Kubernetes Resources

Kubernetes Basics

Kubernetes (K8s) is the industry-standard orchestration platform that automates the deployment, scaling, and management of containerized applications.

Core Architecture

The Cluster = Control Plane + Worker Nodes

Control Plane (The Brain)

API Server, etcd (DB), Scheduler, Controller Manager

Worker Nodes (The Muscle)

kubelet, container runtime (containerd), kube-proxy

Key Objects You Must Know

Pod Smallest deployable unit. One or more containers sharing network and storage.

Deployment Manages ReplicaSets. Handles updates, rollbacks, and scaling declaratively.

Service Provides a stable IP/DNS. Types: ClusterIP, NodePort, LoadBalancer.

Ingress Manages external access (HTTP/S) to services. Requires a Controller (e.g., Nginx).

ConfigMap / Secret Decouples configuration and sensitive data from the container image.

PV / PVC PersistentVolume and Claims manage the lifecycle of storage in the cluster.

💡 Gold Rule: Declarative > Imperative. Always favor YAML manifests and kubectl apply -f over manual commands for production environments.

⚡ kubectl Commands Cheat Sheet

Pro tip: alias k=kubectl and source <(kubectl completion bash) are life savers.

Category	Command	Purpose / Debug Flow
Status	`k cluster-info` `k get nodes`	Check if the "brain" is healthy and nodes are Ready.
Discovery	`k get all -A` `k get pods -o wide`	Find where everything is running across all namespaces.
Deep Dive	`k describe pod <name>`	Step 1 for errors: Check "Events" at the bottom for pull errors or scheduling issues.
Telemetry	`k logs <pod> -f` `k top pod`	Step 2 for errors: Watch application output or check for CPU/Memory spikes.
Access	`k exec -it <pod> -- sh` `k port-forward <pod> 8080:80`	Jump inside the container or route local traffic to a private pod.
Ops	`k apply -f file.yaml` `k scale deploy/<name> --replicas=5`	The "Declarative" way to manage the state of your app.
Recovery	`k rollout undo deploy/<name>` `k delete pod <name> --force`	The "Panic Buttons" for quick rollbacks or clearing stuck pods.

The Kubernetes Ecosystem (2026)

Real-world Kubernetes is rarely "vanilla." These are the companion tools found in most production environments.

Deployment & Config

Helm & Kustomize The standard for packaging and managing manifests. Kustomize is built into kubectl.

Argo CD / Flux GitOps engines that sync your Git repo state directly to the cluster.

Observability & Security

Prometheus + Grafana The "Gold Standard" for metrics, alerting, and visual dashboards.

Harbor Enterprise-grade private registry with built-in vulnerability scanning.

cert-manager Automates SSL/TLS certificates (Let’s Encrypt) for your services.

Infrastructure & UI

Istio / Linkerd Service Meshes for advanced traffic routing and mTLS security.

Lens / K9s Visual (Lens) or Terminal (K9s) dashboards to manage clusters efficiently.

Velero / Longhorn Tools for cluster backups and distributed cloud-native storage.

☸️ Deep Dive: Helm

Think of Helm as Homebrew, Apt, or Pip but for Kubernetes clusters. It allows you to define, install, and upgrade even the most complex K8s apps.

What is a "Chart"? A bundle of YAML templates and a values.yaml file. You change the values, and Helm generates the valid Kubernetes manifests.

Why use it? Instead of managing 20 separate YAML files for a database, you run:
helm install my-db bitnami/postgresql

Essential Workflow: helm repo add → helm search → helm install → helm upgrade

The Linux Foundation Certification Path

If you want to prove your skills in 2026, these are the three milestones recognized globally.

⌨️

Entry / Dev

CKAD

Certified Kubernetes Application Developer

Focus: Creating & deploying Pods, Deployments, and Services.
Best for: Developers and DevOps beginners.

⚙️

Admin

CKA

Certified Kubernetes Administrator

Focus: Cluster installation, networking, and troubleshooting.
The Gold Standard for Ops & SREs.

🛡️

Security

CKS

Certified Kubernetes Security Specialist

Focus: Hardening clusters, scanning, and runtime security.
Prerequisite: Must pass the CKA first.

📂 A Note on Persistent Storage (Rook/Ceph)

While Rook is the premier way to run Ceph inside Kubernetes, beware of the "Virtualization Trap."

Lab Reality: Running Rook/Ceph on VirtualBox/VMware often results in terrible performance due to disk I/O overhead.
Production Best Practice: As you discovered, for high-performance needs, use Dedicated Storage Hardware (external Ceph cluster or SAN) and connect it to K8s via the CSI (Container Storage Interface).

Tools to watch: Rook (for internal), Longhorn (easier internal), NetApp/Pure CSI (external).