Skip to main content

Kubernetes Concepts

E2E Kubernetes is a managed Kubernetes service. E2E provisions and operates the control plane (master) and worker infrastructure for you, so you can focus on deploying workloads instead of building and maintaining a cluster from scratch.

This page explains the building blocks you will see in the MyAccount portal before you create a cluster.

Cluster ArchitectureNode PoolsNetworkingPlans & BillingSecurity

Cluster Architecture

A cluster is made up of two node roles:

  • Master node (control plane). Runs the Kubernetes API server, scheduler, and controllers. You choose its plan at creation; you can later upgrade the master plan to give the control plane more resources. The master node's plan determines how much control-plane load the cluster can handle.
  • Worker nodes. Run your application pods. Worker nodes are grouped into node pools.

The Kubernetes API server listens on port 6443. The security group attached to the cluster must allow this port, or the control plane and kubectl clients cannot connect. The cluster networking overlay also requires UDP port 8472.

Node Pools

A node pool is a set of worker nodes that share the same configuration - the same plan (CPU, memory, disk) and the same scaling behavior. Grouping nodes into pools lets you:

  • Run different workload types on different hardware (for example, a CPU pool for general workloads and a GPU pool for accelerated workloads).
  • Scale each pool independently.
  • Add, resize, or remove capacity without rebuilding the cluster.

A cluster can have up to 10 node pools, and each pool can hold between 1 and 25 worker nodes. A CPU (compute) pool requires a minimum of 2 nodes; a GPU pool can run with 1 node.

Pools come in two types:

  • Static (fixed) pool - a fixed number of worker nodes that you set manually.
  • Autoscale pool - the node count moves automatically between a minimum and a maximum based on a scaling policy. See Autoscaling.

Networking

Every cluster is attached to a VPC. All master and worker nodes receive private IP addresses from the selected VPC's IP pool, so cluster components communicate over a private network.

  • Private IPv4 - assigned automatically to every node for in-VPC communication. Not reachable from the internet.
  • Public IPv4 / Service IP - for exposing services to the internet, you reserve external Service IPs that the cluster assigns to Kubernetes services of type LoadBalancer. See Networking.

Plans and Billing

Both the master node and each worker pool can be billed:

  • On-Demand (hourly) - pay per hour with no commitment.
  • Committed - commit to a fixed term for a lower effective rate. See Committed Plans.

Committed billing applies to the master node and static (fixed) worker pools only. Autoscale pools are always billed hourly - because their node count changes automatically, they cannot be placed on a committed plan.

Worker node plans include CPU (compute) and GPU SKU families. GPU pools attach NVIDIA accelerators to your worker nodes.

Security and Encryption

  • Security groups act as virtual firewalls for the cluster. See Security Groups.
  • Encryption at rest can be enabled at creation time to encrypt the cluster's disks. See Encryption.
ResourceUse it for
Create a ClusterLaunch a cluster step by step.
Connect to a ClusterDownload kubeconfig and use kubectl.
Manage KubernetesOperate the cluster from the portal.
Kubernetes GuidesIn-cluster how-to guides.
Last updated on June 26, 2026.