | Who can do what (users, service accounts) |
| Network Policies | Control Pod-to-Pod communication |
| Pod Security Standards (PSS) | Enforce security best practices |
| Secrets & ConfigMaps | Store passwords, tokens, config values securely |
⚙️ 10. Advanced Tools & Patterns
| Tool/Pattern | Function |
|---|---|
| Helm | Package manager for K8s apps |
| ArgoCD | GitOps-based continuous delivery |
| Custom Resource Definitions (CRDs) | Extend the K8s API |
| Operators | Automate complex app lifecycles (e.g., DBs, Kafka) |
| HPA/VPA | Auto-scaling based on CPU/memory or custom metrics |
🧪 Bonus: Real-World Example Flow
You deploy a microservice to Kubernetes:
- You define a Deployment with 5 replicas.
- Kubernetes schedules those Pods across Nodes.
- A Service exposes those Pods internally.
- An Ingress routes traffic from the internet to the Service.
- Metrics from Pods flow to Prometheus.
- Auto-scaling kicks in when CPU usage rises.
That’s production-grade orchestration — automated, observable, scalable.
🏁 Final Thoughts
Kubernetes may seem complex, but it’s built on simple primitives:
- A Pod is just a container with extras
- A Node is just a server that runs Pods
- The Control Plane just ensures the desired state becomes the actual state
Understand these parts, and Kubernetes becomes an OS for your infrastructure.
Leave a Reply