Kubernetes : What are three main processes in worker nodes?

 Below given is detail on this 

1. Container Runtime (e.g., containerd, CRI-O, Docker in older setups)

• Actually runs the containers inside Pods.

• Pulls images, starts/stops containers, manages container lifecycle.

2. Kubelet

• The primary Kubernetes agent running on each Node.

• Talks to the API Server to get Pod specs.

• Ensures that the described containers (via Pod specs) are running in the Container Runtime.

• Collects resource usage stats and reports back to the control plane.

• Handles liveness & readiness probes.

3. Kube-proxy

• Handles Service networking on each Node.

• Implements iptables / IPVS rules so traffic to a Service IP gets forwarded to the right Pod.

• Provides basic L4 load balancing.

• Does “intelligent routing” → e.g., if a Pod needs to connect to a DB Service, kube-proxy tries to send traffic to a Pod of the DB that may be local (same node), reducing cross-node networking overhead.

⸻

🔹 Elaborated View

• When the API Server assigns a Pod to a Node:

• The Kubelet gets the PodSpec.

• Kubelet tells the Container Runtime to pull the image and run the container.

• Kube-proxy ensures that when traffic comes to a Service, it gets routed to the Pod correctly, even if it is across Nodes.

• This triad ensures Pods run, stay healthy, and can communicate seamlessly.

⸻

🔹 Communication Flow (Sequence Diagram)

Paste this in Mermaid Live Editor:

sequenceDiagram

    participant APIServer as Kubernetes API Server (Control Plane)

    participant Kubelet as Kubelet (Node Agent)

    participant CR as Container Runtime (containerd / CRI-O)

    participant KubeProxy as Kube-proxy (Service Routing)

    participant Pod as Pod/Container (App + DB)

    APIServer->>Kubelet: Assign PodSpec (App Pod needs to run)

    Kubelet->>CR: Pull image & start container

    CR->>Kubelet: Container started successfully

    Kubelet->>APIServer: Pod status updated (Running)

    Note over Kubelet,CR: Kubelet ensures Pod lifecycle <br> (start, monitor, restart if needed)

    Pod->>KubeProxy: Request DB Service

    KubeProxy->>Pod: Routes to local DB Pod if available

    KubeProxy->>OtherNode: Or forwards traffic to DB Pod on another node

    OtherNode-->>Pod: Response from DB

    Note over KubeProxy,Pod: Kube-proxy provides L4 load balancing <br> and Service-to-Pod resolution

⸻

✅ Summary:

• Kubelet = makes sure containers match what’s declared in API server.

• Container Runtime = actually runs the containers.

• Kube-proxy = makes sure services → pods traffic is routed correctly across nodes, while trying to optimize locality.

⸻