The Control Plane: The Brain of the Operation

[!NOTE] Why Separate Components? Kubernetes itself is built as a set of Microservices. The API Server, Scheduler, and Controller Manager are separate binaries that can run on different machines (though usually co-located for latency). This makes the Control Plane scalable and resilient.

In this chapter, we will dissect the Control Plane. We will follow the journey of a single request: “Create a Pod”.

1. The API Server (kube-apiserver)

The API Server is the central nervous system. It is the only component that directly interacts with the distributed storage (Etcd).

Functions

  1. Authentication & Authorization: “Who are you?” (User/ServiceAccount) and “Can you do this?” (RBAC).
  2. Validation: “Is your YAML correct?” (Schema validation).
  3. Admission Control: “Should we allow this?” (e.g., ResourceQuotas, Policy checks).
  4. REST Interface: Exposes the API for kubectl, controllers, and other components.

The “Hub and Spoke” Pattern

Every other component (Scheduler, Kubelet, Controller Manager) watches the API Server for changes. They do not talk to each other directly.

  • The Scheduler watches for Pods with nodeName: "" (empty).
  • The Kubelet watches for Pods assigned to its node.

2. Etcd

Etcd is the memory of the cluster.

What is it?

A distributed, consistent key-value store. It uses the Raft Consensus Algorithm to ensure that all nodes in the Etcd cluster agree on the data.

Why not SQL?

  • Simple Data Model: K8s resources are hierarchical (JSON/YAML), which maps perfectly to a key-value store (like a file system).
  • Watch Mechanism: Etcd allows clients to “watch” keys for changes. This is the foundation of Kubernetes’ “Controller Pattern”. When a key changes, the API Server is notified instantly.

3. The Scheduler (kube-scheduler)

The Scheduler is the decision maker. It decides where a Pod should run.

The Scheduling Cycle

  1. Queue: Pending Pods are added to a scheduling queue.
  2. Filter (Predicates): Removes nodes that don’t meet requirements (e.g., “Node A doesn’t have enough RAM”).
  3. Score (Priorities): Ranks the remaining nodes (e.g., “Node B is better because the container image is already cached there”).
  4. Bind: The Scheduler sends a request to the API Server to update the Pod object: nodeName: "Node-B".

4. The Controller Manager (kube-controller-manager)

The Controller Manager is the tireless worker. It runs a loop that constantly compares the Current State with the Desired State.

Key Controllers

  • Node Controller: Checks if nodes are healthy. If a node stops sending heartbeats, it marks it NotReady.
  • Replication Controller: Ensures the correct number of Pod replicas are running.
  • Endpoint Controller: Populates Service objects with the IPs of backing Pods.

5. Interactive: The Pod Creation Lifecycle

What happens when you run kubectl apply -f pod.yaml? Click the “Start Request” button to trace the flow.

Waiting for command...
User (kubectl)
API Server
Etcd
Scheduler
Kubelet

6. Cloud Controller Manager (CCM)

If you are running on AWS, GCP, or Azure, the CCM is the bridge between Kubernetes and the Cloud Provider API.

  • Role: Talk to the Cloud Provider.
  • Tasks:
  • Create Load Balancers (when you create a Service of type LoadBalancer).
  • Manage storage volumes (EBS, PD).
  • Check if a node has been deleted from the cloud console.

In the next chapter, we look at the other side of the equation: the Worker Node Components.