Unlock Kubernetes Essentials: Pods, Services, Deployments, and Beyond

Kubernetes is Google’s open‑source container‑cluster management system, derived from the large‑scale Borg system, and its main functions include container‑based application deployment, load balancing, service discovery, cross‑node and cross‑region scheduling, auto‑scaling, support for both stateless and stateful services, and an extensible plug‑in mechanism.

1. Pod

Pod is a group of tightly coupled containers that share a network and filesystem, each receiving a unique IP. Features include shared IPC/Network/UTS namespaces, shared volumes, graceful termination, privileged containers, restart policies (Always, OnFailure, Never), image pull policies (Always, Never, IfNotPresent), resource limits (requests and limits), health checks (livenessProbe and readinessProbe), init containers, and lifecycle hooks (postStart and preStop).

2. Namespace

Namespace provides a logical partition for a set of resources such as pods, services, replica sets, and deployments (default is default ). Nodes and PersistentVolumes are not namespaced. Common commands: kubectl get namespace, kubectl create namespace <name>, kubectl delete namespace <name>. Deleting a namespace removes all resources within it; the default and kube-system namespaces cannot be deleted; PersistentVolumes are cluster‑wide, while PersistentVolumeClaims belong to a specific namespace.

3. Node

Node is the host (physical or virtual) where pods run. Each node runs a container runtime (Docker), kubelet, and kube-proxy. Common commands: kubectl get nodes, kubectl cordon <node> (mark unschedulable), kubectl uncordon <node> (make schedulable). Taints ( key=value:effect) and tolerations control pod scheduling; effects include NoSchedule , PreferNoSchedule , and NoExecute .

4. Service

Service abstracts a set of pods providing the same functionality and offers a stable endpoint for service discovery and load balancing. Types: ClusterIP (default, internal only), NodePort (exposes a port on each node), LoadBalancer (provisions an external load balancer via cloud provider), and ExternalName (maps to an external DNS name). Services can be created without a selector and manually populated with endpoints.

5. Volume

Volumes provide persistent storage for containers. Their lifecycle is bound to the pod. Types include emptyDir , hostPath , NFS , glusterfs , cephfs , subPath , secret , persistentVolumeClaim , etc.

6. PersistentVolume (PV)

PV is a cluster‑wide storage resource. Together with PersistentVolumeClaim (PVC) it provides persistent storage. Access modes: ReadWriteOnce (single pod), ReadOnlyMany (multiple pods read‑only), ReadWriteMany (multiple pods read‑write). Reclaim policies: Retain , Recycle , and Delete .

7. Deployment

Deployment manages stateless applications by creating pods and replica sets, supporting rolling updates, rollbacks, scaling, and pause/resume. Common commands: kubectl run, kubectl get deployment --all-namespaces, kubectl describe deployment <name>, kubectl edit deployment <name>, kubectl delete deployment <name>, kubectl scale deployment <name> --replicas=<n>,

kubectl set image deployment/<name> <container>=<image>

, kubectl rollout undo deployment/<name>, kubectl rollout status deployment/<name>,

kubectl autoscale deployment <name> --cpu-percent=<%> --min=<n> --max=<n>

, kubectl rollout pause deployment/<name>, kubectl rollout resume deployment/<name>. Update strategy can be RollingUpdate or Recreate .

8. StatefulSet

StatefulSet is designed for stateful services, providing stable persistent storage via PVC, stable network identity via a headless Service, ordered deployment and scaling (pods are started and terminated in sequence), and ordered termination. Update strategies: OnDelete (default) and RollingUpdate .

9. DaemonSet

DaemonSet ensures that a pod runs on every (or selected) node, commonly used for log collection, monitoring, or system services such as kube-proxy or kube-dns. Node selection can be done with nodeSelector , nodeAffinity , or podAffinity . Update strategies: OnDelete and RollingUpdate .

10. Ingress

Ingress provides external HTTP routing and load balancing, requiring an Ingress controller (e.g., nginx, traefik, Kong, Openresty). It works with Services to expose applications outside the cluster, offering URL routing, TLS termination, and virtual host support.

11. Job & CronJob

Job runs short‑lived batch tasks; CronJob schedules jobs at specified times, similar to Linux crontab.

12. Horizontal Pod Autoscaler (HPA)

HPA automatically scales the number of pod replicas based on CPU, memory, or custom metrics. The controller queries metrics every 30 seconds (configurable). Supported metric types: predefined pod metrics (utilization), custom pod metrics (raw values), and custom object metrics. Metrics can be obtained via Heapster or custom REST APIs, and multiple metrics can be combined.

13. Service Account

ServiceAccount provides an identity for pods to access the Kubernetes API. It is used together with RBAC (Role, RoleBinding, ClusterRole, ClusterRoleBinding) to grant permissions.

14. Secret

Secret stores sensitive data such as passwords, tokens, and keys. Types: ServiceAccount (automatically created and mounted), Opaque (base64‑encoded key/value pairs), and kubernetes.io/dockerconfigjson (Docker registry credentials).

15. ConfigMap

ConfigMap holds non‑sensitive configuration data as key‑value pairs, usable as environment variables, command‑line arguments, or mounted as files via a volume.

16. ResourceQuota

ResourceQuota limits resource consumption per namespace. Types include compute resources (cpu, memory), storage resources (requests.storage, PVC count, storage class usage), and object counts (pods, services, configmaps, secrets, etc.). Quotas are applied to a namespace (one quota per namespace) and enforce limits on resource creation.