Apr 22
Loading video player...
You type kubectl run nginx. Three seconds later, the pod is Running. But in those three seconds — seven Kubernetes components, 23 distinct steps. This video opens the black box. We trace every single step: kubectl parsing argv, TCP + TLS 1.3 to the API server, authentication, RBAC, mutating and validating admission chains, the etcd Raft quorum write, scheduler filter + score + bind, kubelet SyncPod, CRI sandbox creation, CNI networking, image pull, container create, runc with clone3 + namespaces + seccomp, PLEG reporting via CRI event streams, and the finalstatus patch back to the API server. 🎬 Interactive version (play, pause, jump to any step): https://kubernetes-explained.vercel.app/pod 🔎 What you'll learn • What kubectl actually builds vs what the API server fills in (defaulting) • Why TLS 1.3 + mTLS is the default authentication story • The full mutating → schema → validating admission chain in order • How the etcd Raft quorum guarantees your pod is durable before the 201 Created • Exactly which plugins the scheduler runs to pick a node • How the kubelet calls containerd over CRI, and what runc does with clone3 • Why Evented PLEG (GA since 1.30) changes how "Running" is detected 📚 Written references • Kubernetes source: https://github.com/kubernetes/kubernetes • CRI spec: https://github.com/kubernetes/cri-api • CNI spec: https://github.com/containernetworking/cni • OCI runtime spec: https://github.com/opencontainers/runtime-spec ⏱️ Chapters 0:00 Intro 0:05 kubectl parses your command 0:33 kubeconfig resolution 0:45 TCP + TLS 1.3 handshake 1:01 HTTP POST to the API server 1:18 Authentication (x509, token, OIDC, webhook) 1:41 Authorization (RBAC) 1:50 Mutating admission chain 2:07 Schema validation 2:17 Validating admission 2:35 etcd + Raft quorum write 2:53 201 Created response 3:04 Watch fanout to subscribers 3:21 Scheduler: Filter plugins 3:35 Scheduler: Score plugins 3:50 Scheduler: Bind 4:00 Kubelet SyncPod 4:07 CRI sandbox + pause container 4:22 CNI networking (veth, CIDR, routes) 4:35 Image pull from registry 4:50 Container create (OCI spec, overlayfs) 5:04 runc + namespaces + seccomp + execve 5:28 PLEG + status patch 5:45 Pod Running — recap 6:08 Subscribe · What's next 🔗 Kubesimplify Website: https://kubesimplify.com X / Twitter: https://twitter.com/kubesimplify YouTube: https://youtube.com/@kubesimplify GitHub: https://github.com/kubesimplify #Kubernetes #kubectl #DevOps #CloudNative #K8s #Kubesimplify ►►►Connect with Kubesimplify ►►► 🔗 Website: https://kubesimplify.com 📰 Newsletter: https://saiyampathak.substack.com 📖 Free E-Book (GPU+K8s): https://saiyampathak.gumroad.com/l/gpubook 💬 Discord: https://discord.gg/26Z384WSPB ► X: https://x.com/saiyampathak ► LinkedIn: https://www.linkedin.com/in/saiyampathak/ ► GitHub: https://github.com/saiyam1814 ► Instagram: https://instagram.com/saiyampathak/ 📧 Collaborations: contact@kubesimplify.com #kubernetes #cloudnative #AI