🚀

Kubernetes Overview and Architecture

Jul 30, 2025

Overview

This lecture series provides a comprehensive introduction to Kubernetes, covering its core concepts, architecture, important terminology, practical setup, security best practices, and key interview questions and answers.

What is Kubernetes?

  • Kubernetes is an open-source tool for automating deployment, scaling, and management of containerized applications (container orchestration).
  • The name "Kubernetes" means "captain" in Greek, symbolizing its role in managing many application containers.
  • Developed by Google in 2014, it is now open-source and widely adopted.
  • Kubernetes works with various container runtimes like Docker, containerd, and podman.
  • It is essential for managing applications at large scale, providing features like self-healing, scaling, monitoring, and automated rollouts/rollbacks.

Kubernetes Architecture

  • A Kubernetes cluster includes at least one Master node (Control Plane) and multiple Worker nodes.
  • Master node (Control Plane) components: API server, Scheduler, Controller Manager, and etcd.
  • Worker node components: kubelet, kube-proxy, and a container runtime (e.g., Docker or containerd).
  • The control plane manages the state and workload scheduling; worker nodes run containers inside pods.

Core Kubernetes Concepts & Components

  • Pod: The smallest unit in Kubernetes, containing one or more tightly coupled containers.
  • Namespace: An isolated environment within a cluster for organizing resources.
  • Deployment: Specifies the desired state for pods and manages replica sets.
  • Service: Exposes sets of pods for internal/external access (ClusterIP, NodePort, LoadBalancer).
  • Replica Set: Ensures a specified number of identical pods are running at all times.
  • ConfigMap: Stores non-sensitive configuration data as key-value pairs.
  • Ingress: Manages external access to services, usually HTTP.
  • DaemonSet: Ensures a pod runs on each node.
  • StatefulSet: Manages stateful applications with stable, persistent storage.

Practical Kubernetes Setup

  • Minikube allows running a single-node Kubernetes cluster locally for learning and testing.
  • Docker or containerd is required as the container runtime.
  • Essential kubectl commands manage cluster resources: create, get, describe, delete for pods, deployments, services, etc.
  • YAML files are used to define Kubernetes resources in human-readable, indented text format.

Key Kubernetes Security Practices

  • Implement RBAC (Role-Based Access Control) to limit user and service account permissions.
  • Use Network Policies to control traffic between pods.
  • Store sensitive data using Kubernetes Secrets.
  • Secure API server and etcd with TLS certificates.
  • Use trusted, up-to-date container images.
  • Monitor and audit with tools like Prometheus, Grafana, and audit logs.
  • Follow the least privilege principle for users and services.

Interview Q&A Highlights

  • Kubernetes is a container orchestration tool, not a container runtime.
  • Difference between Docker (container creation) and Kubernetes (container management).
  • Self-healing in Kubernetes refers to automatic restart or replacement of failed containers/pods.
  • The ideal production cluster includes 3 master nodes (for high availability) and multiple worker nodes.
  • Master node failure affects cluster management; redundant master nodes mitigate this.
  • Each Control Plane and worker node component has specific roles and failure impacts.

Key Terms & Definitions

  • Kubernetes — An open-source platform for automating containerized application management.
  • Pod — The smallest deployable unit, hosting one or more containers.
  • Deployment — Manages desired state and updates for pods.
  • Replica Set — Maintains a set number of pod replicas.
  • Service — Exposes pods as a network service.
  • Namespace — Isolated cluster environment.
  • DaemonSet — Ensures a pod runs on every node.
  • StatefulSet — Manages stateful pods with persistent identities.
  • RBAC — Role-Based Access Control for security.
  • etcd — Distributed key-value store for cluster data.
  • Kubelet — Node agent controlling pods/containers.
  • kubectl — Command-line tool for Kubernetes management.

Action Items / Next Steps

  • Practice by installing Minikube or setting up a small cluster using YAML configuration files.
  • Run and become comfortable with kubectl's core commands (get, describe, create, delete).
  • Experiment with different services (ClusterIP, NodePort, LoadBalancer) and deployments.
  • Follow the provided GitHub repository for configuration examples and further practice.
  • Review and implement security best practices in all practice and production clusters.

Full transcript