Container orchestration platform - deployments, services, scaling, networking, and cluster management

Kubernetes

Kubernetes (K8s) is the industry-standard container orchestration platform for automating deployment, scaling, and management of containerized applications.

Core Concepts

Concept	Description
Pod	Smallest deployable unit; one or more containers sharing network/storage
Deployment	Manages Pod replicas with rolling updates and rollbacks
Service	Stable network endpoint for a set of Pods
Namespace	Virtual cluster for resource isolation
ConfigMap	Non-confidential configuration data as key-value pairs
Secret	Sensitive data (passwords, tokens, keys)
Ingress	HTTP/HTTPS routing from external traffic to Services
PersistentVolume	Storage resource provisioned by an administrator or dynamically

Workload Resources

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: api-server
  namespace: production
  labels:
    app: api-server
spec:
  replicas: 3
  selector:
    matchLabels:
      app: api-server
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    metadata:
      labels:
        app: api-server
    spec:
      containers:
        - name: api
          image: myregistry/api-server:v1.2.3
          ports:
            - containerPort: 3000
          env:
            - name: NODE_ENV
              value: "production"
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: db-credentials
                  key: url
          resources:
            requests:
              cpu: "250m"
              memory: "256Mi"
            limits:
              cpu: "1000m"
              memory: "512Mi"
          readinessProbe:
            httpGet:
              path: /health
              port: 3000
            initialDelaySeconds: 5
            periodSeconds: 10
          livenessProbe:
            httpGet:
              path: /health
              port: 3000
            initialDelaySeconds: 15
            periodSeconds: 20
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - api-server
                topologyKey: "kubernetes.io/hostname"

StatefulSet (Databases)

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: postgres
spec:
  serviceName: postgres
  replicas: 3
  selector:
    matchLabels:
      app: postgres
  template:
    metadata:
      labels:
        app: postgres
    spec:
      containers:
        - name: postgres
          image: postgres:16-alpine
          ports:
            - containerPort: 5432
          env:
            - name: POSTGRES_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: postgres-secret
                  key: password
          volumeMounts:
            - name: pgdata
              mountPath: /var/lib/postgresql/data
  volumeClaimTemplates:
    - metadata:
        name: pgdata
      spec:
        accessModes: ["ReadWriteOnce"]
        storageClassName: fast-ssd
        resources:
          requests:
            storage: 50Gi

CronJob

apiVersion: batch/v1
kind: CronJob
metadata:
  name: db-backup
spec:
  schedule: "0 2 * * *"  # Daily at 2 AM
  concurrencyPolicy: Forbid
  successfulJobsHistoryLimit: 3
  failedJobsHistoryLimit: 3
  jobTemplate:
    spec:
      template:
        spec:
          containers:
            - name: backup
              image: myregistry/db-backup:latest
              env:
                - name: DATABASE_URL
                  valueFrom:
                    secretKeyRef:
                      name: db-credentials
                      key: url
          restartPolicy: OnFailure

Services & Networking

Service Types

Type	Description	Use Case
ClusterIP	Internal-only IP (default)	Service-to-service communication
NodePort	Exposes on each node's IP at a static port	Development, direct access
LoadBalancer	Provisions external load balancer	Production external traffic
ExternalName	Maps to an external DNS name	External service aliasing

apiVersion: v1
kind: Service
metadata:
  name: api-server
spec:
  type: ClusterIP
  selector:
    app: api-server
  ports:
    - port: 80
      targetPort: 3000
      protocol: TCP

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/rate-limit: "100"
    nginx.ingress.kubernetes.io/rate-limit-window: "1m"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - api.example.com
      secretName: api-tls
  rules:
    - host: api.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: api-server
                port:
                  number: 80

Configuration & Secrets

ConfigMap

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  LOG_LEVEL: "info"
  MAX_CONNECTIONS: "100"
  config.yaml: |
    server:
      port: 3000
      timeout: 30s
    cache:
      ttl: 300

Secrets

apiVersion: v1
kind: Secret
metadata:
  name: db-credentials
type: Opaque
stringData:
  url: "postgres://user:password@postgres:5432/mydb"
  password: "secure-password"

Autoscaling

Horizontal Pod Autoscaler

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: api-server-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: api-server
  minReplicas: 3
  maxReplicas: 20
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 70
    - type: Resource
      resource:
        name: memory
        target:
          type: Utilization
          averageUtilization: 80
  behavior:
    scaleUp:
      stabilizationWindowSeconds: 60
      policies:
        - type: Pods
          value: 4
          periodSeconds: 60
    scaleDown:
      stabilizationWindowSeconds: 300
      policies:
        - type: Percent
          value: 10
          periodSeconds: 60

Common kubectl Commands

# Cluster info
kubectl cluster-info
kubectl get nodes -o wide

# Workloads
kubectl get pods -n production
kubectl describe pod api-server-xxx -n production
kubectl logs -f api-server-xxx -n production
kubectl exec -it api-server-xxx -n production -- /bin/sh

# Deployments
kubectl apply -f deployment.yaml
kubectl rollout status deployment/api-server -n production
kubectl rollout history deployment/api-server -n production
kubectl rollout undo deployment/api-server -n production

# Scaling
kubectl scale deployment api-server --replicas=5 -n production

# Debugging
kubectl get events --sort-by=.metadata.creationTimestamp -n production
kubectl top pods -n production
kubectl describe node node-01

Best Practices

Kubernetes Guidelines

Resource limits: Always set CPU/memory requests and limits
Health checks: Configure both readiness and liveness probes
Pod disruption budgets: Ensure availability during voluntary disruptions
Namespaces: Separate environments and teams with namespaces
RBAC: Follow least-privilege principle for service accounts
Image tags: Use specific version tags, never latest in production
Anti-affinity: Spread replicas across nodes for high availability
Network policies: Restrict pod-to-pod communication to what's necessary
Secrets management: Use external secrets operators (Vault, AWS Secrets Manager)
GitOps: Manage manifests in Git, deploy with ArgoCD or Flux

Kubernetes

On this page