Kubernetes Introduction: Core Concepts, Architecture, and Best Practices
TL;DR: Kubernetes is the industry-standard container orchestration platform that automates deployment, scaling, and management of containerized apps. Learn the core problems it solves, the cluster architecture, the control plane components, and the essential concepts you’ll use every day.
What Kubernetes is and why it matters
Kubernetes (K8s) is an open-source platform for orchestrating containers across on-premises and cloud environments. Born from Google’s experience with Borg and Omega and stewarded by the Cloud Native Computing Foundation, Kubernetes abstracts infrastructure into a single logical pool of compute, networking, and storage so teams can run apps reliably at scale.
Problems Kubernetes solves
Monoliths versus microservices
- Monoliths are single-process apps that are simple to build but hard to scale and maintain.
- Microservices break functionality into many small, independently deployable services, which improves agility but increases operational complexity.
Port-sharing conflicts
- Traditional hosts block multiple apps from listening on the same port.
- Kubernetes assigns each Pod a unique cluster-routable IP, so many Pods can listen on the same port without collisions.
Manual scaling and management
- Before orchestration, scaling required manual provisioning and load-balancer changes.
- Kubernetes automates lifecycle tasks: health checks, restarts, rescheduling, and horizontal scaling based on metrics like CPU and memory.
Architecture overview
Cluster
A cluster is a group of nodes (physical or virtual) that run your workloads and share cluster resources.
Control plane - The brains behind it all
The Control Plane makes global decisions and enforces the cluster’s desired state. Production clusters typically run multiple control plane nodes for high availability.
Worker nodes - The muscles that do the work
Worker nodes run your application Pods using a container runtime such as containerd or CRI-O. Worker nodes can be Linux or Windows; control plane nodes should run Linux in production.
Control plane components explained
API server
- The cluster’s frontend and single entry point for all requests.
- Handles authentication, authorization, validation, and persists changes through the cluster’s datastore.
etcd
- A distributed, highly available key-value store that is the cluster’s source of truth.
- Uses RAFT consensus to keep data consistent across replicas; only the API Server talks directly to etcd.
Scheduler
- Chooses which worker node will host a new Pod by filtering and ranking nodes based on resources and policies like taints, tolerations, and affinity.
- Marks Pods Pending when no suitable node is available.
Controller manager
- Runs reconciliation loops that compare observed state to desired state and take corrective actions.
- Includes controllers such as Node Controller and Replication Controller to ensure availability and connectivity.
Key concepts for new users
Kubernetes Cluster
A Kubernetes cluster is a group of computers (physical or virtual machines) that are represented to developers as a single cohesive slab of computing power. It is divided into two main sections: the control plane (the “brains”), which makes global decisions like scheduling, and worker nodes (the “muscles”), which run the actual containerized applications.
Kubernetes Operator
A Kubernetes operator is a method of packaging and managing complex, stateful applications by encoding specific operational knowledge into a custom controller. It extends the Kubernetes API by using Custom Resource Definitions (CRDs), allowing you to manage specialized software (like a database) using standard Kubernetes commands as if it were a built-in feature.
Kubernetes Node
A Kubernetes node is an individual worker machine where Pods are deployed and run. Every node must run three critical components: the kubelet (an agent that ensures containers are healthy), the container runtime (software like containerd that executes containers), and the kube-proxy (which manages network rules for traffic).
Kubernetes Pod
A Kubernetes pod is the smallest and most basic unit of computation that you can create and manage. A Pod provides a shared execution environment for its containers, meaning all containers in the same Pod share the same IP address, port space, and storage volumes. Containers within a single Pod can communicate with each other directly using localhost.
Kubernetes Secrets
Kubernetes secrets are objects used to store sensitive data like passwords, API keys, or certificates separately from your application code. It is critical to note that Kubernetes Secrets are base64-encoded by default, not encrypted, meaning they are not secure unless you implement additional measures like encryption-at-rest or an external vault solution.
Kubernetes Service
A Kubernetes service provides a stable network endpoint (a fixed IP and DNS name) for a group of Pods. Because Pods are “mortal” and their IP addresses change when they are replaced, a Service acts as a reliable front-end that load balances traffic across a dynamic set of healthy backend Pods.
Kubectl
Kubectl is the primary command-line tool used to communicate with the API server of a Kubernetes cluster. It allows you to perform declarative operations, where you tell the cluster your “desired state” (e.g., “I want 3 replicas of this app”) using a YAML file, and Kubernetes works to implement that state.
Minikube
Minikube is a lightweight tool designed for local development and learning that runs a single-node Kubernetes cluster inside a virtual machine or container on your laptop. It is an ideal way for beginners to experiment with Kubernetes features without the cost or complexity of a full cloud-based infrastructure.
Simple analogy to remember
Think of a Kubernetes cluster as a large automated pizza franchise:
- Control Plane = Central Management Office; API Server = receptionist; etcd = filing cabinet of orders; Scheduler = dispatcher; Controller Manager = quality supervisor.
- Worker Nodes = individual kitchens; Kubelet = on-site kitchen manager; Pods/Containers = pizzas and chefs.
- The Pod IP system is like giving each delivery driver a unique GPS coordinate so deliveries never collide.
Back to The architect’s roadmap to mastering kubernetes series index