architecture

komovo · website-7c8b549745-qfbjf

sections

kubernetes architecture gitops principles kustomize storage options networking

kubernetes architecture

A Kubernetes cluster consists of a control plane and one or more worker nodes. The control plane runs the API server, scheduler, controller-manager, and etcd. Worker nodes run the kubelet, kube-proxy, and a container runtime (containerd, CRI-O, or Docker).

API server — the front-end to the cluster. All internal and external communication goes through it.
etcd — distributed key-value store that holds the cluster state.
Scheduler — assigns pods to nodes based on resource availability and constraints.
Controller-manager — runs controllers that handle replication, node health, endpoints, etc.
kubelet — the node agent that ensures containers are running in a pod.
kube-proxy — manages network rules for service-to-pod communication.

gitops principles

GitOps is a deployment model where the entire infrastructure is defined declaratively in a Git repository. An operator (like Flux or ArgoCD) continuously reconciles the cluster state with the repository state.

Single source of truth — everything is in Git, nothing is manual
Automatic sync — push a manifest, the operator applies it
Prune support — removing a file from Git removes the resource from the cluster
Rollback — revert to a previous commit to undo changes
Audit trail — every change is tracked with who, when, and why

kustomize

Kustomize is a Kubernetes-native configuration tool that lets you customize raw template-free YAML. It is built into kubectl since v1.14 and is the default configuration manager for Flux CD.

bash# create a kustomization
cat > kustomization.yaml <

storage options

HostPath — mounts a directory from the node filesystem into a pod. Simple but not portable across nodes.
PersistentVolume / PersistentVolumeClaim — decouples storage from pods. Supports many backends: NFS, iSCSI, Ceph, cloud volumes, and local-path provisioners.
local-path-provisioner — k3s ships with a built-in dynamic provisioner that creates PVCs as host directories under /var/lib/rancher/k3s/storage/.
CSI drivers — Container Storage Interface for pluggable storage backends (e.g. Rook/Ceph, Longhorn).


networking

Service types — ClusterIP (internal only), NodePort (expose on a port on every node), LoadBalancer (provision an external LB), ExternalName (DNS alias).
Ingress — HTTP/HTTPS routing with host and path-based rules. Common implementations: nginx-ingress, Traefik (built into k3s), HAProxy.
CNI plugins — Flannel, Calico, Cilium, Weave. Handle pod-to-pod networking across nodes.
Network policies — firewall rules for pod-to-pod traffic (requires a CNI that supports them, like Calico or Cilium).