DevOpsKubernetes

Kubernetes

Production-grade container orchestration. Learn pods, services, deployments, ConfigMaps, Secrets, Ingress, and kubectl.

Pod Lifecycle Visualization

Pod Status: Pending

API object created, image being pulled

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.25
        ports:
        - containerPort: 80
        resources:
          requests:
            cpu: 100m
            memory: 128Mi

Service

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
spec:
  type: ClusterIP
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80

kubectl Commands

kubectl get podsList pods in current namespace

kubectl get pods -AList pods across all namespaces

kubectl describe pod mypodDetailed pod information

kubectl logs -f deploy/myappStream logs from deployment

kubectl exec -it pod -- shShell into a pod

kubectl apply -f deploy.yamlApply resource from file

kubectl delete pod mypodDelete a pod

kubectl get svcList services

kubectl get nodesList cluster nodes

kubectl port-forward svc/app 8080:80Forward local port to service

ConfigMaps & Secrets

kubectl create configmap app-config --from-literal=APP_ENV=production kubectl create secret generic db-creds \ --from-literal=username=admin \ --from-literal=password=s3cret

ConfigMaps: non-sensitive config. Secrets: sensitive data (base64, encryption at rest via KMS). Both mountable as env vars or volumes.

Ingress & Volumes

Ingress: HTTP/HTTPS routing to services. Supports TLS termination, path-based routing, and virtual hosts.

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: app-ingress spec: rules: - host: app.example.com http: paths: - path: / pathType: Prefix backend: service: name: app-service port: number: 80

Volumes: emptyDir (ephemeral), hostPath (node-local), PersistentVolumeClaim (durable storage), ConfigMap/Secret (injected config).

Interview Questions

Q1: What is the difference between a pod and a deployment?

A pod is the smallest deployable unit in Kubernetes — a group of one or more containers with shared storage/network. A Deployment manages a ReplicaSet, providing declarative updates, rollbacks, scaling, and self-healing. You rarely manage pods directly; you use Deployments to manage them.

Q2: How does Kubernetes service discovery work?

Services have a stable IP and DNS name. kube-proxy on each node watches the API server and maintains iptables/IPVS rules to route traffic to healthy pods. ClusterIP services are accessible only within the cluster. Headless services (clusterIP: None) return pod IPs directly for stateful workloads.

Q3: What are ConfigMaps and Secrets used for?

ConfigMaps store non-sensitive configuration as key-value pairs or files. Secrets store sensitive data (base64 encoded, with encryption at rest if configured). Both can be injected into pods as environment variables, CLI arguments, or mounted as volumes. Secrets are per-namespace and access-controlled via RBAC.

Q4: Explain the role of etcd in Kubernetes.

etcd is a distributed, consistent key-value store that serves as Kubernetes' source of truth. It stores all cluster state: pods, services, configs, secrets, and resource specifications. The API server is the only component that talks to etcd. Backups of etcd are critical for disaster recovery.