Kubernetes: From Containers to Clusters

Why Kubernetes exists: the problem with containers at scale

container sprawl, manual container management pain, orchestration definition, Kubernetes origin, control plane concept, declarative vs imperative management

Kubernetes architecture: control plane and worker nodes explained

control plane components, API server, etcd, scheduler, controller manager, worker node components, kubelet, kube-proxy, container runtime interface

How to install kubectl and set up a local Kubernetes cluster with kind

kubectl installation, kubeconfig file, kind tool, local cluster creation, context switching, cluster verification, kubectl get nodes

Kubernetes namespaces: what they are and when to use them

namespace definition, default namespace, kube-system namespace, resource isolation, namespace-scoped vs cluster-scoped resources, creating namespaces, kubectl -n flag

Kubernetes labels and selectors: how resources find each other

label definition, label selectors, equality-based selectors, set-based selectors, annotations vs labels, practical labeling strategy, kubectl label command

What is a Kubernetes Pod and why you rarely create one directly

Pod definition, shared network namespace, shared storage volumes, multi-container pods, sidecar pattern, Pod lifecycle phases, why Pods are ephemeral, naked pods anti-pattern

Kubernetes Deployment: how to deploy and manage stateless applications

Deployment resource, ReplicaSet relationship, desired state reconciliation, creating deployments, scaling deployments, rollout status, deployment strategy types, kubectl rollout commands

Kubernetes rolling updates and rollbacks: how to deploy without downtime

RollingUpdate strategy, maxUnavailable, maxSurge, update trigger conditions, kubectl set image, rollback with kubectl rollout undo, revision history, Recreate strategy

Kubernetes resource requests and limits: how to prevent noisy neighbors

resource requests definition, resource limits definition, CPU units millicores, memory units mebibytes, Quality of Service classes, OOMKilled, CPU throttling, LimitRange, ResourceQuota

Kubernetes liveness and readiness probes: how to handle unhealthy pods

liveness probe definition, readiness probe definition, startup probe, HTTP probe, TCP probe, exec probe, probe parameters, initialDelaySeconds, periodSeconds, failureThreshold, probe failure behavior

Kubernetes Services explained: ClusterIP, NodePort, and LoadBalancer

Service definition, virtual IP, kube-proxy iptables rules, ClusterIP type, NodePort type, LoadBalancer type, service selector, targetPort vs port, endpoint object

Kubernetes DNS: how Pods discover each other by name

CoreDNS, service DNS format, FQDN structure, cross-namespace DNS, Pod DNS, ndots configuration, headless services, DNS for StatefulSets

Kubernetes Ingress: how to route HTTP traffic to multiple services

Ingress resource, Ingress controller, path-based routing, host-based routing, TLS termination, nginx ingress controller, IngressClass, backend service reference

Kubernetes NetworkPolicy: how to lock down pod-to-pod communication

NetworkPolicy resource, default-deny pattern, ingress rules, egress rules, podSelector, namespaceSelector, ipBlock, CNI plugin requirement, policy evaluation model

Kubernetes ExternalName and headless services: advanced service patterns

ExternalName Service type, CNAME DNS aliasing, external database abstraction, headless service review, StatefulSet DNS, service without selector, manual Endpoints object

Kubernetes ConfigMaps: how to inject configuration into pods

ConfigMap definition, key-value data, multi-line config files, mounting as volume, injecting as env vars, envFrom, immutable ConfigMaps, config change propagation

Kubernetes Secrets: storing sensitive data securely in a cluster

Secret types, base64 encoding vs encryption, Secret vs ConfigMap, Opaque secret, TLS secret, creating secrets from literals, secret injection methods, encryption at rest, RBAC for secrets

Kubernetes PersistentVolumes: how pods get durable storage

ephemeral storage problem, PersistentVolume resource, PersistentVolumeClaim, StorageClass, dynamic provisioning, static provisioning, access modes, reclaim policies, volume lifecycle

Kubernetes StatefulSets: deploying databases and stateful applications

StatefulSet vs Deployment, stable network identity, ordered pod startup, volumeClaimTemplates, persistent pod names, StatefulSet update strategy, headless service requirement

Kubernetes emptyDir, hostPath, and ConfigMap volumes compared

emptyDir volume type, hostPath risks, ConfigMap as volume, Secret as volume, projected volumes, downwardAPI volume, tmpfs emptyDir, sharing data between sidecar containers

Horizontal Pod Autoscaler: scaling Kubernetes workloads by CPU and memory

HPA resource, metrics-server requirement, targetCPUUtilizationPercentage, min and max replicas, scaling algorithm, scale-up vs scale-down behavior, custom metrics with KEDA, HPA v2 API

Kubernetes node selectors and node affinity: placing pods on specific nodes

nodeSelector field, node labels, node affinity types, requiredDuringSchedulingIgnoredDuringExecution, preferredDuringSchedulingIgnoredDuringExecution, operator types, affinity vs nodeSelector comparison, inter-pod affinity introduction

Kubernetes taints and tolerations: reserving nodes for specific workloads

taint definition, taint effects (NoSchedule, PreferNoSchedule, NoExecute), toleration syntax, use cases for taints, taint-based eviction, control-plane taint, kubectl taint command

Kubernetes DaemonSets: running one pod per node for monitoring and logging

DaemonSet definition, automatic scheduling on new nodes, typical use cases, DaemonSet vs Deployment, tolerations in DaemonSets, DaemonSet update strategy, nodeSelector in DaemonSets

Kubernetes Jobs and CronJobs: running batch and scheduled workloads

Job resource, completions, parallelism, restartPolicy OnFailure vs Never, Job cleanup, CronJob resource, cron schedule syntax, concurrencyPolicy, successfulJobsHistoryLimit, failedJobsHistoryLimit

Kubernetes RBAC: how to control who can do what in your cluster

RBAC resources, Role vs ClusterRole, RoleBinding vs ClusterRoleBinding, subjects (User, Group, ServiceAccount), verbs and resources, principle of least privilege, default ClusterRoles

Kubernetes ServiceAccounts: how pods authenticate to the API server

ServiceAccount definition, default ServiceAccount, automountServiceAccountToken, projected service account token, RBAC binding to ServiceAccount, service account use in pods, token expiry and rotation

Kubernetes security contexts: running pods with least privilege

Pod security context, container security context, runAsNonRoot, runAsUser, readOnlyRootFilesystem, allowPrivilegeEscalation, capabilities drop, privileged containers, seccompProfile

Kubernetes Pod Disruption Budgets: zero-downtime operations during cluster maintenance

PodDisruptionBudget resource, minAvailable, maxUnavailable, voluntary vs involuntary disruptions, node drain, eviction API, PDB and rolling updates interaction, unhealthy pod eviction policy

Kubernetes resource quotas and LimitRanges: enforcing multi-tenant cluster policies

ResourceQuota definition, compute quotas, object count quotas, LimitRange defaults, default requests and limits, namespace-level enforcement, quota scope, exceeding quota behavior