Kubernetes Fundamentals

Duration: 150 min

Kubernetes is the industry-standard container orchestration platform. It automates deployment, scaling, and management of containerized applications across clusters of machines. This module covers core Kubernetes concepts: pods, deployments, services, ConfigMaps, and Secrets.

Kubernetes Architecture

Kubernetes clusters consist of:

Control Plane: Manages cluster state (API Server, Scheduler, Controller Manager, etcd)
Worker Nodes: Run containers (kubelet, container runtime, kube-proxy)
Pods: Smallest deployable unit, wraps one or more containers
Services: Expose pods to network traffic
Volumes: Persistent storage for pods

Pods

A Pod is the smallest unit in Kubernetes, typically containing a single container:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  namespace: default
spec:
  containers:
  - name: nginx
    image: nginx:latest
    ports:
    - containerPort: 80
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"

Deploy and manage:

# Create a pod
kubectl apply -f pod.yaml

# View pods
kubectl get pods
kubectl get pods -o wide

# Describe pod details
kubectl describe pod nginx-pod

# View pod logs
kubectl logs nginx-pod

# Execute command in pod
kubectl exec -it nginx-pod -- bash

# Delete pod
kubectl delete pod nginx-pod

Deployments

Deployments manage replicas of pods and enable rolling updates:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.21
        ports:
        - containerPort: 80
        livenessProbe:
          httpGet:
            path: /
            port: 80
          initialDelaySeconds: 10
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /
            port: 80
          initialDelaySeconds: 5
          periodSeconds: 5

Manage deployments:

# Create deployment
kubectl apply -f deployment.yaml

# View deployments
kubectl get deployments
kubectl describe deployment nginx-deployment

# Scale deployment
kubectl scale deployment nginx-deployment --replicas=5

# Update image
kubectl set image deployment/nginx-deployment nginx=nginx:1.22

# Rollback to previous version
kubectl rollout undo deployment/nginx-deployment

# View rollout history
kubectl rollout history deployment/nginx-deployment

Services

Services expose pods to network traffic:

# ClusterIP Service (internal only)
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: ClusterIP
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

---
# LoadBalancer Service (external access)
apiVersion: v1
kind: Service
metadata:
  name: nginx-lb
spec:
  type: LoadBalancer
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80

---
# NodePort Service (access via node IP)
apiVersion: v1
kind: Service
metadata:
  name: nginx-nodeport
spec:
  type: NodePort
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 80
    targetPort: 80
    nodePort: 30080

Service operations:

# Create service
kubectl apply -f service.yaml

# View services
kubectl get services
kubectl get svc

# Describe service
kubectl describe service nginx-service

# Port forward to service
kubectl port-forward service/nginx-service 8080:80

ConfigMaps

ConfigMaps store non-sensitive configuration data:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  DATABASE_HOST: "db.example.com"
  DATABASE_PORT: "5432"
  LOG_LEVEL: "INFO"
  app.properties: |
    server.port=8080
    server.servlet.context-path=/api

Use ConfigMaps in pods:

apiVersion: v1
kind: Pod
metadata:
  name: app-pod
spec:
  containers:
  - name: app
    image: myapp:1.0
    env:
    - name: DATABASE_HOST
      valueFrom:
        configMapKeyRef:
          name: app-config
          key: DATABASE_HOST
    volumeMounts:
    - name: config
      mountPath: /etc/config
  volumes:
  - name: config
    configMap:
      name: app-config

Secrets

Secrets store sensitive data like passwords and API keys:

# Create secret from literals
kubectl create secret generic db-secret \
  --from-literal=username=admin \
  --from-literal=password=secret123

# Create secret from file
kubectl create secret generic tls-secret \
  --from-file=tls.crt=./cert.crt \
  --from-file=tls.key=./key.key

# View secrets
kubectl get secrets
kubectl describe secret db-secret

# Decode secret value
kubectl get secret db-secret -o jsonpath='{.data.password}' | base64 -d

Use secrets in pods:

apiVersion: v1
kind: Pod
metadata:
  name: app-pod
spec:
  containers:
  - name: app
    image: myapp:1.0
    env:
    - name: DB_USERNAME
      valueFrom:
        secretKeyRef:
          name: db-secret
          key: username
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: db-secret
          key: password

Namespaces

Namespaces provide logical isolation within a cluster:

# Create namespace
kubectl create namespace production

# View namespaces
kubectl get namespaces

# Deploy to specific namespace
kubectl apply -f deployment.yaml -n production

# View resources in namespace
kubectl get pods -n production

# Set default namespace
kubectl config set-context --current --namespace=production

Labels and Selectors

Labels organize and select resources:

apiVersion: v1
kind: Pod
metadata:
  name: app-pod
  labels:
    app: myapp
    environment: production
    version: v1.0
spec:
  containers:
  - name: app
    image: myapp:1.0

Query by labels:

# Get pods with specific label
kubectl get pods -l app=myapp

# Get pods with multiple labels
kubectl get pods -l app=myapp,environment=production

# Get pods without label
kubectl get pods -l environment!=staging

Persistent Volumes

Persistent Volumes provide storage that survives pod deletion:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-data
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  storageClassName: standard
  awsElasticBlockStore:
    volumeID: vol-12345678
    fsType: ext4

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-data
spec:
  accessModes:
    - ReadWriteOnce
  storageClassName: standard
  resources:
    requests:
      storage: 5Gi

---
apiVersion: v1
kind: Pod
metadata:
  name: app-with-storage
spec:
  containers:
  - name: app
    image: myapp:1.0
    volumeMounts:
    - name: data
      mountPath: /data
  volumes:
  - name: data
    persistentVolumeClaim:
      claimName: pvc-data

❓ What is a Pod in Kubernetes?

The smallest deployable unit that can contain one or more containers A collection of nodes in a cluster A storage volume for persistent data A network interface for containers

❓ What is the purpose of a Deployment in Kubernetes?

To manage individual pods directly To expose pods to external traffic To manage replicas of pods and enable rolling updates To store configuration data

❓ What types of Services are available in Kubernetes?

Only LoadBalancer ClusterIP, NodePort, LoadBalancer, and ExternalName Only ClusterIP and NodePort Services are not used in Kubernetes

❓ What is the difference between ConfigMaps and Secrets?

ConfigMaps store non-sensitive data; Secrets store sensitive data Secrets are only for passwords ConfigMaps are encrypted; Secrets are not They are identical and interchangeable

❓ What is a Persistent Volume Claim (PVC) used for?

To manage pod networking To define resource limits To request persistent storage from a Persistent Volume To manage pod replicas