Kubernetes Cluster Architecture

Hacksheets | Learn Cybersecurity
2 min readApr 16, 2021

--

https://hacksheets.in/kubernetes-cluster-architecture/

A Kubernetes cluster is a set of node machines for running containerized applications. If you’re running Kubernetes, you’re running a cluster.

A master node is a node which controls and manages a set of worker nodes (workloads runtime) and resembles a cluster in Kubernetes. A master node has the following components to help manage worker nodes:

  • Kube-APIServer, which acts as the frontend to the cluster. All external communication to the cluster is via the API-Server.
  • Kube-Controller-Manager, which runs a set of controllers for the running cluster. The controller-manager implements governance across the cluster.
  • Etcd, the cluster state database. Configuration data and information about the state of the cluster lives in etcd, a key-value store database. Fault-tolerant and distributed, etcd is designed to be the ultimate source of truth about your cluster.
  • Kube Scheduler, which schedules activities to the worker nodes based on events occurring on the etcd. It also holds the nodes resources plan to determine the proper action for the triggered event. For example the scheduler would figure out which worker node will host a newly scheduled POD.

Nodes: A Kubernetes cluster needs at least one compute node, but will normally have many. Pods are scheduled and orchestrated to run on nodes. Need to scale up the capacity of your cluster? Add more nodes.

Pods: A pod is the smallest and simplest unit in the Kubernetes object model. It represents a single instance of an application. Each pod is made up of a container or a series of tightly coupled containers, along with options that govern how the containers are run. Pods can be connected to persistent storage in order to run stateful applications.

Container runtime engine: To run the containers, each compute node has a container runtime engine. Docker is one example, but Kubernetes supports other Open Container Initiative-compliant runtimes as well, such as rkt and CRI-O.

kubelet: Each compute node contains a kubelet, a tiny application that communicates with the control plane. The kublet makes sure containers are running in a pod. When the control plane needs something to happen in a node, the kubelet executes the action.

kube-proxy: Each compute node also contains kube-proxy, a network proxy for facilitating Kubernetes networking services. The kube-proxy handles network communications inside or outside of your cluster — relying either on your operating system’s packet filtering layer, or forwarding the traffic itself.

More CheatSheets on all Information Security and Ethical Hacking modules are at: https://play.google.com/store/apps/details?id=com.edu.hacksheet&hl=en_IN&gl=US

--

--

Hacksheets | Learn Cybersecurity

Ethical Hacking & Information Security Cheatsheets, Resources, Tools, Quizzes, and lots of free learning material.