Kubernetes (K8s) is the de facto container orchestration platform, managing containerised workloads across a cluster of nodes. The Control Plane — comprising the API Server, etcd, Scheduler, and Controller Manager — maintains desired state. Worker Nodes run the kubelet, kube-proxy, and a container runtime (containerd) and host application Pods. Key abstractions include Deployments (declarative rollouts), Services (stable network endpoints), Ingress (HTTP routing), and the Horizontal Pod Autoscaler (HPA) for traffic-driven scaling.

Key Points

  • The API Server is the single entry point for all cluster operations — all components (kubectl, controllers, kubelet) communicate exclusively through the API Server, which persists state to etcd.
  • etcd is a distributed key-value store (Raft consensus, typically 3 or 5 nodes) — back it up frequently; losing etcd without a backup means losing the entire cluster state.
  • The Scheduler assigns Pods to Nodes based on resource requests, node affinity/anti-affinity, taints/tolerations, and topology spread constraints — never rely on default scheduling for latency-sensitive workloads.
  • Always set resource requests (for scheduling) and limits (for cgroup enforcement): without requests, the scheduler cannot bin-pack correctly; without limits, a single pod can starve others.
  • HPA scales Deployment replicas based on CPU/memory (via Metrics Server) or custom metrics (via KEDA + external sources like SQS queue depth, Kafka lag).
  • Ingress controllers (nginx, AWS ALB Ingress Controller, Traefik) implement the Ingress resource — without a controller, the Ingress object has no effect.
  • PodDisruptionBudget (PDB) guarantees minimum available replicas during voluntary disruptions (node drain, cluster upgrade) — set `minAvailable: 1` for all production Deployments.
  • Kubernetes RBAC uses Roles (namespace-scoped) and ClusterRoles (cluster-wide), bound to ServiceAccounts via RoleBindings — follow least-privilege; avoid binding ServiceAccounts to `cluster-admin`.
Kubernetes Cluster Architecture CONTROL PLANE API Server kube-apiserver etcd Cluster State Store Scheduler kube-scheduler Controller Manager kube-controller-mgr Cloud Controller Manager EKS / AKS / GKE integration kubectl / Admission Webhooks / CRDs WORKER NODE 1 kubelet Node agent kube-proxy iptables / eBPF Pod A container sidecar Pod B container init-ctr containerd runtime WORKER NODE 2 kubelet Node agent kube-proxy iptables / eBPF Pod C container envoy Pod D container envoy containerd runtime KEY KUBERNETES OBJECTS Deployment Desired replicas Rolling updates Rollback support Service ClusterIP / NodePort LoadBalancer Stable DNS endpoint Ingress HTTP/S routing TLS termination nginx / ALB controller HPA / KEDA CPU / memory based Custom metrics (SQS, Kafka) Scale 0 → N replicas

Kubernetes cluster: Control Plane components and Worker Nodes hosting Pods, with key API objects

Real-World Example

Airbnb runs 1,000+ microservices on EKS, using HPA with custom Datadog metrics (request queue depth) to scale from 50 to 3,000 pods within 3 minutes during peak booking traffic.