Appearance
What is a controller in k8s?
### What is a Controller?In Kubernetes, a controller is a control loop that continuously watches the state of your cluster and makes or requests changes to move the current state closer to the desired state.
From a platform engineering perspective, controllers are the implementation of declarative configuration. Instead of executing a linear list of commands (imperative), you provide a "Record of Intent" (the object .spec), and the controller works tirelessly to ensure that reality matches that intent,.
How it works (The Reconciliation Loop):
- Watch: The controller tracks at least one Kubernetes resource type (e.g., Pods).
- Example: The Job controller watches for new Job objects.
- Compare: It compares the actual state (what is running) against the desired state (what is in the YAML).
- Reconcile: It takes action to fix the difference.
- Example: If a Job spec asks for a task to run, the Job controller tells the API server to create new Pods to do that work.
This design allows the system to handle failure automatically. If a component fails, the controller notices the deviation from the desired state and attempts to fix it (e.g., restarting a crashed container).
How many controllers are there?
There is no single fixed number of controllers in a Kubernetes cluster because they are modular. Controllers are compiled into the kube-controller-manager binary, but specific controllers can be enabled, disabled, or added via Custom Resource Definitions (CRDs) and Operators,.
However, the core kube-controller-manager typically ships with over two dozen built-in controllers responsible for the native behaviors of the cluster-.
Below is a table of the core built-in controllers found in a standard Kubernetes control plane:
| Category | Controller Name | Responsibility |
|---|---|---|
| Workload | Deployment | Manages rolling updates and scaling for stateless applications. |
| ReplicaSet | Ensures the correct number of Pod replicas are running. | |
| StatefulSet | Manages stateful applications with unique network identities. | |
| DaemonSet | Ensures a copy of a Pod runs on all (or some) nodes. | |
| Job / CronJob | Manages one-off tasks and recurring scheduled tasks,. | |
| Replication | (Legacy) Manages the lifecycle of ReplicationControllers. | |
| Node & Core | Node | Monitors node health, handles evictions, and manages cloud node lifecycle,. |
| Namespace | Handles Namespace creation and deletion cleanup. | |
| ServiceAccount | Creates default ServiceAccounts for new Namespaces. | |
| Garbage Collector | Cleans up resources (like Pods) that no longer have an owner,. | |
| Network | Service | Manages load balancers and service accessibility,. |
| Endpoint / EndpointSlice | Populates Endpoints (links Services to Pod IPs),. | |
| Route | Sets up network routes in the underlying cloud infrastructure,. | |
| Storage | PersistentVolumeBinder | Binds PersistentVolumeClaims to PersistentVolumes. |
| AttachDetach | Manages the attachment and detachment of volumes to nodes. | |
| Security | Certificate | Manages signing of certificates (CSRs). |
| RootCACertPublisher | Publishes the root CA certificate. |
Note: In cloud environments, some of these loops (like Node, Route, and Service controllers) may be moved out of the kube-controller-manager and into a specialized cloud-controller-manager to integrate with specific cloud provider APIs,.