Kubernetes Resource Controllers
In Kubernetes, a controller is a control loop that watches the state of your cluster through the API server and makes (or requests) changes to move the current state toward the desired state.
Most of these reside within the kube-controller-manager, a single binary that runs many individual controller processes to reduce complexity. Below is a comprehensive categorization of the built-in resource controllers.
1. Kubernetes Workload Controller
These are the most common controllers. They manage the lifecycle of Pods based on different application requirements.
- Deployment Controller: Manages
Deployments. It handles rolling updates, rollbacks, and ensures the specified number of replicas are running by managing ReplicaSets. - ReplicaSet Controller: Ensures that a specified number of Pod replicas are running at any given time.
- StatefulSet Controller: Manages the deployment and scaling of a set of Pods with unique, persistent identities and stable hostnames (ideal for databases).
- DaemonSet Controller: Ensures that all (or some) Nodes run a copy of a specific Pod (e.g., for logging or monitoring agents).
- Job Controller: Watches for
Jobobjects and creates Pods to run a task to completion. - CronJob Controller: Manages
CronJobs, creatingJobobjects on a time-based schedule.
2. Infrastructure & Discovery Controllers
These manage how Pods are connected and how the cluster infrastructure is maintained.
- Node Controller: Responsible for noticing and responding when nodes go down. It handles cloud-eviction and node-unreachability.
- Endpoints Controller: Populates the
Endpointsobject (joins Services and Pods). It watches Services and Pods and updates the Endpoints to match. - EndpointSlice Controller: A more scalable version of the Endpoints controller, managing
EndpointSliceobjects to track network endpoints. - Service Controller: Watches for
Serviceobjects and manages cloud-specific infrastructure (like LoadBalancers) via the Cloud Provider API. - Route Controller: Responsible for setting up network routes in the underlying cloud infrastructure so that pods on different nodes can talk to each other.
3. Governance & Lifecycle Controllers
These handle administrative tasks, security, and cleanup.
- Namespace Controller: Watches for namespace deletions and ensures all resources within that namespace are cleaned up before the namespace itself is removed.
- ServiceAccount Controller: Creates default ServiceAccounts for new namespaces and ensures Pods have the necessary credentials.
- ResourceQuota Controller: Ensures that the total resource consumption in a namespace does not exceed the configured
ResourceQuota. - LimitRange Controller: Enforces constraints on resource requests and limits for Pods and Containers in a namespace.
- Garbage Collector (GC) Controller: Cleans up “orphaned” resources (e.g., Pods whose owner Deployment has been deleted).
- TTL Controller: Cleans up finished Jobs after a certain period of time.
4. Storage Controllers
These manage the lifecycle of storage volumes.
- PersistentVolume (PV) Controller: Watches for
PersistentVolumeClaims(PVCs) and binds them to availablePersistentVolumes. - PV Protection Controller: Prevents the deletion of a PV that is currently bound to a PVC.
- PVC Protection Controller: Prevents the deletion of a PVC that is currently being used by a Pod.
- Expandable PVC Controller: Handles the resizing of volumes if the underlying storage provider supports it.
5. Cloud-Specific Controllers
If you are running on a cloud provider (AWS, Azure, GCP), the cloud-controller-manager runs specific loops:
- Node Controller: To check if a node has been deleted in the cloud after it stops responding.
- Route Controller: For setting up network routes in the cloud.
- Service Controller: For creating, updating, and deleting cloud load balancers.
Core Controllers
| Category | Resource Managed | Primary Goal |
| Workloads | Deployments, RS, Jobs | Scaling and Self-healing |
| Discovery | Services, Endpoints | Traffic routing |
| Governance | Namespaces, Quotas | Policy enforcement |
| Storage | PVs, PVCs | Data persistence |
Would you like to dive deeper into how a specific controller (like the Deployment controller) handles a “Rolling Update” strategy?