No description
Find a file
2026-05-20 12:22:25 +01:00
README.md first commit 2026-05-20 12:22:25 +01:00

Kubernetes Quick Operations Path

A hands-on, do-it-yourself path to learn core Kubernetes operations. Each section is a checklist — run the commands, observe the state, then move on. Assumes you start with an empty cluster.

0. Prerequisites

  • Install a local cluster: kind, minikube, or k3d
  • Install kubectl and verify: kubectl version --client
  • Spin up cluster: kind create cluster (or equivalent)
  • Check nodes: kubectl get nodes -o wide
  • Check system pods: kubectl get pods -A
  • Learn the inspection trio: get, describe, logs
  • Set up shell aliases: alias k=kubectl and tab completion

1. Namespaces

  • List existing: kubectl get ns
  • Create one: kubectl create ns demo
  • Set default for current context: kubectl config set-context --current --namespace=demo
  • Create via YAML and kubectl apply -f ns.yaml
  • Delete and watch cascading cleanup: kubectl delete ns demo
  • Observe: which resources are namespaced vs cluster-scoped? kubectl api-resources --namespaced=true|false

2. Pods

  • Run a one-off pod: kubectl run nginx --image=nginx
  • Inspect: kubectl describe pod nginx
  • Exec into it: kubectl exec -it nginx -- sh
  • Port-forward: kubectl port-forward pod/nginx 8080:80
  • Tail logs: kubectl logs -f nginx
  • Write a Pod YAML by hand (containers, image, ports, env, resources, liveness/readiness probes)
  • Try multi-container pod (sidecar pattern): two containers sharing a volume
  • Force-delete a stuck pod: kubectl delete pod nginx --grace-period=0 --force

3. Deployments

  • Create: kubectl create deployment web --image=nginx --replicas=3
  • Scale: kubectl scale deploy/web --replicas=5
  • Rolling update: kubectl set image deploy/web nginx=nginx:1.25
  • Watch rollout: kubectl rollout status deploy/web
  • Rollback: kubectl rollout undo deploy/web
  • View history: kubectl rollout history deploy/web
  • Tweak strategy in YAML: maxSurge, maxUnavailable
  • Kill a pod and watch the ReplicaSet recreate it
  • Compare: Deployment → ReplicaSet → Pod (kubectl get rs, kubectl get pods --show-labels)

4. StatefulSets

  • Deploy a 3-replica StatefulSet (e.g., nginx with a headless Service)
  • Observe ordered pod names: web-0, web-1, web-2
  • Verify stable DNS: nslookup web-0.headless-svc from inside a pod
  • Attach a volumeClaimTemplates for per-pod PVCs
  • Delete a pod, watch it come back with the same name + same volume
  • Scale down and observe reverse order
  • Compare update strategies: RollingUpdate vs OnDelete

5. DaemonSets & Jobs (bonus built-ins)

  • Create a DaemonSet — one pod per node (e.g., a log collector)
  • Run a Job: kubectl create job hello --image=busybox -- echo hi
  • Run a CronJob on a schedule
  • Inspect completion status and pod retention

6. Services

  • ClusterIP (default): expose Deployment internally
    • kubectl expose deploy/web --port=80 --target-port=80
    • Curl from another pod: kubectl run tmp --rm -it --image=busybox -- wget -qO- web
    • Resolve DNS: nslookup web.<namespace>.svc.cluster.local
  • NodePort: expose on each node's IP at a static port
  • LoadBalancer: requires cloud or metallb/cloud-provider-kind; observe external IP
  • Headless Service (clusterIP: None): pod-level DNS for StatefulSets
  • Inspect endpoints: kubectl get endpoints web — these are the pod IPs behind the service
  • Break a selector label, watch endpoints empty out

7. ConfigMaps

  • From literal: kubectl create configmap app-cfg --from-literal=LOG_LEVEL=debug
  • From file: kubectl create configmap app-cfg --from-file=config.yaml
  • Consume as env vars in a Pod (envFrom: configMapRef)
  • Consume as mounted file (volumes: configMap)
  • Update the ConfigMap — observe mounted files update (env vars do NOT)
  • Trigger reload: rollout restart kubectl rollout restart deploy/web

8. Secrets

  • Create: kubectl create secret generic db --from-literal=password=s3cr3t
  • Inspect (base64-encoded, not encrypted): kubectl get secret db -o yaml
  • Mount as env var and as file — same patterns as ConfigMap
  • Create a TLS secret: kubectl create secret tls ...
  • Create a docker-registry pull secret and reference via imagePullSecrets
  • Learn the limits: Secrets are base64, not encrypted at rest by default — read on encryption-at-rest config and external secret stores

9. Putting it together

  • Build a small app stack in one namespace:
    • Deployment for the app
    • ConfigMap for non-sensitive config
    • Secret for credentials
    • ClusterIP Service for internal access
    • LoadBalancer (or port-forward) for external access
  • Break things on purpose: delete a pod, scale to 0, mismatch a selector, mount a missing ConfigMap key
  • Diagnose with describe, logs, get events --sort-by=.lastTimestamp

10. Next steps

  • Ingress + IngressController (nginx-ingress, traefik)
  • PersistentVolumes / StorageClasses / PVCs
  • RBAC: Roles, ClusterRoles, ServiceAccounts
  • NetworkPolicies
  • Resource limits, HPA, PDBs
  • Helm and Kustomize
  • Operators and CRDs

Cheat-sheet commands

kubectl get <kind> -A -o wide
kubectl describe <kind>/<name>
kubectl logs -f <pod> [-c <container>]
kubectl exec -it <pod> -- sh
kubectl apply -f <file>.yaml
kubectl delete -f <file>.yaml
kubectl explain <kind>.spec        # field-level docs
kubectl get events --sort-by=.lastTimestamp
kubectl run tmp --rm -it --image=busybox -- sh   # throwaway debug pod