Introduction
Kubernetes has become the definitive standard for container orchestration. Originally developed by Google and now maintained by the Cloud Native Computing Foundation (CNCF), Kubernetes powers the infrastructure behind most modern cloud-native applications. From startups to enterprises, organizations rely on Kubernetes to deploy, scale, and manage containerized applications.
This guide covers Kubernetes in 2026, from core concepts to advanced deployment patterns. Whether you’re preparing for certification or architecting production systems, this guide provides the knowledge you need to succeed with Kubernetes.
Kubernetes Fundamentals
What Is Kubernetes?
Kubernetes (K8s) is an open-source container orchestration platform that automates deployment, scaling, and management of containerized applications. It groups containers into logical units for easy management and discovery.
Core Concepts
Pod: The smallest deployable unitโa group of one or more containers with shared storage/network.
Node: A worker machine (virtual or physical) that runs pods.
Cluster: A set of nodes that run containerized applications.
Service: An abstraction defining a logical set of pods and access policy.
Deployment: Declarative updates for pods and replica sets.
Namespace: Logical cluster segmentation for resource organization.
Architecture
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Control Plane โ
โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โ API โ โ Schedulerโ โ Controller โ โ
โ โ Server โ โ โ โ Manager โ โ
โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโโโโโ โ
โ โโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ etcd โ โ Cloud Controller Manager โ โ
โ โโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Worker Nodes โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Node Components โ โ
โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ โ
โ โ โKubelet โ โ Kube- โ โ Containerโ โ โ
โ โ โ โ โ Proxy โ โ Runtime โ โ โ
โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โโโโโโโ โโโโโโโ โโโโโโโ โ
โ โ Pod โ โ Pod โ โ Pod โ ... โ
โ โโโโโโโ โโโโโโโ โโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Core Kubernetes Objects
Pods
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.25
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
Deployments
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.25
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 5
Services
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
type: ClusterIP
selector:
app: nginx
ports:
- port: 80
targetPort: 80
---
# For external access
apiVersion: v1
kind: Service
metadata:
name: nginx-loadbalancer
spec:
type: LoadBalancer
selector:
app: nginx
ports:
- port: 80
targetPort: 80
ConfigMaps and Secrets
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
DATABASE_URL: "postgres://db:5432/app"
REDIS_URL: "redis://cache:6379"
---
apiVersion: v1
kind: Secret
metadata:
name: db-credentials
type: Opaque
stringData:
username: admin
password: "changeme"
Deployment Strategies
Rolling Updates
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
Blue-Green Deployments
# Service points to green (new version)
apiVersion: v1
kind: Service
metadata:
name: app-service
spec:
selector:
version: green
ports:
- port: 80
targetPort: 8080
Canary Deployments
apiVersion: v1
kind: Service
metadata:
name: canary-service
spec:
selector:
app: myapp
ports:
- port: 80
---
apiVersion: v1
kind: Pod
metadata:
name: myapp-v2
labels:
app: myapp
version: v2
spec:
# Only 10% of traffic to v2 via weighted service
Resource Management
Resource Requests and Limits
spec:
containers:
- name: app
resources:
requests:
memory: "256Mi"
cpu: "200m"
limits:
memory: "512Mi"
cpu: "1000m"
ResourceQuota
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
spec:
hard:
requests.cpu: "4"
requests.memory: "8Gi"
limits.cpu: "8"
limits.memory: "16Gi"
LimitRange
apiVersion: v1
kind: LimitRange
metadata:
name: default-limits
spec:
limits:
- default:
memory: "512Mi"
cpu: "500m"
defaultRequest:
memory: "256Mi"
cpu: "200m"
type: Container
Storage
PersistentVolume
apiVersion: v1
kind: PersistentVolume
metadata:
name: my-pv
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteOnce
storageClassName: fast
hostPath:
path: "/mnt/data"
PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: fast
StatefulSets
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: postgres
spec:
serviceName: postgres
replicas: 1
selector:
matchLabels:
app: postgres
template:
metadata:
labels:
app: postgres
spec:
containers:
- name: postgres
image: postgres:16
volumeMounts:
- name: data
mountPath: /var/lib/postgresql/data
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 10Gi
Networking
Network Policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-allow
spec:
podSelector:
matchLabels:
app: api
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
ports:
- port: 8080
egress:
- to:
- podSelector:
matchLabels:
app: database
ports:
- port: 5432
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 8080
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
tls:
- hosts:
- example.com
secretName: tls-secret
Service Mesh
Istio
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: my-service
spec:
hosts:
- my-service
http:
- match:
- headers:
x-canary:
exact: "true"
route:
- destination:
host: my-service
subset: v2
weight: 100
- route:
- destination:
host: my-service
subset: v1
weight: 100
Linkerd
apiVersion: v1
kind: Service
metadata:
name: my-svc
labels:
linkerd.io/service-mesh: enabled
Security
RBAC
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: pod-reader
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: read-pods
subjects:
- kind: User
name: jane
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: Role
name: pod-reader
apiGroup: rbac.authorization.k8s.io
Pod Security Standards
apiVersion: v1
kind: Pod
metadata:
name: secure-pod
spec:
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 2000
containers:
- name: app
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
Helm: Package Manager
# Install Helm
curl -fsSL https://get.helm.sh/helm-v3.14.0-linux-amd64.tar.gz | tar -xzsudo mv linux-amd64/h
elm /usr/local/bin/helm
# Add repo
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update
# Install chart
helm install my-release bitnami/nginx
# Create chart
helm create my-chart
# Package chart
helm package my-chart
# values.yaml
replicaCount: 3
image:
repository: nginx
tag: 1.25
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 128Mi
GitOps with ArgoCD
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-app
namespace: argocd
spec:
project: default
source:
repoURL: https://github.com/myorg/my-app.git
targetRevision: HEAD
path: k8s/overlays/production
destination:
server: https://kubernetes.default.svc
namespace: production
syncPolicy:
automated:
prune: true
selfHeal: true
Monitoring and Observability
Prometheus + Grafana
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: my-app-monitor
spec:
selector:
matchLabels:
app: my-app
endpoints:
- port: metrics
Kustomize
# kustomization.yaml
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- deployment.yaml
- service.yaml
- configmap.yaml
commonLabels:
app: my-app
replicas:
- name: deployment
count: 3
External Resources
Official Documentation
- Kubernetes Documentation - Official K8s docs
- Kubernetes SIGs - Community groups
- CNCF - Cloud Native Computing Foundation
Learning Resources
- Kubernetes by Example - Hands-on tutorials
- Katacoda - Interactive K8s labs
- A Cloud Guru - K8s courses
Tools
Conclusion
Kubernetes has matured into the backbone of cloud-native infrastructure. Its ecosystemโfrom Helm to Prometheus to Istioโprovides a complete platform for deploying and operating modern applications at scale.
Success with Kubernetes requires understanding its core concepts, deployment patterns, and operational best practices. Start simple, iterate, and leverage the ecosystem. The investment in learning Kubernetes pays dividends whether you’re running a small cluster or managing global infrastructure.
In 2026, Kubernetes continues to evolve with improved security, simpler management, and deeper integration with cloud services. Stay current with best practices, and your container orchestration will serve you well for years to come.
Comments