Key Takeaways
- βControl plane orchestrates, worker nodes execute workloads
- βetcd stores the entire cluster state - back it up regularly
- βPods + namespaces = isolation and organization of containerized applications
Kubernetes architecture relies on a clear separation between the control plane and worker nodes. Understanding this architecture is the first step toward understanding container orchestration. According to the CNCF Annual Survey 2025, 82% of container users run Kubernetes in production. This massive adoption requires a solid understanding of fundamental components.
TL;DR: Kubernetes architecture revolves around the control plane (cluster brain) that orchestrates pods (execution units) organized in namespaces (isolated logical spaces). Mastering these three concepts enables efficient design, deployment, and maintenance of cloud-native applications.
To discover these concepts with hands-on exercises, explore the Kubernetes Fundamentals training.
What is Kubernetes architecture?
Kubernetes architecture is a distributed system designed to orchestrate containerized applications at scale. It follows a declarative model: you define the desired state, Kubernetes maintains it.
Key takeaway: Kubernetes continuously compares the cluster's current state to the desired state and makes necessary adjustments automatically.
This architecture divides into two distinct layers:
| Layer | Role | Main Components |
|---|---|---|
| Control Plane | Decisions and orchestration | kube-apiserver, etcd, scheduler, controller-manager |
| Data Plane | Workload execution | kubelet, kube-proxy, container runtime |
The first Kubernetes commit dates from June 6, 2014, with 250 files and 47,501 lines of code. Version 1.0 was released on July 21, 2015.
How does the Kubernetes control plane work?
The Kubernetes control plane constitutes the cluster's brain. It makes all global decisions: pod scheduling, failure detection, event response.
kube-apiserver: the single entry point
The kube-apiserver is the control plane's frontend component. All communication goes through it:
# Check cluster state via the API
kubectl cluster-info
# Query the API server directly
kubectl get --raw /api/v1/namespaces
The API server validates each request, applies admission policies, and persists state in etcd.
etcd: the cluster's memory
etcd is a distributed key-value database that stores the entire cluster state. Without etcd, Kubernetes cannot function.
# Typical etcd configuration
apiVersion: v1
kind: Pod
metadata:
name: etcd
spec:
containers:
- name: etcd
image: registry.k8s.io/etcd:3.5.10-0
command:
- etcd
- --data-dir=/var/lib/etcd
Key takeaway: Back up etcd regularly. Losing etcd means complete loss of cluster configuration.
kube-scheduler: intelligent assignment
The kube-scheduler determines which node to run each pod on. It evaluates available resources, affinity constraints, and priority policies.
kube-controller-manager: the reconciliation loop
This component runs controllers that maintain the desired state:
- ReplicaSet controller: maintains requested replica count
- Node controller: monitors node health
- Endpoint controller: populates Endpoints objects
- Service Account controller: creates default accounts
To deepen control plane administration, check our complete Kubernetes Training guide.
What is a pod in Kubernetes architecture?
A pod is the smallest deployable unit in Kubernetes. It encapsulates one or more containers that share network and storage.
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
namespace: production
spec:
containers:
- name: nginx
image: nginx:1.27
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
Essential pod characteristics
| Property | Description |
|---|---|
| Ephemeral | Pods can be deleted and recreated at any time |
| Unique IP address | Each pod receives an IP in the cluster network |
| Shared volumes | Containers in a pod access the same volumes |
| Namespace | A pod belongs to a single namespace |
Key takeaway: Never deploy pods directly in production. Use Deployments or StatefulSets that manage their lifecycle.
IT teams spend an average of 34 work days per year resolving Kubernetes problems according to Cloud Native Now. Understanding pods significantly reduces this time.
To discover pod management, check Kubernetes fundamentals for beginners.
How do namespaces organize Kubernetes architecture?
A namespace is a logical name space that segments cluster resources. It enables isolation, access control, and quota management.
# List existing namespaces
kubectl get namespaces
# Create a namespace
kubectl create namespace staging
# Deploy in a specific namespace
kubectl apply -f deployment.yaml -n staging
Default namespaces
Kubernetes creates four initial namespaces:
| Namespace | Usage |
|---|---|
| default | Resources without explicit namespace |
| kube-system | Kubernetes system components |
| kube-public | Publicly accessible resources |
| kube-node-lease | Lease objects for node health detection |
Namespacing best practices
Isolate environments: create distinct namespaces for dev, staging, and production.
apiVersion: v1
kind: ResourceQuota
metadata:
name: production-quota
namespace: production
spec:
hard:
requests.cpu: "10"
requests.memory: 20Gi
limits.cpu: "20"
limits.memory: 40Gi
pods: "50"
Apply Network Policies to control inter-namespace traffic:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-cross-namespace
namespace: production
spec:
podSelector: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
environment: production
What is the relationship between control plane and worker nodes?
Worker nodes execute workloads orchestrated by the control plane. Each node contains three essential components.
kubelet: the node agent
The kubelet runs on each worker node. It receives pod specifications from the control plane and ensures their execution.
# Check kubelet state
systemctl status kubelet
# kubelet logs
journalctl -u kubelet -f
kube-proxy: the service network
kube-proxy maintains network rules on each node. It enables communication between services via iptables or IPVS.
Container runtime: container execution
The runtime (containerd, CRI-O) actually executes containers. Kubernetes communicates with it via the CRI (Container Runtime Interface).
According to the Spectro Cloud 2025 report, 80% of organizations run Kubernetes in production with an average of 20+ clusters per company.
How to visualize Kubernetes architecture in practice?
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β CONTROL PLANE β
β βββββββββββββββ ββββββββββββ ββββββββββββββββββββββββ β
β β kube-apiserver β β etcd β β controller-manager β β
β βββββββββββββββ ββββββββββββ ββββββββββββββββββββββββ β
β ββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
β β kube-scheduler β β cloud-controller-manager β β
β ββββββββββββββββββ βββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β WORKER NODES β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Node 1 β β
β β βββββββββββ βββββββββββββ βββββββββββββββββββ β β
β β β kubelet β β kube-proxyβ β container runtimeβ β β
β β βββββββββββ βββββββββββββ βββββββββββββββββββ β β
β β βββββββββββββββββββββββββββββββββββββββββββββββ β β
β β β Pods (namespace: default, production, ...) β β β
β β βββββββββββββββββββββββββββββββββββββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
This architecture explains why 71% of Fortune 100 companies run Kubernetes in production.
Which commands to explore Kubernetes architecture?
# Control plane components
kubectl get --raw='/healthz?verbose'
# Node details
kubectl describe nodes
# All system pods
kubectl get pods -n kube-system
# Recent cluster events
kubectl get events --sort-by='.lastTimestamp' -A
# Resources by namespace
kubectl api-resources --namespaced=true
The Kubernetes market will reach $8.41 billion by 2031 with a CAGR of 21.85% according to Mordor Intelligence. Mastering this architecture is a career investment.
Get Hands-on with SFEIR Institute
Understanding Kubernetes architecture theoretically is not enough. Chris Aniszczyk, CNCF CTO, states:
"Kubernetes is no longer experimental but foundational. Soon, it will be essential to AI as well." β CNCF State of Cloud Native 2026
Train with practitioner experts:
- Kubernetes Fundamentals: discover architecture and key concepts in one intensive day
- LFS458 Kubernetes Administration: master the control plane and prepare for CKA certification
- LFD459 Kubernetes for Developers: deploy your applications and prepare for CKAD
Contact our advisors to define your Kubernetes training path.