Skip to content
Flowchart Learning

Kubernetes

Chapter 60: Kubernetes Basics

Section titled “Chapter 60: Kubernetes Basics”

Overview

Section titled “Overview”

This chapter covers Kubernetes container orchestration basics.

Why This Matters in DevOps/SRE

Section titled “Why This Matters in DevOps/SRE”

Kubernetes is the industry-standard for container orchestration - essential for managing containerized applications at scale. Understanding K8s is critical for cloud-native development and DevOps roles.

┌─────────────────────────────────────────────────────────────────────────────┐
│                    KUBERNETES IN DEVOPS                                    │
├─────────────────────────────────────────────────────────────────────────────┤
│                                                                             │
│  ┌─────────────────────────────────────────────────────────────────────┐    │
│  │                    WHY KUBERNETES                                       │    │
│  │                                                                       │    │
│  │   • Container orchestration at scale                                   │    │
│  │   • Self-healing and automated rollouts                              │    │
│  │   • Service discovery and load balancing                             │    │
│  │   • Declarative configuration (GitOps ready)                         │    │
│  │   • Runs on any infrastructure (cloud, on-prem, edge)               │    │
│  │                                                                       │    │
│  └─────────────────────────────────────────────────────────────────────┘    │
│                                                                             │
│  ┌─────────────────────────────────────────────────────────────────────┐    │
│  │                    KEY CONCEPTS                                           │    │
│  │                                                                       │    │
│  │   • Pod: Smallest deployable unit                                    │    │
│  │   • Deployment: Manages replica sets and updates                    │    │
│  │   • Service: Network abstraction for pods                           │    │
│  │   • ReplicaSet: Ensures desired number of pods                       │    │
│  │   • Namespace: Resource isolation                                    │    │
│  │                                                                       │    │
│  └─────────────────────────────────────────────────────────────────────┘    │
│                                                                             │
└─────────────────────────────────────────────────────────────────────────────┘

60.1 Kubernetes Architecture

Section titled “60.1 Kubernetes Architecture”

Components

Section titled “Components”
              Kubernetes Architecture
+------------------------------------------------------------------+
|                                                                   |
|   +------------------+                                          |
|   |   Control Plane  |                                          |
|   | +--------------+ |                                          |
|   | | kube-apiserver|                                          |
|   | | etcd         |                                          |
|   | | kube-scheduler|                                          |
|   | | kube-controller|                                          |
|   | +--------------+ |                                          |
|   +------------------+                                          |
|           |                                                      |
|           |                                                      |
|   +------------------+     +------------------+                |
|   |   Worker Nodes    |     |   Worker Nodes    |                |
|   | +--------------+ |     | +--------------+ |                |
|   | | kubelet      | |     | | kubelet      | |                |
|   | | kube-proxy   | |     | | kube-proxy   | |                |
|   | | containerd   | |     | | containerd   | |                |
|   | +--------------+ |     | +--------------+ |                |
|   +------------------+     +------------------+                |
|                                                                   |
+------------------------------------------------------------------+

60.2 kubectl

Section titled “60.2 kubectl”

Basic Commands

Section titled “Basic Commands”
Terminal window
# Cluster info
kubectl cluster-info
kubectl get nodes


# Pods
kubectl get pods
kubectl get pods -o wide
kubectl describe pod pod_name
kubectl logs pod_name
kubectl exec -it pod_name -- /bin/sh


# Deployments
kubectl get deployments
kubectl create deployment nginx --image=nginx
kubectl scale deployment nginx --replicas=3
kubectl rollout status deployment nginx


# Services
kubectl get services
kubectl expose deployment nginx --port=80

60.3 Pods

Section titled “60.3 Pods”

Pod Definition

Section titled “Pod Definition”
pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.24
    ports:
    - containerPort: 80
    resources:
      limits:
        memory: "128Mi"
        cpu: "500m"
      requests:
        memory: "64Mi"
        cpu: "250m"

60.4 Deployments

Section titled “60.4 Deployments”

Deployment Example

Section titled “Deployment Example”
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.24
        ports:
        - containerPort: 80

60.5 Services

Section titled “60.5 Services”

Service Types

Section titled “Service Types”
service.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx
spec:
  type: ClusterIP  # or NodePort, LoadBalancer
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
Terminal window
# NodePort example
kubectl expose deployment nginx --type=NodePort


# LoadBalancer
kubectl expose deployment nginx --type=LoadBalancer

60.6 ConfigMaps and Secrets

Section titled “60.6 ConfigMaps and Secrets”

ConfigMap

Section titled “ConfigMap”
configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  database_url: "postgres://db:5432/app"
  cache_enabled: "true"

Secret

Section titled “Secret”
secret.yaml
apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
stringData:
  username: admin
  password: changeme

60.7 Namespaces

Section titled “60.7 Namespaces”

Namespace Commands

Section titled “Namespace Commands”
Terminal window
# List namespaces
kubectl get namespaces


# Create namespace
kubectl create namespace dev


# Use namespace
kubectl config set-context --current --namespace=dev


# Get in namespace
kubectl get pods -n dev

Common Mistakes & Anti-Patterns

Section titled “Common Mistakes & Anti-Patterns”

1. Running Pods Without Resource Limits

Section titled “1. Running Pods Without Resource Limits”

WRONG:

spec:
  containers:
  - name: app
    image: myapp
# No resources defined - pod can consume all node resources

CORRECT:

spec:
  containers:
  - name: app
    image: myapp
    resources:
      requests:
        memory: "128Mi"
        cpu: "250m"
      limits:
        memory: "256Mi"
        cpu: "500m"

Why: Without limits, one pod can starve others; also enables scheduling decisions.

2. Not Using Namespaces

Section titled “2. Not Using Namespaces”

WRONG:

Terminal window
# All resources in default namespace
kubectl get pods
# Mixed dev, staging, production

CORRECT:

Terminal window
# Separate namespaces for environments
kubectl create namespace dev
kubectl create namespace staging
kubectl create namespace production


# Use RBAC to restrict access

Why: Namespaces provide isolation and prevent accidental deletion.

3. Storing Secrets in ConfigMaps

Section titled “3. Storing Secrets in ConfigMaps”

WRONG:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  database-password: "secretpassword"  # WRONG!

CORRECT:

apiVersion: v1
kind: Secret
metadata:
  name: app-secrets
type: Opaque
stringData:
  database-password: "secretpassword"

Why: Secrets are base64 encoded, not encrypted - but better than ConfigMaps.

4. Not Using Liveness/Readiness Probes

Section titled “4. Not Using Liveness/Readiness Probes”

WRONG:

spec:
  containers:
  - name: app
    image: myapp
# No health checks - unhealthy pods stay in service

CORRECT:

spec:
  containers:
  - name: app
    image: myapp
    livenessProbe:
      httpGet:
        path: /healthz
        port: 8080
      initialDelaySeconds: 30
      periodSeconds: 10
    readinessProbe:
      httpGet:
        path: /ready
        port: 8080
      periodSeconds: 5

Why: Probes enable self-healing and proper traffic routing.

5. Using Latest Image Tag

Section titled “5. Using Latest Image Tag”

WRONG:

spec:
  containers:
  - name: app
    image: myapp:latest  # Changes over time!

CORRECT:

spec:
  containers:
  - name: app
    image: myapp:v1.2.3  # Pin to specific version

Why: latest changes - non-reproducible deployments.

Summary

Section titled “Summary”

In this chapter, you learned:

  • ✅ Kubernetes architecture
  • ✅ kubectl commands
  • ✅ Pods
  • ✅ Deployments
  • ✅ Services
  • ✅ ConfigMaps and Secrets
  • ✅ Namespaces

Next Chapter

Section titled “Next Chapter”

Chapter 60: Container Security

Last Updated: February 2026