Core concepts

desired state

Desired state & controllers

You declare what you want (replicas, image version, resources). Controllers continuously reconcile actual state to match that desired state.

  • Example: “Run 3 replicas of this app.”
  • If a Pod dies, Kubernetes schedules a replacement.

Pods & containers

A Pod is the smallest deployable unit. It usually contains one container (sometimes multiple) that share networking and storage.

  • One IP per Pod
  • Shared volumes for sidecars

Scheduling

The scheduler assigns Pods to Nodes based on resource requests, constraints, and policies.

  • Requests/limits: CPU & memory
  • Node selectors, affinities, taints/tolerations

Self-healing & scaling

Kubernetes restarts failed containers, replaces Pods, and can scale workloads manually or automatically.

  • ReplicaSets keep replica count stable
  • HPA scales based on CPU/memory/custom metrics

Cluster architecture

control plane

Control plane

The control plane makes global decisions and stores cluster state. Key components typically include:

  • API Server (front door for all requests)
  • etcd (key/value store for cluster state)
  • Scheduler (places Pods)
  • Controller Manager (reconciliation loops)

Worker nodes

Nodes run your workloads. Typical components:

  • kubelet (ensures containers are running)
  • container runtime (containerd/CRI-O)
  • kube-proxy or eBPF dataplane (service routing)
  • CNI plugin (Pod networking)
Tip: Think of Kubernetes like a “cluster operating system” that schedules and manages apps.

Common Kubernetes objects

yaml

Deployment

Defines a desired set of Pods and handles rolling updates/rollbacks.

  • Backed by a ReplicaSet
  • Works well for stateless services

Service

Stable network endpoint for a set of Pods selected by labels.

  • Types: ClusterIP, NodePort, LoadBalancer
  • Enables service discovery within the cluster

Ingress

HTTP(S) routing from outside the cluster to Services (via an ingress controller).

  • Host/path-based routing
  • TLS termination

ConfigMap & Secret

Inject configuration into Pods as env vars or mounted files (Secrets for sensitive data).

  • Prefer external secret managers in production
  • Rotate secrets regularly

StatefulSet

For stateful apps requiring stable identities and persistent storage.

  • Stable Pod names (e.g., app-0, app-1)
  • Typically paired with PersistentVolumeClaims

Job & CronJob

Run-to-completion workloads and scheduled tasks.

  • Job: one-off / batch
  • CronJob: scheduled

Networking basics

CNI

Pod-to-Pod

Kubernetes assumes Pods can reach each other directly (no NAT) across Nodes, enabled by your CNI.

  • Each Pod gets an IP
  • NetworkPolicy can restrict traffic (if supported)

Service routing

A Service provides a virtual IP/DNS name that load-balances to matching Pods.

  • kube-proxy (iptables/ipvs) or eBPF
  • Endpoints/EndpointSlices track backing Pods

Useful kubectl commands

cli
Get cluster info 
kubectl cluster-info
kubectl get nodes -o wide
kubectl get ns
Workloads & debugging 
kubectl get deploy,po,svc -n my-namespace
kubectl describe pod my-pod -n my-namespace
kubectl logs -f my-pod -n my-namespace
kubectl exec -it my-pod -n my-namespace -- /bin/sh
Apply manifests & inspect 
kubectl apply -f app.yaml
kubectl get deploy my-app -o yaml
kubectl diff -f app.yaml
Note: For day-to-day ops, learn: labels/selectors, namespaces, rollout history, and logs/exec.

What to learn next

practical

Production essentials

  • Requests/limits, autoscaling (HPA/VPA)
  • Probes: liveness/readiness/startup
  • NetworkPolicy basics
  • RBAC and least privilege

Observability

  • Metrics (Prometheus), dashboards (Grafana)
  • Logs (centralized), tracing (OpenTelemetry)
  • Events and audit logs