Kubernetes Persistence Series Part 3: Controllers & Resilience —... (2026)

In Part 1, we debugged a missing ingress after GKE node upgrades. In Part 2, we explored how systemd supervises kubelet, and how kubelet bootstraps the control plane through static pods.

Now we reach the final layer: your application controllers—and the elegant insight that makes Kubernetes truly resilient.

Controllers like NGINX Ingress, cert-manager, and Prometheus Operator are deployed as Deployments or StatefulSets:

The controller itself doesn't store state—it reads everything from the API server (backed by etcd).

Helm stores release information in Kubernetes secrets:

Because this is stored in etcd via the API server, Helm releases survive any pod eviction.

This is the elegant core of the design: controllers don't store state.

The API server + etcd is the single source of truth, not the controllers.

The Kubernetes architecture embodies several design principles:

The journey from debugging a missing ingress to understanding the complete supervision hierarchy revealed the sophisticated machinery that makes Kubernetes resilient.

Source: Dev.to