BestHub
Sign in
Cloud Native 9 min read

Master Kubernetes: Complete Guide to Architecture, Deployments, and Production Ops

This comprehensive guide walks you through Kubernetes fundamentals, architecture, core components, workload resources, networking, storage, security, autoscaling, Helm packaging, monitoring, logging, and production-grade operational practices with practical YAML examples and command snippets.

Ray's Galactic Tech
Ray's Galactic Tech
Ray's Galactic Tech
Master Kubernetes: Complete Guide to Architecture, Deployments, and Production Ops

1. Kubernetes Core Overview

Kubernetes (K8s) is a container orchestration platform that automates deployment, scaling, self‑healing, service discovery, configuration management, and load balancing for containerized applications, emphasizing declarative management of desired state.

2. Architecture and Component Responsibilities

The control‑plane consists of API Server (entry point for all requests), Scheduler (assigns Pods to nodes), Controller Manager (handles replica sets, node controllers, etc.), and etcd (distributed key‑value store). The node components include kubelet (manages Pods on the node), kube-proxy (handles Service traffic routing), and containerd (container runtime).

Kubernetes architecture diagram
Kubernetes architecture diagram

3. Workload Resources: Pod, ReplicaSet, Deployment

A Pod is the smallest deployable unit. Example Pod definition:

apiVersion: v1
kind: Pod
metadata:
  name: demo-pod
spec:
  containers:
  - name: app
    image: nginx
    ports:
    - containerPort: 80

Deployments manage ReplicaSets and provide rolling updates. Example Deployment with rolling update strategy:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: demo-deploy
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 1
  selector:
    matchLabels:
      app: demo
  template:
    metadata:
      labels:
        app: demo
    spec:
      containers:
      - name: app
        image: nginx:latest

4. Service and Ingress

Service types expose Pods:

ClusterIP – internal access only.

NodePort – exposes a port on each node.

Ingress – HTTP routing based on host/path.

ClusterIP example:

apiVersion: v1
kind: Service
metadata:
  name: demo-svc
spec:
  type: ClusterIP
  selector:
    app: demo
  ports:
  - port: 80
    targetPort: 80

NodePort example:

type: NodePort
ports:
- port: 80
  nodePort: 30080

Ingress example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: demo-ingress
spec:
  rules:
  - host: demo.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: demo-svc
            port:
              number: 80

5. Configuration Management: ConfigMap & Secret

ConfigMap stores non‑sensitive configuration:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  mode: "prod"

Pod can reference it via env:

env:
- name: MODE
  valueFrom:
    configMapKeyRef:
      name: app-config
      key: mode

Secret stores sensitive data (base64‑encoded):

apiVersion: v1
kind: Secret
metadata:
  name: mysql-secret
type: Opaque
data:
  password: cGFzc3dvcmQ=  # base64 of "password"

6. Storage: PV, PVC, StorageClass

Example PersistentVolume using hostPath:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-hostpath
spec:
  capacity:
    storage: 2Gi
  accessModes:
  - ReadWriteOnce
  hostPath:
    path: /data/k8s/demo

Corresponding PersistentVolumeClaim:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvc-demo
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi

7. Scheduling: Node Selector, Affinity, Taints & Tolerations

Node selector example:

nodeSelector:
  disk: ssd

Affinity example (node affinity with requiredDuringSchedulingIgnoredDuringExecution):

affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
      - matchExpressions:
        - key: zone
          operator: In
          values: ["cn-east"]

8. Network Policies

Restrict Pods from external traffic using a NetworkPolicy:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all
spec:
  podSelector: {}
  policyTypes:
  - Egress

9. Security: RBAC

Role definition granting read access to Pods:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "list"]

Binding the role to a user:

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: reader-bind
subjects:
- kind: User
  name: test
roleRef:
  kind: Role
  name: reader
  apiGroup: rbac.authorization.k8s.io

10. Autoscaling: Horizontal Pod Autoscaler (HPA)

Example HPA targeting CPU utilization:

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: demo-hpa
spec:
  minReplicas: 2
  maxReplicas: 8
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 60

11. Helm Packaging and Deployment

Typical chart directory layout:

mychart/
  Chart.yaml
  values.yaml
  templates/

Install the chart:

helm install demo ./mychart

12. Monitoring Stack (Prometheus & Grafana)

Deploy the kube‑prometheus‑stack via Helm:

helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install k8s-monitor prometheus-community/kube-prometheus-stack

13. Logging Stack (Loki & EFK)

Install Loki stack with Helm:

helm repo add grafana https://grafana.github.io/helm-charts
helm install loki grafana/loki-stack

14. Production‑grade Operations

Rolling upgrade: kubectl rollout restart deploy demo and kubectl rollout status deploy demo Pre‑stress‑test checklist: ensure Pod resource requests/limits, HPA enabled, and monitoring is healthy.

Debugging commands: kubectl describe pod, kubectl logs -f mypod,

kubectl get events

15. End‑to‑End Practice Example

Deploy Zookeeper using a HostPath PV, PVC, and NodePort service:

apiVersion: v1
kind: PersistentVolume
metadata:
  name: zk-pv
spec:
  capacity:
    storage: 5Gi
  accessModes:
  - ReadWriteOnce
  hostPath:
    path: /data/zk
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: zk-pvc
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: zk
spec:
  replicas: 1
  selector:
    matchLabels:
      app: zk
  template:
    metadata:
      labels:
        app: zk
    spec:
      containers:
      - name: zk
        image: bitnami/zookeeper:latest
        volumeMounts:
        - mountPath: /bitnami
          name: data
  volumeClaimTemplates:
  - metadata:
      name: data
    spec:
      accessModes: ["ReadWriteOnce"]
      resources:
        requests:
          storage: 5Gi
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Kubernetesloggingcontainer orchestrationhelm
Ray's Galactic Tech
Written by

Ray's Galactic Tech

Practice together, never alone. We cover programming languages, development tools, learning methods, and pitfall notes. We simplify complex topics, guiding you from beginner to advanced. Weekly practical content—let's grow together!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment