Kubernetes Physical Architecture


Local workstations are used to do the following:

  • Access the web interface.
  • Directly access service endpoints running on containers via the Gateway hosts in the format <gateway_ip>:<port>, where <gateway_ip> is the IP address of a Gateway host and <port> is the mapped port of the service endpoint.

    For example, assume that a Kubernetes container is running a service endpoint that can be accessed remotely, and that the Gateway host has an IP address of If the Gateway host has mapped the service endpoint running on the Kubernetes container to Port 12345, then you can access that endpoint by navigating to

  • Access the REST API.
  • Access Kubernetes clusters using Kubeconfig and Kubectl.

Platform Control Plane

The Platform Control Plane consists of the following:

  • Controller host and, if Platform HA is enabled, a Shadow Controller and an Arbiter host. See Controller, Gateway, and Worker Hosts.

    The Controller hosts authenticate users via the authentication proxy, using either the internal database or an LDAP/AD server. See User Authentication. The Authenticating Proxy consists of:

    • A server-side application that receives API requests from clients (usually from the kubectl tool) and (if they are properly authenticated) adds one or more groups to the request. The authenticating proxy then forwards the request to the kube-apiserver pod, and forwards any responses to the request back to the user.
    • A client-side kubectl plugin.
  • One or more Gateway hosts. Gateway hosts enable access to user-facing services such as Notebooks and SSH running on containers via an instance of the High Availability Proxy service (HAproxy service). For more information about Gateway hosts, see Gateway Hosts.

The Platform Control Plane handles the installation, configuration, upgrade, and monitoring of Kubernetes hosts, clusters, and tenants.

Kubernetes Cluster Nodes

A deployment of HPE Ezmeral Runtime Enterprise can include multiple Kubernetes clusters. A host that is part of a Kubernetes cluster is referred to in Kubernetes as a node.

Each Kubernetes cluster has its own control plane, consisting of at least one control plane node. The Kubernetes control plane is separate from the Platform Control Plane. A high-availability Kubernetes cluster has multple control plane nodes, as described in High Availability.

Kubernetes clusters contain worker nodes that run the containers and pods that process jobs in HPE Ezmeral Runtime Enterprise.

For more information about hosts and Kubernetes clusters, see Controller, Gateway, and Worker Hosts.