Skip to main content

Kube-ApiServer

The kubectl command communicates with the Kube-APIServer and nothing else. We could also invoke the APIs directly with a POST command without using kubectl, although rarely used, it's perfectly possible.

The Kube-APIServer is at the center of all cluster updates.

  • Authenticates the user.
  • Validates the request.
  • Retrieves data.
  • Updates ETCD (the only one that interacts with ETCD).
  • Kube-Controller-Manager, Kube-Scheduler and Kubelet use the Kube-APIServer to make updates in the cluster in their respective areas.

The Kube-APIServer, like all Kubernetes components, is available as a binary.

https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.29.md#client-binaries

All Kubernetes cluster components need to know where the other components are. There are different methods of authentication, authorization, encryption and security. That's why there are so many configuration options for these binaries.

Alt text

The parameters passed to the Kube-APIServer depend on how the cluster was set up. If you use a kubeadm tool to initialize the cluster, the Kube-APIServer will come up as a static pod in the kube-system namespace. Using another method could be different, such as coming up as a systemd service on master nodes.

Alt text

Alt text

Alt text