Skip to content

Kubernetes Basics

What It Is

Kubernetes manages the lifecycle of containerized applications: deployments, scaling, self-healing, service discovery, and declarative cluster state.

Core Objects

Pod

The smallest deployable unit. In most cases, a Pod contains one main application container plus optional sidecars.

Deployment

Defines the desired Pod count and update strategy. Commonly used for stateless workloads.

StatefulSet

Used when stable network identities, ordered startup, and persistent volumes matter.

DaemonSet

Ensures a Pod runs on every node or on a selected set of nodes.

Service

Provides a stable access point for Pods. Common types are ClusterIP, NodePort, and LoadBalancer.

Ingress

Routes HTTP and HTTPS traffic into the cluster. In practice it works through an Ingress Controller.

ConfigMap and Secret

Store configuration and sensitive data. A Secret is not automatically strong encryption by default; that depends on cluster configuration.

Namespace

Logical isolation for resources inside one cluster.

Traffic Flow

Client -> Ingress/LoadBalancer -> Service -> Pod

For east-west traffic inside the cluster, a Service is often enough.

Application Lifecycle

  1. You write manifests or a Helm chart.
  2. You apply them through kubectl apply, Argo CD, Flux, or CI/CD.
  3. A Deployment creates a ReplicaSet.
  4. The ReplicaSet brings up the required number of Pods.
  5. A Service routes traffic to ready Pods.
  6. Probes and controllers watch the state and recreate failed instances.

Required Production Practices

  • Set resources.requests and resources.limits.
  • Add livenessProbe, readinessProbe, and startupProbe when needed.
  • Keep configuration separate from the image.
  • Use RollingUpdate instead of manual delete/create flows.
  • Restrict access with RBAC and network policies.

Minimal Deployment Example

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 2
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
        - name: app
          image: nginx:stable
          ports:
            - containerPort: 80
          resources:
            requests:
              cpu: 100m
              memory: 128Mi
            limits:
              cpu: 500m
              memory: 256Mi
          readinessProbe:
            httpGet:
              path: /
              port: 80

What to Learn Next

  • CNI, CSI, CoreDNS, and kube-proxy
  • RBAC and ServiceAccount
  • Ingress Controller and cert-manager
  • HPA, PDB, affinity/anti-affinity, taints/tolerations

References