+−⟲ /etcd api server source of truth, server states kube-scheduler kube-controller-manager watches objects (deployment, replica set, ...) update state watch unassigned podsassign pod to node update state K8s control plane EC2 Node kubelet K8S data plane pod A pod B unassigned pod Service get pod state containerd iptables conntrack kubeproxy update kubelet