Why does Kubernetes Control Plane have multiple options for communicating with a cluster?

Hi team!

I really want to understand the idea of such a division. The documentation says that we have a few options of communication between CPlane and cluster:

  • API server to nodes, pods, and services
  • SSH tunnels
  • Konnectivity service

Documentation: Communication between Nodes and the Control Plane | Kubernetes

But I don’t quite understand what purpose these options serve?
In my head, I thought that we have an API-server in the control plane and a kubelet on the nodes and that all communication takes place between them over HTTPS.
But, I can assume that in order to connect nodes located in different subnets. But I can be wrong.

I would be grateful for a detailed answer.
Thanks in advance.

Some installations put control-plane on totally isolated machines (e.g. a different VPC). Some put it on the same VPC. Some run as pods in a shared control-plane cluster.

Making this an API which can be implemented in multiple ways means that there is freedom to figure out what works best for each given case. If it were simpler - if the communication was always one-direction, client->control-plane - it might be easier, but APIs like logs require the opposite.

1 Like