Introduction
Kubernetes has become the standard for container orchestration, enabling automated deployment, scaling, and management of containerized applications. Understanding Kubernetes is essential for modern DevOps and platform engineering.
This guide covers Kubernetes fundamentals, pod design, deployments, services, config management, and production patterns.
Kubernetes Fundamentals
Core Concepts
Kubernetes organizes containers into pods, the smallest deployable units. Pods can contain one or more containers that share storage and network. Deployments manage pod replicas and updates. Services provide stable network endpoints.
# Pod specification
apiVersion: v1
kind: Pod
metadata:
name: api-pod
labels:
app: api
version: v1
spec:
containers:
- name: api
image: myapp/api:latest
ports:
- containerPort: 8080
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: db-credentials
key: url
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
Deployments
# Deployment with rolling updates
apiVersion: apps/v1
kind: Deployment
metadata:
name: api-deployment
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: api
template:
metadata:
labels:
app: api
version: v1
spec:
containers:
- name: api
image: myapp/api:v1
ports:
- containerPort: 8080
envFrom:
- configMapRef:
name: api-config
- secretRef:
name: api-secrets
resources:
requests:
memory: "256Mi"
cpu: "100m"
limits:
memory: "512Mi"
cpu: "500m"
Services
# ClusterIP service for internal communication
apiVersion: v1
kind: Service
metadata:
name: api-service
spec:
type: ClusterIP
selector:
app: api
ports:
- port: 80
targetPort: 8080
protocol: TCP
---
# LoadBalancer service for external access
apiVersion: v1
kind: Service
metadata:
name: api-external
spec:
type: LoadBalancer
selector:
app: api
ports:
- port: 80
targetPort: 8080
externalTrafficPolicy: Local
---
# Ingress for HTTP routing
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: api-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "10m"
spec:
ingressClassName: nginx
rules:
- host: api.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
Config Management
ConfigMaps and Secrets
# ConfigMap for configuration
apiVersion: v1
kind: ConfigMap
metadata:
name: api-config
data:
DATABASE_HOST: "postgres-service"
DATABASE_PORT: "5432"
REDIS_HOST: "redis-service"
LOG_LEVEL: "info"
API_VERSION: "v1"
---
# Secret for sensitive data
apiVersion: v1
kind: Secret
metadata:
name: api-secrets
type: Opaque
stringData:
DATABASE_PASSWORD: "your-password-here"
API_KEY: "your-api-key"
JWT_SECRET: "your-jwt-secret"
---
# Pod using config and secrets
apiVersion: v1
kind: Pod
metadata:
name: api-pod-config
spec:
containers:
- name: api
image: myapp/api:latest
envFrom:
- configMapRef:
name: api-config
- secretRef:
name: api-secrets
Persistent Storage
# PersistentVolumeClaim
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: gp3
---
# Pod with volume mount
apiVersion: v1
kind: Pod
metadata:
name: api-with-storage
spec:
containers:
- name: api
image: myapp/api:latest
volumeMounts:
- name: data-volume
mountPath: /data
volumes:
- name: data-volume
persistentVolumeClaim:
claimName: data-pvc
Advanced Patterns
Horizontal Pod Autoscaler
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: api-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: api-deployment
minReplicas: 2
maxReplicas: 20
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 10
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 0
policies:
- type: Percent
value: 100
periodSeconds: 15
PodDisruptionBudget
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: api-pdb
spec:
minAvailable: 2
selector:
matchLabels:
app: api
Network Policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: api-network-policy
spec:
podSelector:
matchLabels:
app: api
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: frontend
- namespaceSelector:
matchLabels:
name: ingress-nginx
egress:
- to:
- podSelector:
matchLabels:
app: database
- namespaceSelector:
matchLabels:
name: cache
- to:
- namespaceSelector: {}
except:
- name: default
Conclusion
Kubernetes provides powerful primitives for container orchestration. Key practices: use deployments for stateless apps, configure proper health checks, manage configs with ConfigMaps/Secrets, implement autoscaling for resilience, and use network policies for security. Start simple and add complexity as needed.
Resources
- Kubernetes Documentation
- “Kubernetes Up & Running” by Kelsey Hightower
- kubectl Cheat Sheet
Comments