BLOG20b: Why Do We Need Kubernetes
BLOG11: Why do we need Kubernetes CRDs?
Where is the Deployment Controller?
Location of the Deployment Controller
✔️ It is not in the API server
✔️ It is not in the Deployment object
✔️ It is inside the kube-controller-manager binary
deployment-controllerkube-controller-manager runs as a Pod in most clusters:
What lives inside kube-controller-manager?
Controller
Purpose
Where is it in Kubernetes source code?
How It Actually Works
Where does Deployment Controller run in managed Kubernetes?
On EKS
On GKE
On AKS
On K3s
On kubeadm
Fast Recap
Item
Where it exists
FULL STEPS: Simple Greeting CRD + Controller Demo
STEP 1 — Create the CRD (Greeting)
STEP 2 — Create a Custom Greeting Resource
STEP 3 — Create a Tiny Controller (runs in a Pod)
👉 Minimal controller code (Python version for simplicity)
STEP 4 — Create a Deployment for the Controller
Use a simple container definition:
STEP 5 — Put Controller Code in a ConfigMap
STEP 6 — Give Controller Permission (RBAC)
STEP 7 — Deploy the Controller
Finished — You demonstrated:
1. Metrics Server (Metrics / CPU Usage CRD)
Creates CRDs:
Amazing 2-minute demo:
2. cert-manager (Certificate CRDs + automatic TLS)
Installs CRDs:
Super simple demo:
3. ArgoCD (Application CRD)
Installs CRDs:
Quick demo:
4. Prometheus Operator (ServiceMonitor / PodMonitor CRDs)
Installs CRDs:
Simple demo:
5. KEDA (ScaledObject CRD → Autoscaling on external metrics)
CRDs created:
2-minute demo:
6. ExternalDNS (DNSRecord CRD)
CRDs (optional depending on provider):
Demo:
7. Sealed Secrets (SealedSecret CRD)
CRDs:
Super simple demo:
8. Simple Demo CRD: "Hello" CRD (From Kubebuilder Test)
Best 3 For Quick Demo (Beginner-Friendly)
CRD
Time to demo
Visual effect
How cert-manager controller is installed
1️⃣ CRDs (API layer)
2️⃣ Controller Deployments (Code layer)
These are the controllers (actual code):
✅ cert-manager
✅ cert-manager-cainjector
✅ cert-manager-webhook
All these are Go binaries packaged inside containers.
So what actually happens when you apply a Certificate CRD?
⏳ Controller flow:
Why you thought "controller must be code"? — you're right.
Component
Purpose
Where does the actual controller code run?
Summary (Simple)
Component
What it is
Installed by Helm?
1. Does a Kubernetes API resource exist only if a controller exists?
✔️ Yes and No — depends on what you mean by “exist.”
🔹 YES — if you want behavior
🔹 NO — the object itself can exist without a controller
2. Why Kubernetes created CRDs? (Why resort to CRDs?)
💡 Reason #1 — Kubernetes needed to be EXTENSIBLE
Reason #2 — To implement “Kubernetes as a Platform”
Reason #3 — Unified API for everything
Reason #4 — Operators (Automation on top of CRDs)
Reason #5 — Decoupling API Server from Controllers
Reason #6 — CRDs allow Kubernetes to evolve without changing the core code
Summary — Why CRDs?
Reason
Explanation
3. Final Answer (Simple Version)
✔️ Kubernetes resources need controllers to “do” anything
Last updated