Introduction
Kubernetes has matured significantly in 2026, becoming the standard for container orchestration across industries. This deep dive covers Kubernetes architecture, advanced deployment patterns, resource management, and the operational practices needed to run production workloads effectively.
Kubernetes orchestrates containerized applications across clusters of hosts, providing mechanisms for deployment, maintenance, and scaling of applications.
Kubernetes Architecture
Cluster Components
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Kubernetes Cluster โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Control Plane โ โ
โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ โ
โ โ โ API โ โSchedulerโ โControllerโ โ etcd โ โ โ
โ โ โ Server โ โ โ โ Manager โ โ โ โ โ
โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Worker Nodes โ โ
โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ โ
โ โ โ Node 1 โ โ Node 2 โ โ Node 3 โ โ โ
โ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โ
โ โ โ โ Kubeletโ โ โ โ Kubeletโ โ โ โ Kubeletโ โ โ โ
โ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โ
โ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โ
โ โ โ โ Kube โ โ โ โ Kube โ โ โ โ Kube โ โ โ โ
โ โ โ โ Proxy โ โ โ โ Proxy โ โ โ โ Proxy โ โ โ โ
โ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โโโโโโโ โ โ โ
โ โ โโโโโโโโโโโ โโโโโโโโโโโ โโโโโโโโโโโ โ โ
โ โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Key Resources
# Pod - smallest deployable unit
apiVersion: v1
kind: Pod
metadata:
name: payment-service
labels:
app: payment-service
spec:
containers:
- name: payment
image: payment-service:v1.2.3
ports:
- containerPort: 8080
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
---
# ReplicaSet - maintains stable replica count
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: payment-service
spec:
replicas: 3
selector:
matchLabels:
app: payment-service
template:
metadata:
labels:
app: payment-service
spec:
containers:
- name: payment
image: payment-service:v1.2.3
---
# Deployment - declarative updates
apiVersion: apps/v1
kind: Deployment
metadata:
name: payment-service
spec:
replicas: 3
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
selector:
matchLabels:
app: payment-service
template:
metadata:
labels:
app: payment-service
spec:
containers:
- name: payment
image: payment-service:v1.2.3
Advanced Deployment Strategies
Blue-Green Deployment
# Blue-green deployment with Service
apiVersion: v1
kind: Service
metadata:
name: payment-service
spec:
selector:
version: current
ports:
- port: 80
targetPort: 8080
---
# Blue version (current)
apiVersion: apps/v1
kind: Deployment
metadata:
name: payment-service-blue
spec:
replicas: 3
selector:
matchLabels:
app: payment-service
version: current
template:
spec:
containers:
- name: payment
image: payment-service:v1.0
---
# Green version (new)
apiVersion: apps/v1
kind: Deployment
metadata:
name: payment-service-green
spec:
replicas: 3
selector:
matchLabels:
app: payment-service
version: next
template:
spec:
containers:
- name: payment
image: payment-service:v2.0
Canary Deployment
# Istio VirtualService for canary
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
name: payment-service
spec:
hosts:
- payment-service
http:
- name: canary
match:
- headers:
x-canary:
exact: "true"
route:
- destination:
host: payment-service
subset: v2
weight: 100
- name: default
route:
- destination:
host: payment-service
subset: v1
weight: 90
- destination:
host: payment-service
subset: v2
weight: 10
Argo Rollouts
# Progressive delivery with Argo Rollouts
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: payment-service
spec:
replicas: 10
strategy:
canary:
maxSurge: "25%"
maxUnavailable: 0
canaryService: payment-canary
stableService: payment-stable
trafficRouting:
istio:
virtualService:
name: payment-vsvc
routes:
- primary
steps:
- setWeight: 5
- pause: {duration: 5m}
- setWeight: 20
- pause: {duration: 10m}
- setWeight: 50
- pause: {duration: 10m}
- setWeight: 80
- pause: {duration: 5m}
- setWeight: 100
analysis:
templates:
- templateName: success-rate
startingStep: 1
args:
- name: service-name
value: payment-canary
Resource Management
Resource Requests and Limits
# Best practices for resource management
apiVersion: v1
kind: Pod
metadata:
name: payment-service
spec:
containers:
- name: payment
image: payment-service:v1.2.3
resources:
# What the pod needs
requests:
memory: "256Mi"
cpu: "250m"
# Maximum allowed
limits:
memory: "512Mi"
cpu: "500m"
# Liveness probe - is container running?
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
# Readiness probe - can container serve traffic?
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 5
periodSeconds: 5
LimitRanges and ResourceQuotas
# LimitRange - default resource limits
apiVersion: v1
kind: LimitRange
metadata:
name: default-limits
spec:
limits:
- default:
memory: "512Mi"
cpu: "500m"
defaultRequest:
memory: "256Mi"
cpu: "250m"
type: Container
---
# ResourceQuota - namespace-level limits
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
spec:
hard:
requests.cpu: "4"
requests.memory: "8Gi"
limits.cpu: "8"
limits.memory: "16Gi"
pods: "20"
Custom Resources and Operators
Custom Resource Definition
# Define a custom resource
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: databases.example.com
spec:
group: example.com
names:
kind: Database
plural: databases
scope: Namespaced
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
size:
type: string
version:
type: string
Operator Pattern
# Kubernetes Operator for Database
class DatabaseReconciler:
def __init__(self, client):
self.client = client
async def reconcile(self, resource):
# Get current state
current = await self.client.get(resource)
if current is None:
# Create new database
await self._create_database(resource)
elif current.spec != resource.spec:
# Update existing database
await self._update_database(resource)
# Ensure desired state
await self._ensure_state(resource)
async def _create_database(self, db):
# Create database instance
pass
async def _update_database(self, db):
# Apply configuration changes
pass
async def _ensure_state(self, db):
# Ensure replicas, backups, etc.
pass
Service Mesh Integration
Network Policies
# NetworkPolicy - restrict traffic
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: payment-service-policy
spec:
podSelector:
matchLabels:
app: payment-service
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: api-gateway
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
app: database
ports:
- protocol: TCP
port: 5432
Service Monitoring
# Prometheus ServiceMonitor
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: payment-service
labels:
release: prometheus
spec:
selector:
matchLabels:
app: payment-service
endpoints:
- port: metrics
path: /metrics
interval: 15s
Helm and Package Management
Helm Charts
# values.yaml
replicaCount: 3
image:
repository: payment-service
tag: v1.2.3
pullPolicy: IfNotPresent
service:
type: ClusterIP
port: 80
targetPort: 8080
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 250m
memory: 256Mi
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
targetCPUUtilizationPercentage: 70
# Install with Helm
helm install payment-service ./payment-chart \
--namespace payments \
--create-namespace \
--set image.tag=v1.2.3 \
--values values-prod.yaml
GitOps with Kubernetes
ArgoCD Application
# application.yaml
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: payment-service
namespace: argocd
spec:
project: production
source:
repoURL: https://github.com/org/infra
targetRevision: main
path: apps/payment-service
destination:
server: https://kubernetes.default.svc
namespace: payments
syncPolicy:
automated:
prune: true
selfHeal: true
Best Practices
- Use Deployments: Never manage Pods directly
- Set resource limits: Always define requests and limits
- Use liveness/readiness probes: Ensure reliability
- Implement proper logging: Structured JSON logs
- Use ConfigMaps for config: Avoid hardcoding
- Store secrets in Secrets: Use external secrets operators
- Use network policies: Restrict traffic between services
- Implement GitOps: Declarative infrastructure management
Conclusion
Kubernetes provides powerful primitives for deploying, scaling, and managing containerized applications. The key to success is understanding its architecture deeply, implementing proper resource management, and using advanced patterns like canary deployments and GitOps for reliable software delivery.
In 2026, Kubernetes continues to evolve with better security, simplified operations, and improved developer experience. Master these patterns to run production workloads with confidence.
Comments