Back
Interactive Explainer

kube-apiserver Internals

How the Kubernetes API server processes requests: authentication, authorization, admission control, and storage.

🎯Key Takeaways
Pipeline: Authn → Authz → Admission → etcd
API server is stateless — scale horizontally behind a load balancer
Admission controllers: OPA/Gatekeeper or Kyverno for policy enforcement

kube-apiserver Internals

How the Kubernetes API server processes requests: authentication, authorization, admission control, and storage.

~1 min read
Be the first to complete!
What you'll learn
  • Pipeline: Authn → Authz → Admission → etcd
  • API server is stateless — scale horizontally behind a load balancer
  • Admission controllers: OPA/Gatekeeper or Kyverno for policy enforcement

API Server Request Pipeline

Every kubectl or controller request flows through: Authentication (who are you? — certs, tokens, OIDC), Authorization (are you allowed? — RBAC), Admission Controllers (mutating + validating webhooks, OPA, Kyverno), then storage to etcd. The API server is stateless — all state is in etcd.

Key takeaways

  • Pipeline: Authn → Authz → Admission → etcd
  • API server is stateless — scale horizontally behind a load balancer
  • Admission controllers: OPA/Gatekeeper or Kyverno for policy enforcement

Related concepts

Explore topics that connect to this one.

Suggested next

Often learned after this topic.

kube scheduler controller manager

Ready to see how this works in the cloud?

Switch to Career Paths for structured paths (e.g. Developer, DevOps) and provider-specific lessons.

View role-based paths

Sign in to track your progress and mark lessons complete.

Continue learning

kube scheduler controller manager

Discussion

Questions? Discuss in the community or start a thread below.

Join Discord

In-app Q&A

Sign in to start or join a thread.