graph TD;
Master[Master Node] --> KubeAPI[Kubernetes API Server]
Master --> Scheduler
Master --> ControllerManager[Controller Manager]
Worker[Worker Node] --> Kubelet["Kubelet (Worker Node)"]
Master <-.-> Worker
KubeAPI --> Etcd[Etcd Key-Value Store]
ControllerManager --> CloudProvider[Cloud Provider]
Kubelet --> ContainerRuntime[Container Runtime]
Kubelet --> KubeProxy[Kube Proxy]
Kubelet --> CNI[CNI Plugin]
- Namespace Controller: Manages namespaces, ensuring their creation, deletion, and updates. It watches the API server for Namespace objects and takes action accordingly, coordinating with other controllers to ensure resources are appropriately assigned to namespaces.
-
Deployment Controller: Maintains the desired number of replica pods specified in a Deployment object by creating, updating, or deleting ReplicaSets. It continuously monitors the state of pods and reconciles any discrepancies.
-
DaemonSet Controller: Ensures that a pod runs on each node in the cluster. It creates pods on newly added nodes and removes them from nodes that are being removed from the cluster.
-
StatefulSet Controller: Manages stateful applications by providing stable, unique network identifiers and persistent storage for each pod. It ensures that pods are created or updated in a specific order to maintain application state consistency.
-
CronJob Controller: Schedules and manages the execution of Jobs at specific times or intervals defined in CronJob objects. It creates Job objects based on the schedule and cleans up completed Jobs according to the specified history limit.
-
Job Controller: Manages the lifecycle of batch Jobs, ensuring completion and cleanup upon success or failure. It creates and tracks Job objects, managing retries and parallelism.
- Ephemeral Volume Controller: Manages ephemeral volumes attached to pods, ensuring that volumes are properly mounted and unmounted as pods are created, updated, or deleted.
- Persistent Volume Controllers (Binder, Attacher, Expander, Protection): Handle the lifecycle and management of persistent volumes and their claims. The Binder binds PersistentVolumeClaims to PersistentVolumes, the Attacher attaches volumes to nodes, the Expander dynamically resizes volumes, and the Protection controller ensures that volumes are not accidentally deleted.
-
Horizontal Pod Autoscaler Controller: Monitors the resource utilization of pods and adjusts the number of replica pods in a Deployment, ReplicaSet, or StatefulSet based on observed CPU or custom metrics. It scales pods in or out to maintain the desired resource utilization.
-
ReplicaSet Controller: Ensures a stable set of replica pods is running at any given time for stateless applications. It creates or deletes pods as needed to match the desired replica count specified in the ReplicaSet object.
-
ReplicationController Controller: Legacy controller for maintaining a specified number of replica pods. It creates or deletes pods to match the desired count, being gradually replaced by ReplicaSets.
-
Service Account Controller: Manages service accounts within namespaces, creating, updating, or deleting them as necessary.
-
Service Account Token Controller: Creates and manages tokens for service accounts, ensuring that tokens are rotated periodically and revoked when necessary.
-
Endpoints Controller: Populates the Endpoints object (that is, the set of actual IPs and ports where the service can be accessed) for Services by watching for changes in service selectors and pod IPs.
-
Service Load Balancer Controller: Manages external load balancers for services, ensuring that load balancers are provisioned and configured correctly to route traffic to service endpoints.
-
Service CIDR Controller: Manages IP ranges for services, assigning and releasing IP addresses within the specified CIDR range.
-
Endpointslice Mirroring Controller: Ensures consistency between EndpointSlice objects across the cluster by mirroring changes made to Endpoints objects.
-
EndpointSlice Controller: Manages EndpointSlice objects, which provide more efficient representation and manipulation of endpoints for large services.
-
Bootstrap Signer Controller: Manages the signing of bootstrapping requests for new nodes joining the cluster, ensuring that nodes are authenticated and authorized.
-
Certificate Signing Request (CSR) Controllers (Approving, Cleaner, Signing): Manages the lifecycle of certificate signing requests. The Approving controller approves certificate signing requests, the Cleaner controller removes expired requests, and the Signing controller signs certificate requests with the appropriate CA.
-
Root CA Certificate Publisher Controller: Distributes root CA certificates to nodes, ensuring that nodes trust the cluster's CA for secure communication.
-
Cloud Node Lifecycle Controller: Manages the lifecycle of cloud provider nodes, provisioning, deleting, and updating nodes as needed.
-
Cluster Role Aggregation Controller: Aggregates cluster roles across the cluster, allowing for a simplified RBAC setup.
-
Node Lifecycle Controller: Handles node lifecycle events such as adding, removing, and updating nodes, ensuring that the cluster maintains the desired number of nodes and that nodes are properly configured.
-
Disruption Controller: Ensures that cluster disruptions adhere to specified policies, such as draining nodes for maintenance without disrupting workloads.
-
Garbage Collector Controller: Cleans up unused resources in the cluster, reclaiming resources and ensuring efficient resource utilization.
-
Node IPAM Controller: Manages IP address assignment for nodes, ensuring that nodes have unique and consistent IP addresses.
-
Legacy Service Account Token Cleaner Controller: Cleans up legacy service account tokens, removing tokens that are no longer needed.
-
Node Route Controller: Manages routes on nodes, configuring network routing to ensure proper communication between nodes and pods.
-
Resource Claim Controller: Manages resource claims in the cluster, ensuring that resources are allocated fairly and according to specified quotas.
-
Resource Quota Controller: Enforces resource usage quotas, preventing resource exhaustion and ensuring fair resource distribution.
-
Storage Version Garbage Collector Controller: Cleans up deprecated storage versions, ensuring that only supported storage versions are used in the cluster.
-
Taint Eviction Controller: Evicts pods from nodes based on node taints, ensuring that pods are only scheduled on nodes that meet specific requirements.
-
Token Cleaner Controller: Cleans up tokens, removing tokens that are no longer needed.
-
TTL Controllers (After Finished, TTL): Implements time-to-live for resources, automatically deleting resources after a specified duration.
-
Validating Admission Policy Status Controller: Manages the status of validating admission policies, ensuring that admission control policies are applied correctly and reporting any issues with policy enforcement.