Skip to content

kube-apiserver request pipeline

The kube-apiserver request pipeline refers to the sequence of security and processing stages that an API request must traverse when interacting with a Kubernetes cluster^[400-devops__06-Kubernetes__k8s-ithelp__Day28__README.md].

Overview

All interactions with a Kubernetes cluster, whether via command-line tools or other methods, pass through the kube-apiserver^[400-devops__06-Kubernetes__k8s-ithelp__Day28__README.md]. This component acts as the cluster gateway, managing all object resources and enforcing security controls^[400-devops__06-Kubernetes__k8s-ithelp__Day28__README.md].

Pipeline Stages

The request lifecycle moves from the client to persistent storage in the following order^[400-devops__06-Kubernetes__k8s-ithelp__Day28__README.md]:

  1. Authentication: The server verifies the identity of the user.
  2. Authorization: The server determines if the identified user has permission to perform the requested action.
  3. Admission Control: The server validates and potentially mutates the request object before it is persisted.

Once a request successfully passes these stages, the relevant resource changes are persisted to the ETCD database^[400-devops__06-Kubernetes__k8s-ithelp__Day28__README.md].

Sources

^[400-devops__06-Kubernetes__k8s-ithelp__Day28__README.md]