Demystifying Kubernetes Architecture: From Master to Service

Kubernetes Architecture Overview

Kubernetes is a platform for managing container clusters. Each cluster has a Master that controls and manages the Nodes, while Nodes run one or more Pods, the smallest deployable unit that can contain multiple Docker containers.

The Master communicates with Nodes via kubectl , which sends commands to the APIServer. The APIServer handles CRUD operations for core objects such as Pods, Services, and ReplicationControllers, and acts as the hub for data exchange between modules.

APIServer Layered Architecture

API Layer: Provides RESTful APIs for resource CRUD, health checks, UI, logging, and metrics.

Access Control Layer: Performs authentication and authorization, applying admission control policies.

Registry Layer: Stores all resource objects (Pod, Service, Deployment, etc.) in the registry.

etcd Database: Persists the key‑value data of Kubernetes resources.

When kubectl create is used, the request passes through these layers, is validated, stored in etcd, and triggers events that other components watch.

Controller Manager, Scheduler, and kubelet

The Controller Manager contains multiple controllers (e.g., ReplicationController) that watch APIServer events and ensure the desired state of resources. The Scheduler watches newly created Pods, selects suitable Nodes based on scheduling algorithms, and records the binding in etcd. The kubelet runs on each Node, watches APIServer for Pod updates, pulls container images, and starts the containers.

Service and kube‑proxy

Service provides a stable ClusterIP and port for Pods to access each other. Internally, kube‑proxy runs on every Node, creating iptables rules to forward Service traffic to the appropriate Pod endpoints.

Example: Deploying Tomcat and MySQL

Assume we deploy a Tomcat application with two replicas and a MySQL service with a single replica. The following YAML defines the MySQL ReplicationController:

apiVersion: V1
kind: ReplicationController
metadata:
  name: mysql # RC name, globally unique
spec:
  replicas: 1 # desired number of Pod replicas
  selector:
    app: mysql
  template:
    metadata:
      labels:
        app: mysql
    spec:
      containers:
        - name: mysql
          image: mysql
          ports:
            - containerPort: 3306
          env:
            - name: MYSQL_ROOT_PASSWORD
              value: "123456"

Creating this RC with kubectl create -f mysql-rc.yaml results in a MySQL Pod scheduled onto a Node.

The corresponding Service definition exposes MySQL internally:

apiVersion: v1
kind: Service # creates a Service object
metadata:
  name: mysql
spec:
  ports:
    - port: 3306 # Service port
  selector:
    app: mysql

Similarly, the Tomcat ReplicationController and Service are defined (the Service includes a nodePort to expose the application outside the cluster):

apiVersion: V1
kind: ReplicationController
metadata:
  name: myweb
spec:
  replicas: 2 # two Tomcat instances
  selector:
    app: myweb
  template:
    metadata:
      labels:
        app: myweb
    spec:
      containers:
        - name: tomcat
          image: kubeguide/tomcat-app:v1
          ports:
            - containerPort: 8080

apiVersion: v1
kind: Service
metadata:
  name: myweb
spec:
  ports:
    - port: 8080
  nodePort: 30001 # external access port
  selector:
    app: myweb

After creating these resources, Pods can communicate via the Service ClusterIP, and external clients can reach Tomcat through NodeIP:30001. For production, a LoadBalancer Service can replace NodePort to provide a cloud‑native external IP.

Monitoring with cAdvisor

Each Node runs cAdvisor, which collects CPU, memory, filesystem, and network metrics from Docker containers. The kubelet retrieves this data and exposes it via a REST API for other components to monitor resource usage.

Summary

Kubernetes manages container clusters with a Master that includes APIServer, Scheduler, and Controller Manager. Nodes host Pods, each containing one or more containers. Users interact via kubectl and YAML configuration files. The APIServer validates requests, stores state in etcd, and coordinates components through a List‑Watch mechanism. Controller Manager ensures desired replica counts, Scheduler assigns Pods to Nodes, and kubelet creates and runs the containers. Services and kube‑proxy enable intra‑cluster communication, while LoadBalancer or NodePort expose applications externally. Together these components provide a robust platform for deploying and operating microservices at scale.