---
title: Kubernetes Concepts
---

import { Server, Layers, Share2, DollarSign, Shield } from 'react-feather';

# Kubernetes Concepts

E2E Kubernetes is a managed Kubernetes service. E2E provisions and operates the control plane (master) and worker infrastructure for you, so you can focus on deploying workloads instead of building and maintaining a cluster from scratch.

This page explains the building blocks you will see in the MyAccount portal before you [create a cluster](/docs/myaccount/kubernetes/getting-started/create-cluster).

<QuickNav items={[
{ href: '#cluster-architecture', label: 'Cluster Architecture', icon: <Server size={13} /> },
{ href: '#node-pools', label: 'Node Pools', icon: <Layers size={13} /> },
{ href: '#networking', label: 'Networking', icon: <Share2 size={13} /> },
{ href: '#plans-and-billing', label: 'Plans & Billing', icon: <DollarSign size={13} /> },
{ href: '#security-and-encryption', label: 'Security', icon: <Shield size={13} /> },
]} />

---

## Cluster Architecture

A cluster is made up of two node roles:

- **Master node (control plane).** Runs the Kubernetes API server, scheduler, and controllers. You choose its plan at creation; you can later [upgrade the master plan](/docs/myaccount/kubernetes/manage/actions#upgrade-master-plan) to give the control plane more resources. The master node's plan determines how much control-plane load the cluster can handle.
- **Worker nodes.** Run your application pods. Worker nodes are grouped into **node pools**.

The Kubernetes API server listens on **port 6443**. The security group attached to the cluster must allow this port, or the control plane and `kubectl` clients cannot connect. The cluster networking overlay also requires **UDP port 8472**.

## Node Pools

A **node pool** is a set of worker nodes that share the same configuration - the same plan (CPU, memory, disk) and the same scaling behavior. Grouping nodes into pools lets you:

- Run different workload types on different hardware (for example, a CPU pool for general workloads and a GPU pool for accelerated workloads).
- Scale each pool independently.
- Add, resize, or remove capacity without rebuilding the cluster.

A cluster can have up to **10 node pools**, and each pool can hold between **1 and 25 worker nodes**. A CPU (compute) pool requires a minimum of 2 nodes; a GPU pool can run with 1 node.

Pools come in two types:

- **Static (fixed) pool** - a fixed number of worker nodes that you set manually.
- **Autoscale pool** - the node count moves automatically between a minimum and a maximum based on a scaling policy. See [Autoscaling](/docs/myaccount/kubernetes/features/autoscaling).

## Networking

Every cluster is attached to a **VPC**. All master and worker nodes receive private IP addresses from the selected VPC's IP pool, so cluster components communicate over a private network.

- **Private IPv4** - assigned automatically to every node for in-VPC communication. Not reachable from the internet.
- **Public IPv4 / Service IP** - for exposing services to the internet, you reserve external Service IPs that the cluster assigns to Kubernetes services of type `LoadBalancer`. See [Networking](/docs/myaccount/kubernetes/manage/networking).

## Plans and Billing

Both the master node and each worker pool can be billed:

- **On-Demand (hourly)** - pay per hour with no commitment.
- **Committed** - commit to a fixed term for a lower effective rate. See [Committed Plans](/docs/myaccount/kubernetes/features/committed-plans).

Committed billing applies to the **master node** and **static (fixed)** worker pools only. **Autoscale pools are always billed hourly** - because their node count changes automatically, they cannot be placed on a committed plan.

Worker node plans include CPU (compute) and GPU SKU families. GPU pools attach NVIDIA accelerators to your worker nodes.

## Security and Encryption

- **Security groups** act as virtual firewalls for the cluster. See [Security Groups](/docs/myaccount/kubernetes/manage/security-groups).
- **Encryption at rest** can be enabled at creation time to encrypt the cluster's disks. See [Encryption](/docs/myaccount/kubernetes/features/encryption).

---

## Related Resources

| Resource                                                                              | Use it for                             |
| ------------------------------------------------------------------------------------- | -------------------------------------- |
| [Create a Cluster](/docs/myaccount/kubernetes/getting-started/create-cluster)         | Launch a cluster step by step.         |
| [Connect to a Cluster](/docs/myaccount/kubernetes/getting-started/connect-to-cluster) | Download kubeconfig and use `kubectl`. |
| [Manage Kubernetes](/docs/myaccount/kubernetes/manage)                                | Operate the cluster from the portal.   |
| [Kubernetes Guides](/docs/myaccount/kubernetes/guides)                                | In-cluster how-to guides.              |