The Worker Node: Where the Magic Happens

The Worker Node is the factory floor. This is where your applications actually run. While the Control Plane makes the decisions, the Worker Nodes execute them.

1. Kubelet: The Captain

The Kubelet is an agent that runs on each node in the cluster. It is the primary point of contact between the Control Plane (API Server) and the Node.

Responsibilities

  1. Register Node: When the Kubelet starts, it registers the node with the API Server.
  2. Watch API Server: It constantly polls the API Server for PodSpecs that are assigned to its node.
  3. Manage Pod Lifecycle:
    • Talks to the Container Runtime (CRI) to pull images and start containers.
    • Mounts Volumes (CSI).
    • Configures Networking (CNI).
    • Runs Probes (Liveness/Readiness) to ensure containers are healthy.
  4. Report Status: Updates the API Server with the current status of the Pods and the Node.

[!IMPORTANT] Static Pods: The Kubelet can also run “Static Pods” defined by files in a local directory (/etc/kubernetes/manifests), bypassing the API Server. This is often used to bootstrap the Control Plane components themselves!

2. Kube-proxy: The Network Switch

Kube-proxy maintains network rules on each node. It implements the Kubernetes Service concept.

How it works

When you create a Service (e.g., a LoadBalancer or ClusterIP), Kube-proxy configures the node’s network rules to forward traffic to the correct backend Pods.

Modes

  1. iptables (Default): Uses Linux iptables to route traffic. Simple, but can get slow with thousands of services (O(N) lookup).
  2. IPVS (IP Virtual Server): Uses the Linux kernel’s IPVS module (based on Netfilter). Much faster for large clusters (O(1) lookup).

3. Container Runtime Interface (CRI)

Kubernetes does not run containers directly. It talks to a Container Runtime via the CRI (Container Runtime Interface).

  • Docker Shim: In the past, K8s used Docker directly. Now, it uses a standardized interface.
  • containerd: An industry-standard container runtime (graduated CNCF project).
  • CRI-O: Lightweight runtime for Kubernetes.

4. Interactive: The Kubelet Loop Simulator

You are the Kubelet. Your goal is to reconcile the Desired State (from API Server) with the Actual State (on the Node).

DESIRED STATE (API)
0 Replicas
ACTUAL STATE (NODE)
0 Running
Worker Node Runtime
Waiting for instructions...

5. Summary

  • Kubelet: The manager of the node.
  • CRI: The interface to run containers (containerd/CRI-O).
  • Kube-proxy: The interface to route traffic (iptables/IPVS).

These three components run on every worker node in your cluster.

Next, we will look at Etcd, the brain where all this state is stored.