šŸ“Š NEW! Voice of Practitioners 2024: The State of Secrets in AppSec

READ REPORT

šŸ“Š NEW! Voice of Practitioners 2024: The State of Secrets in AppSec

READ REPORT

Understanding Kubernetes Architecture and Components

This is a brief overview of the components that make up the architecture behind a Kubernetes cluster with an explanation of what each one does.

This is part of a longer webinar with guest expert Tiexin Guo that explains best security practices to harden your Kubernetes clusters.

Video Transcript

so let's talk about the kubernetes components tishin can you explain how kubernetes fits together um and the components that make up that in general kubernetes is made up of two parts one is the control plane which is the rectangular on the on the left side of the of the future yeah and the other another part is the worker node on the right side so um control plane actually it makes um Global decisions I would say for the cluster for example scheduling some some tasks right so basically the control plane detects and the response to Cluster events for example when you spin up a new pod there will be an event and it's the control planes is the control planes duty to actually decide where to schedule the part to run to do that uh control player has actually multiple components the very first and the most important one is a cool API server which is the one in the very center of the rectangular basically it works as the front end to the kubernetes cluster basically it exposes API defines what you can do or how you interact with the cluster and since this is a front end actually etcd is the storage or the backend part of it which is a key value store which stores all the information about the cluster as aforementioned we have some scheduling to do and that is the job of Cooper scheduler basically it will select a node for a part to run um we also have a bunch of controller managers actually it's not just one controller manager but multiple ones different controller managers are in charge of different things for example there is a node controller manager which manages the node as the name suggests right there is also endpoint controller manager yeah um last but not least I want to mention the one on the upper right corner which is a cloud controller manager because since we are all well not all but many of us are running our clusters in our cloud provider public cloud services so we do have this Cloud controller manager which interacts with our cloud and basically when you need a storage when you need for example a load balancer this is uh what is the controller manager does yeah that wraps up the control the control plane part then let's move to the right side which is the worker node um working out there there can be multiple events of course but there are some common components which are deployed on each node for example there is this kublet which works as a agent that runs the Pod right to run the part you also have the container runtime Docker container D Etc we also need a cool proxy on each node which works as a network proxy it defines rules on each nodes so that you know the network traffic communication is allowed to the parts there are maybe a few other components that is not in the picture for example we also have a cluster DNS which is in charge of resolving the internal DNS records basically that's it