Kubernetes Architecture Explained — A Complete Visual Guide
Understand every component of Kubernetes — Control Plane, Worker Nodes, Pods, Services, and Deployments — with clear diagrams and practical examples.
Why Kubernetes?
Docker lets you run a single container. But what happens when you have 100 containers? 1000? What if one crashes? How do you load balance? How do you roll out updates without downtime?
Kubernetes (K8s) answers all of these questions. It is an open-source container orchestration platform — originally built by Google, now maintained by the CNCF.
High-Level Architecture
┌─────────────────────────────────────────────────┐
│ KUBERNETES CLUSTER │
│ │
│ ┌────────────────────┐ ┌──────────────────┐ │
│ │ CONTROL PLANE │ │ WORKER NODES │ │
│ │ │ │ │ │
│ │ ┌──────────────┐ │ │ ┌────────────┐ │ │
│ │ │ API Server │ │ │ │ Pod │ │ │
│ │ └──────────────┘ │ │ │ ┌────────┐ │ │ │
│ │ ┌──────────────┐ │ │ │ │ App │ │ │ │
│ │ │ etcd │ │ │ │ └────────┘ │ │ │
│ │ └──────────────┘ │ │ └────────────┘ │ │
│ │ ┌──────────────┐ │ │ ┌────────────┐ │ │
│ │ │ Scheduler │ │ │ │ Pod │ │ │
│ │ └──────────────┘ │ │ └────────────┘ │ │
│ │ ┌──────────────┐ │ └──────────────────┘ │
│ │ │ Controller │ │ │
│ │ │ Manager │ │ │
│ │ └──────────────┘ │ │
│ └────────────────────┘ │
└─────────────────────────────────────────────────┘
Control Plane Components
The Control Plane is the brain of the cluster. It makes global decisions about the cluster state.
1. API Server
The central hub — all communication flows through it. Every kubectl command, every controller, every node communicates via the API Server.
# All kubectl commands are API calls
kubectl get pods → GET /api/v1/namespaces/default/pods
kubectl apply -f → POST /api/v1/...2. etcd
A distributed key-value store that holds the entire cluster state. If you lose etcd without a backup, you lose your cluster.
- Highly available (runs as a cluster)
- Consistent (uses Raft consensus)
- Only the API Server talks to etcd directly
3. Scheduler
Watches for new Pods with no assigned node and assigns them to the best available node based on:
- Available CPU and memory
- Node affinity/anti-affinity rules
- Taints and tolerations
- Resource requests and limits
4. Controller Manager
Runs multiple control loops, each responsible for maintaining desired state:
| Controller | Responsibility |
|---|---|
| Deployment Controller | Ensures correct number of replicas |
| Node Controller | Monitors node health |
| Service Controller | Manages cloud load balancers |
| ReplicaSet Controller | Maintains pod replica count |
Worker Node Components
kubelet
An agent running on every worker node. It receives Pod specifications and ensures the described containers are running and healthy.
# Check kubelet status on a node
systemctl status kubeletkube-proxy
Maintains network rules on nodes. It enables communication to Pods from inside and outside the cluster, implementing the Kubernetes Service abstraction.
Container Runtime
The software that actually runs containers. Kubernetes supports:
- containerd (most common)
- CRI-O
- Docker Engine (via shim, deprecated)
Core Kubernetes Objects
Pod — The Smallest Deployable Unit
A Pod wraps one or more containers that share network and storage.
apiVersion: v1
kind: Pod
metadata:
name: my-app
labels:
app: my-app
spec:
containers:
- name: app
image: nginx:latest
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"You rarely create Pods directly. Use Deployments instead — they manage Pods for you.
Deployment — Managing Pod Lifecycle
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: app
image: my-app:v2
ports:
- containerPort: 3000# Apply the deployment
kubectl apply -f deployment.yaml
# Watch rollout status
kubectl rollout status deployment/my-app
# Rolling update to new image
kubectl set image deployment/my-app app=my-app:v3
# Rollback to previous version
kubectl rollout undo deployment/my-app
# View rollout history
kubectl rollout history deployment/my-appService — Stable Network Access to Pods
Pods are ephemeral — they get new IP addresses when restarted. A Service provides a stable endpoint.
apiVersion: v1
kind: Service
metadata:
name: my-app-service
spec:
selector:
app: my-app
ports:
- port: 80
targetPort: 3000
type: LoadBalancer # ClusterIP | NodePort | LoadBalancer| Type | Use Case |
|---|---|
ClusterIP | Internal cluster communication only |
NodePort | Expose on a static port on each node |
LoadBalancer | Cloud load balancer (AWS ELB, GCP LB) |
ConfigMap & Secret — Configuration Management
# ConfigMap for non-sensitive config
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
APP_ENV: "production"
LOG_LEVEL: "info"
DB_HOST: "postgres-service"
---
# Secret for sensitive data (base64 encoded)
apiVersion: v1
kind: Secret
metadata:
name: app-secrets
type: Opaque
data:
DB_PASSWORD: cGFzc3dvcmQxMjM= # base64 encodedEssential kubectl Commands
# View all resources in current namespace
kubectl get all
# Describe a resource (great for debugging)
kubectl describe pod my-app-xyz
# View pod logs
kubectl logs -f pod/my-app-xyz
# Execute a command inside a running pod
kubectl exec -it pod/my-app-xyz -- /bin/bash
# Check resource usage
kubectl top pods
kubectl top nodes
# Apply a manifest file
kubectl apply -f manifest.yaml
# Delete resources
kubectl delete -f manifest.yaml
# Get events (useful for debugging)
kubectl get events --sort-by='.lastTimestamp'
# Port-forward to access a pod locally
kubectl port-forward pod/my-app-xyz 8080:3000What to Learn Next
- Helm — Kubernetes package manager for templating manifests
- Ingress — HTTP/HTTPS routing with TLS termination
- Persistent Volumes — Stateful workload storage
- RBAC — Role-based access control
- Horizontal Pod Autoscaler — Auto-scaling based on metrics
- ArgoCD / Flux — GitOps continuous delivery
Kubernetes has a steep learning curve upfront, but once the architecture clicks, it becomes the most powerful tool in your DevOps toolkit.
Recommended Course
If you want to truly master Kubernetes — from architecture through deployments, networking, RBAC, and CKA exam prep — KodeKloud is the most hands-on learning platform available. Every concept comes with labs you run in a real cluster right in your browser.
Stay ahead of the curve
Get the latest DevOps, Kubernetes, AWS, and AI/ML guides delivered straight to your inbox. No spam — just practical engineering content.
Related Articles
AWS EKS vs Google GKE vs Azure AKS — Which Managed Kubernetes to Use in 2026?
Honest comparison of EKS, GKE, and AKS in 2026: pricing, developer experience, networking, autoscaling, and which one to pick for your use case.
Build a Kubernetes Cluster with kubeadm from Scratch (2026)
Step-by-step guide to building a real multi-node Kubernetes cluster using kubeadm — no managed services, no shortcuts.
eBPF Is Eating Kubernetes Networking — and Most DevOps Engineers Aren't Ready
eBPF is quietly replacing iptables, sidecars, and monitoring agents in Kubernetes. Here's what it is, why it matters, and what it means for your career in 2026.