Master Kubernetes Essentials: Pods, Services, Deployments, and More

Kubernetes is Google’s open‑source container‑cluster management system, derived from the large‑scale Borg system. Its main capabilities include container‑based application deployment, load balancing, service discovery, cross‑node and cross‑region scheduling, automatic scaling, support for stateless and stateful services, and an extensive plugin mechanism for volumes.

1. Pod

Pod is a group of tightly coupled containers that share a network namespace and filesystem, each receiving a unique IP. Pods support inter‑process communication via localhost, shared volumes, graceful termination, privileged containers, restart policies (Always, OnFailure, Never), image pull policies, resource limits, health probes (liveness and readiness), init containers, and lifecycle hooks (postStart, preStop).

2. Namespace

Namespace provides a logical partition for resources such as pods, services, replica sets and deployments. Common commands: kubectl get namespace, kubectl create namespace <name>, kubectl delete namespace <name>. Deleting a namespace removes all its resources; the default and kube‑system namespaces cannot be deleted. PersistentVolumes are not namespaced.

3. Node

Node is the physical or virtual host where pods run. Each node runs a container runtime, kubelet and kube‑proxy. Common commands: kubectl get nodes, kubectl cordon <node> (mark unschedulable), kubectl uncordon <node>. Nodes can be tainted with kubectl taint using effects NoSchedule, PreferNoSchedule, and NoExecute; pods can tolerate these taints.

4. Service

Service abstracts a set of pods and provides a stable endpoint for service discovery and load balancing. Types: ClusterIP (default, internal only), NodePort (exposes NodeIP:NodePort), LoadBalancer (provisions an external LB via cloud provider), and ExternalName (maps to an external DNS name).

5. Volume

Volumes give containers persistent storage. A volume’s lifecycle is bound to its pod. Types include emptyDir, hostPath, NFS, glusterfs, cephfs, subPath, secret, PersistentVolumeClaim, and others. Data in a volume survives container restarts; it is removed when the pod is deleted, depending on the volume type.

6. PersistentVolume (PV)

PV is a cluster‑wide storage resource. Access modes: ReadWriteOnce (single pod), ReadOnlyMany (multiple pods read‑only), ReadWriteMany (multiple pods read‑write). Reclaim policies: Retain, Recycle (rm -rf, supported by NFS and hostPath), and Delete.

7. Deployment

Deployment manages stateless applications by creating ReplicaSets. It supports rolling updates, rollbacks, scaling, pausing and resuming. Common commands: kubectl run ..., kubectl get deployment --all-namespaces, kubectl describe deployment <name>, kubectl edit deployment <name>, kubectl delete deployment <name>, kubectl scale deployment <name> --replicas=<n>,

kubectl set image deployment/<name> <container>=<image>

, kubectl rollout undo deployment/<name>, kubectl rollout status deployment/<name>,

kubectl autoscale deployment <name> --cpu-percent=<percent> --min=<min> --max=<max>

, kubectl rollout pause deployment/<name>, kubectl rollout resume deployment/<name>.

8. StatefulSet

StatefulSet is designed for stateful workloads, providing stable network IDs, stable storage via PVCs, ordered deployment and scaling, and ordered termination. Update strategies: OnDelete (default, updates applied after manual pod deletion) and RollingUpdate (automatic pod replacement in reverse order).

9. DaemonSet

DaemonSet ensures that a copy of a pod runs on each (or selected) node, commonly used for log collection, monitoring agents, or system services such as kube‑proxy or ingress‑controller. Pods can be limited to specific nodes using nodeSelector, nodeAffinity, or podAffinity. Update strategies: OnDelete and RollingUpdate.

10. Ingress

Ingress provides external HTTP(S) routing to services, typically backed by an Ingress controller (e.g., nginx, traefik, Kong, OpenResty). It offers URL‑based routing, load balancing, and TLS termination.

11. Job & CronJob

Job runs short‑lived batch tasks; CronJob schedules jobs at specified times, similar to Linux crontab.

12. Horizontal Pod Autoscaler (HPA)

HPA automatically scales the number of pod replicas based on CPU, memory, or custom metrics. It queries metrics every 30 seconds by default and supports predefined metrics, custom pod metrics, and custom object metrics, using either Heapster or a custom REST API.

13. Service Account

ServiceAccount supplies credentials for pods to call the Kubernetes API. Authorization is handled via RBAC (Role, RoleBinding, ClusterRole, ClusterRoleBinding).

14. Secret

Secret stores sensitive data such as passwords, tokens, or keys. Types: ServiceAccount (automatically mounted), Opaque (base64‑encoded key/value), and kubernetes.io/dockerconfigjson (Docker registry credentials).

15. ConfigMap

ConfigMap holds non‑sensitive configuration as key‑value pairs and can be consumed as environment variables, command‑line arguments, or mounted as files within a volume.

16. Resource Quota

ResourceQuota limits the amount of compute (CPU, memory), storage (requests.storage, PVC count, storage class usage), and object counts (pods, services, configmaps, etc.) that can be created in a namespace. Only one ResourceQuota can exist per namespace.