If you know only thebasics of Kubernetes, you know it’s anopen source container orchestration platform designed for running distributed applications and services at scale. But you might not understand its components and how they interact.

Let’s take a brief look at the design principles that underpin Kubernetes, then explore how the different components of Kubernetes work together.

The design of a Kubernetes cluster is based on 3 principles, as explained in theKubernetes implementation details.

A Kubernetes cluster should be:

• Secure. It should follow the latest security best-practices.
• Easy to use. It should be operable using a few simple commands. 
• Extendable. It shouldn’t favor one provider and should be customizable from a configuration file.

A working Kubernetes deployment is called acluster. You can visualize a Kubernetes cluster as two parts: the control plane and the compute machines, or nodes. Each node is its ownLinux® environment, and could be either a physical orvirtual machine. Each node runs pods, which are made up ofcontainers.

This diagram shows how the parts of a Kubernetes cluster relate to one another:

Control plane

Let’s begin in the nerve center of our Kubernetes cluster: The control plane. Here we find the Kubernetes components that control the cluster, along with data about the cluster’s state and configuration. These core Kubernetes components handle the important work of making sure your containers are running in sufficient numbers and with the necessary resources. 

The control plane is in constant contact with your compute machines. You’ve configured your cluster to run a certain way. The control plane makes sure it does.

kube-apiserver

Need to interact with your Kubernetes cluster? Talk to the API. TheKubernetes API is the front end of the Kubernetes control plane, handling internal and external requests. The API server determines if a request is valid and, if it is, processes it. You can access the API through REST calls, through the kubectl command-line interface, or through other command-line tools such as kubeadm.

kube-scheduler

Is your cluster healthy? If new containers are needed, where will they fit? These are the concerns of the Kubernetes scheduler.

The scheduler considers the resource needs of a pod, such as CPU or memory, along with the health of the cluster. Then it schedules the pod to an appropriate compute node.

kube-controller-manager

Controllers take care of actually running the cluster, and the Kubernetes controller-manager contains several controller functions in one. One controller consults the scheduler and makes sure the correct number of pods is running. If a pod goes down, another controller notices and responds. A controller connects services to pods, so requests go to the right endpoints. And there are controllers for creating accounts and API access tokens.

etcd

Configuration data and information about the state of the cluster lives inetcd, a key-value store database. Fault-tolerant and distributed, etcd is designed to be the ultimate source of truth about your cluster.

Nodes

A Kubernetes cluster needs at least one compute node, but will normally have many. Pods are scheduled and orchestrated to run on nodes. Need to scale up the capacity of your cluster? Add more nodes.

Pods

A pod is the smallest and simplest unit in the Kubernetes object model. It represents a single instance of anapplication. Each pod is made up of a container or a series of tightly coupled containers, along with options that govern how the containers are run. Pods can be connected to persistent storage in order to run stateful applications.

Container runtime engine

To run the containers, each compute node has a container runtime engine.Docker is one example, but Kubernetes supports other Open Container Initiative-compliant runtimes as well, such as rkt and CRI-O.

kubelet

Each compute node contains a kubelet, a tiny application that communicates with the control plane. The kublet makes sure containers are running in a pod. When the control plane needs something to happen in a node, the kubelet executes the action.

kube-proxy

Each compute node also contains kube-proxy, a network proxy for facilitating Kubernetes networking services. The kube-proxy handles network communications inside or outside of your cluster—relying either on your operating system’s packet filtering layer, or forwarding the traffic itself.

Persistent storage

Beyond just managing the containers that run an application, Kubernetes can also manage the application data attached to a cluster. Kubernetes allows users to request storage resources without having to know the details of the underlying storage infrastructure. Persistent volumes are specific to a cluster, rather than a pod, and thus can outlive the life of a pod.

Container registry

The container images that Kubernetes relies on are stored in a container registry. This can be a registry you configure, or a third party registry.

Underlying infrastructure

Where you run Kubernetes is up to you. This can be bare metal servers, virtual machines, public cloud providers, private clouds, andhybrid cloud environments. One of Kubernetes’s key advantages is it works on many different kinds of infrastructure.

This simplified overview of Kubernetes architecture just scratches the surface. As you consider how these components communicate with each other—and with external resources and infrastructure—you can appreciate the challenges of configuring andsecuring a Kubernetes cluster.

Kubernetes offers the tools to orchestrate a large and complex containerized application, but it also leaves many decisions up to you. You choose the operating system, container runtime,continuous integration/continuous delivery (CI/CD) tooling, application services, storage, and most other components. There’s also the work of managing roles, access control,multitenancy, and secure default settings. Additionally, you can choose to run Kubernetes on your own or work with a vendor who can provide a supported version.

This freedom of choice is part of the flexible nature of Kubernetes. While it can be complex to implement, Kubernetes gives you tremendous power to run containerized applications on your own terms, and to react to changes in your organization with agility.

Build cloud-native applications with Kubernetes

Watch this webinar series to get expert perspectives to help you establish the data platform on enterprise Kubernetes you need to build, run, deploy, and modernize applications. 

Red Hat is a leader and active builder ofopen source container technology, including Kubernetes, and creates essential tools forsecuring, simplifying, and automatically updating your container infrastructure. 

Red Hat® OpenShift® is an enterprise-grade Kubernetes distribution. With Red Hat OpenShift, teams gain a single, integrated platform forDevOps. Red Hat OpenShift offers developers their choice of languages, frameworks,middleware, and databases, along with build and deployautomation through CI/CD to supercharge productivity. Also available is a data and storage services platform engineered for containers, Red Hat OpenShift Data Foundation.

• Blog post

  Reduce risk in Kubernetes: How to separate admin roles for safer, compliant operations

• Checklist

  5 benefits of Red Hat Enterprise Linux for Microsoft Azure

• Case study

  Meet the 7 customers innovating with Red Hat technologies

• Case study

  Optimizing container-based development and VM provisioning

• What is a Linux container?
• What is container orchestration?
• Stateful vs stateless applications
• What is Kubernetes?
• Red Hat OpenShift on VMware
• What is KubeVirt?
• Why use Red Hat Ansible Automation Platform with Red Hat OpenShift?
• What is Podman Desktop?
• What is Podman?
• What is the Kubernetes Java client?
• What are hosted control planes?
• What is kubernetes security?
• Red Hat OpenShift for developers
• Containers vs VMs
• Edge computing with Red Hat OpenShift
• How Kubernetes can help AI/ML
• What is Kubeflow?
• What are microservices?
• What is container security?
• OpenShift vs. OpenStack: What are the differences?
• What are sandboxed containers
• what is Buildah?
• Kubernetes vs OpenStack
• What are validated patterns?
• Kubernetes on AWS: Self-Managed vs. Managed Applications Platforms
• What is an image builder?
• Red Hat OpenShift vs. OKD
• Red Hat OpenShift vs. Kubernetes: What's the difference?
• What is high availability and disaster recovery for containers?
• Why run Apache Kafka on Kubernetes?
• Spring on Kubernetes with Red Hat OpenShift
• What is a golden image?
• What are Red Hat OpenShift cloud services?
• VNF and CNF, what’s the difference?
• What is a container registry?
• What is Skopeo?
• What are Red Hat OpenShift Operators?
• Using Helm with Red Hat OpenShift
• Kubernetes security best practices
• Orchestrating Windows containers on Red Hat OpenShift
• What is a Kubernetes operator?
• High performance computing with Red Hat OpenShift
• Advantages of Kubernetes-native security
• What is KubeLinter?
• Container and Kubernetes compliance considerations
• Intro to Kubernetes security
• How microservices support IT integration in healthcare
• Kubernetes cluster management
• Red Hat OpenShift on IBM IT infrastructure
• Red Hat OpenShift for business leaders
• How to deploy Red Hat OpenShift
• Cost management for Kubernetes on Red Hat OpenShift
• What makes Red Hat OpenShift the right choice for SAP?
• Why choose Red Hat for Kubernetes?
• Kubernetes-native Java development with Quarkus
• What is enterprise Kubernetes?
• What makes Red Hat OpenShift the right choice for IT operations?
• What is Kubernetes role-based access control (RBAC)
• What is containerization?
• What was CoreOS and CoreOS container Linux
• Learning Kubernetes basics
• What is service-oriented architecture?
• What is the Kubernetes API?
• What is Kubernetes cluster management?
• What is a Kubernetes deployment?
• Why choose the Red Hat build of Quarkus?
• What is CaaS?
• Introduction to Kubernetes patterns
• What is a Kubernetes cluster?
• What is Quarkus?
• What is Jaeger?
• What is container-native virtualization?
• What is Clair?
• What is Knative?
• What is etcd?
• Why choose Red Hat for microservices?
• Why choose Red Hat for containers?
• What is Docker?
• What is a Kubernetes pod?