OpenShift Architecture

OpenShift Architecture

Manzoor Ahamed's photo
Manzoor Ahamed
·Aug 20, 2022·

5 min read

In this article we are going to discuss about Kubernetes and OpenShift architecture.

As we know OpenShift is built on top of the kubernetes platform, the major difference between the two platform is that the OpenShift container platform includes kubernets features. But kubernetes does not include OpenShift services. Both are open-source programs, Kubernetes is free to use, while OpenShift is paid platform service from RedHat.

Control Plane Components

Kubernetes comes with 4 control plane componentes.

  • Kube API server
  • ETCD
  • Kube Scheduler
  • Kube Controller Manager

kube API server

Kube API server is the gateway to the kubernetes cluster. All the client commands to manage and interact with the cluster is handled by the kubeapi-server. API server is the only control plane component with user-accessible API. when the user runs the REST command (kubectl get pods) is received by the API server, which then validates the requests and executes them. The resulting state of the execution is then stored in the ETCD the distributed key-value store. Kube API server is the only control plane component that interacts directly with ETCD data store. Kube API server is the backbone that supports the life cycle of orchestration.


ETCD is different from traditional database tabular forms. It is highly-available and consistent key value data store used in kubernetes to store all cluster related data. It manages the configuration data, state data and metadata of the kubernetes cluster. It holds all the data responsible for distributed system to up and running. Also make sure to have periodic backup plan for those data.

Kube Scheduler

Kube Scheduler monitors the kube API server for the pods which doesnt have node attribute assigned. Kube Scheduler is responsible to select the node for the newly created pods. Selection of the node is based on criteria's like hardware/software/affinity and anti-affinity etc.. Each pod will have its own requirement, so based on the pod requirement the node will be selected. Once the node is selected its the responsibility of the API server to update the ETCD with the node details.

Kube Controller Manager

Runs the controller processes. Each controller is a separate process, but to reduce the complexity, they are all compiled into single binary and run as single process. If the current state of the object deos not match the desired state, the controller takes all respective steps to match the desired state. Few objects are listed below.

  • Node controller Monitors the state of the node.
  • Deployment Responsible for deploying the application pods
  • ReplicaSet Manitains the pod count
  • Job controller Make sure a pod runs to execute the specific task at a specified time. Similar to cron.

Kubernetes Control Plane Digram

Screenshot from 2022-08-18 12-42-45.png

Along with above mentioned control plane component OpenShift control plane also run the following components.

OpenShift Control Plane Components

  • OpenShift API Server
  • OpenShift Controller Manager
  • OpenShift OAuth Server
  • OpenShift OAuth API Server

OpenShift API Server

OpenShift API server is simillar to Kube API server. All the client commands related to OpenShift resources, such as projects, routes, and ingress are validated and configured by OpenShift API server. The OpenShift API server is managed by the operator called OpenShift API server operator.

OpenShift Controller Manager

OpenShift controller manager is simillar to Kube controller manager. OpenShift controller manager watches ETCD for changes related OpenShift objects, such as route, template, and project and then uses API to enforce the specific state. It's managed by OpenShift controller manager operator.

OpenShift OAuth Server

OAuth server is responsible for providing OAuth tokens to the users. Users request tokens from OAuth server and uses the token to authenticate themselves to the API server. This control plane component is managed by the Cluster Authentication Operator.

OpenShift OAuth API Server

The OpenShift OAuth API server validates and configures the data to authenticate to OpenShift container platform, such as users, groups and OAuth tokens. The OpenShift OAuth API server is also managed by the Cluster Authentication Operator.

OpenShift Control Plane Digram


Master nodes and the worker nodes also runs the standard node services.

  • Kubelet
  • Kube Proxy
  • Container Runtime


Kubelet it act as an agent and runs on every node in the cluster. Master connects to the kubelet on the worker nodes and ask them execute the payload. The payload contains details about the pod, and its the kubelet responsibilities to provision the pod as per the payload. Once the execution is done it will respond back the status of the execution to the master. Kubelet registers the node in the kubernetes cluster. Kubelet monitors the pods in case malfunction it reports back to the control plane. Kubelet will get notified from the kube API server, and then it will connect to the container runtime like CRI-O. Then container runtime will pull the images and runs the pod.

Kube Proxy

Kube Proxy runs on each node in the cluster to implement the kubernetes service concept. Kube Proxy manages the network rules. The network rules allow network communication to your pods from the network session inside or outside of your cluster. Whenever a service gets created it creates an appropriate rules on each node to forward the traffic to the destination.

Container Runtime

Container runtime provides a platform for the container to run. Its job is to setting up the namespace and Cgroups for containers, are also called lower-level container runtime. Container engines focus on formats, unpacking, formats and image -sharing. Container runtime is reponsible for pulling the image from the registry to running the container.

OpenShift Architecture Digram

Screenshot from 2022-08-20 11-53-31.png


Multiple components works together to form the K8S and OCP cluster. From API server to container runtime all come together to construct the kubernetes and OpenShift as the container orchestration tool. In this process many of the manuall process are automated.

Community and Social Footprints :

Did you find this article valuable?

Support Cloudnloud Tech Community by becoming a sponsor. Any amount is appreciated!

Learn more about Hashnode Sponsors
Share this