βΈοΈ What is Kubernetes?
Kubernetes (K8s) is an open-source container orchestration platform that automates deployment, scaling, and management of containerized applications. Originally developed by Google, now maintained by CNCF.
Why Kubernetes?
- Auto-scaling: Scale apps based on demand
- Self-healing: Restart failed containers automatically
- Load Balancing: Distribute traffic efficiently
- Rolling Updates: Zero-downtime deployments
- Service Discovery: Automatic DNS and networking
- Storage Orchestration: Mount storage systems automatically
ποΈ Kubernetes Architecture
Control Plane (Master)
- API Server: Frontend for K8s control plane
- etcd: Key-value store for cluster data
- Scheduler: Assigns pods to nodes
- Controller Manager: Runs controller processes
Worker Nodes
- Kubelet: Agent that runs on each node
- Kube-proxy: Network proxy on each node
- Container Runtime: Docker, containerd, CRI-O
π Getting Started
Installation Options
# Local Development # 1. Minikube (Recommended for learning) curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 sudo install minikube-linux-amd64 /usr/local/bin/minikube minikube start # 2. Docker Desktop (Mac/Windows) # Enable Kubernetes in Docker Desktop settings # 3. Kind (Kubernetes in Docker) curl -Lo ./kind https://kind.sigs.k8s.io/dl/latest/kind-linux-amd64 chmod +x ./kind sudo mv ./kind /usr/local/bin/kind kind create cluster # Install kubectl curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl # Verify kubectl version --client kubectl cluster-info
π¦ Core Concepts
1. Pods
Smallest deployable unit. One or more containers that share network and storage.
# pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
# Commands
kubectl apply -f pod.yaml
kubectl get pods
kubectl describe pod nginx-pod
kubectl logs nginx-pod
kubectl delete pod nginx-pod2. Deployments
Manages ReplicaSets and provides declarative updates for Pods.
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.21
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
CPU: "250m"
limits:
memory: "128Mi"
cpu: "500m"
# Commands
kubectl apply -f deployment.yaml
kubectl get deployments
kubectl get pods
kubectl scale deployment nginx-deployment --replicas=5
kubectl rollout status deployment nginx-deployment
kubectl rollout history deployment nginx-deployment
kubectl rollout undo deployment nginx-deployment3. Services
Expose pods to network traffic. Stable IP and DNS name.
# service.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: LoadBalancer # ClusterIP, NodePort, LoadBalancer
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
# Service Types:
# ClusterIP: Internal only (default)
# NodePort: Expose on each node's IP
# LoadBalancer: Cloud provider load balancer
# ExternalName: DNS CNAME record
kubectl apply -f service.yaml
kubectl get services
kubectl describe service nginx-service4. ConfigMaps & Secrets
# ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
APP_ENV: "production"
LOG_LEVEL: "info"
# Secret
apiVersion: v1
kind: Secret
metadata:
name: app-secret
type: Opaque
data:
DB_PASSWORD: cGFzc3dvcmQxMjM= # base64 encoded
# Use in Pod
spec:
containers:
- name: app
image: myapp:1.0
envFrom:
- configMapRef:
name: app-config
env:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: app-secret
key: DB_PASSWORD5. Ingress
HTTP/HTTPS routing to services. Single entry point for multiple services.
# ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: myapp.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
# Install Ingress Controller (Nginx)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.8.0/deploy/static/provider/cloud/deploy.yamlπ Persistent Storage
# PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-data
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
hostPath:
path: /data
# PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pvc-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
# Use in Pod
spec:
containers:
- name: app
image: myapp:1.0
volumeMounts:
- name: data
mountPath: /app/data
volumes:
- name: data
persistentVolumeClaim:
claimName: pvc-dataπ Auto-Scaling
Horizontal Pod Autoscaler (HPA)
# hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nginx-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
kubectl apply -f hpa.yaml
kubectl get hpa
kubectl top pods # Requires metrics-serverπ οΈ Essential kubectl Commands
# Cluster Info kubectl cluster-info kubectl get nodes kubectl describe node <node-name> # Pods kubectl get pods kubectl get pods -o wide kubectl get pods --all-namespaces kubectl describe pod <pod-name> kubectl logs <pod-name> kubectl logs -f <pod-name> # Follow logs kubectl exec -it <pod-name> -- /bin/bash # Deployments kubectl get deployments kubectl describe deployment <name> kubectl scale deployment <name> --replicas=5 kubectl set image deployment/<name> container=image:tag kubectl rollout restart deployment/<name> # Services kubectl get services kubectl describe service <name> kubectl port-forward service/<name> 8080:80 # ConfigMaps & Secrets kubectl get configmaps kubectl get secrets kubectl create configmap <name> --from-file=config.txt kubectl create secret generic <name> --from-literal=key=value # Namespaces kubectl get namespaces kubectl create namespace dev kubectl get pods -n dev kubectl config set-context --current --namespace=dev # Debug kubectl get events kubectl top nodes kubectl top pods kubectl describe pod <name> kubectl logs <pod-name> --previous # Previous container logs # Apply/Delete kubectl apply -f file.yaml kubectl apply -f directory/ kubectl delete -f file.yaml kubectl delete pod <name> kubectl delete deployment <name>
π Security Best Practices
- RBAC: Role-Based Access Control for users and services
- Network Policies: Control pod-to-pod communication
- Pod Security: Run as non-root, read-only filesystem
- Secrets Management: Use external secret managers (Vault)
- Image Scanning: Scan for vulnerabilities
- Resource Limits: Prevent resource exhaustion
- TLS Everywhere: Encrypt all communication
π Production Checklist
- β Multi-node cluster (HA)
- β Resource requests and limits set
- β Health checks (liveness, readiness)
- β Auto-scaling configured
- β Monitoring (Prometheus, Grafana)
- β Logging (ELK, Loki)
- β Backup strategy for etcd
- β Network policies defined
- β RBAC configured
- β Ingress with TLS
- β CI/CD pipeline
- β Disaster recovery plan
π― Conclusion
Kubernetes is the industry standard for container orchestration. Start with Minikube for learning, understand core concepts (Pods, Deployments, Services), and gradually explore advanced features. The learning curve is steep, but the benefits for production workloads are immense.
π³ Containerize First
Before deploying to Kubernetes, you need Docker containers. Use our Dockerfile Generator to create optimized containers.
Generate Dockerfile β