Kubernetes Basics | CampusToAI Academy

🧠

Concept

What is Kubernetes and why?

Docker runs containers. But in production, you might have 50 containers across 10 servers. You need someone to manage all of them: restart crashed containers, distribute traffic, scale up when traffic spikes, roll out updates without downtime.

Kubernetes is the manager (orchestrator) of containers. Like an air traffic controller — it knows where every plane (container) is, routes traffic to the right ones, and handles emergencies automatically.

Problem	Kubernetes Solution
Container crashed	Automatically restarts it
Traffic spike	Scales from 1 to 10 pods in seconds
Deploy new version	Rolling update — zero downtime
Bad deployment	Automatic rollback
Load distribution	Spreads traffic across all healthy pods
Resource management	Packs containers onto nodes efficiently

🗺️

Architecture

Core Kubernetes Architecture

Kubernetes Cluster
├── Control Plane (master)
│   ├── API Server        ← All kubectl commands go here
│   ├── etcd              ← Key-value store for cluster state
│   ├── Scheduler         ← Decides which node runs each pod
│   └── Controller Manager ← Watches pods, ensures desired state
│
└── Worker Nodes (VMs that run your containers)
    ├── kubelet           ← Talks to API server, manages pods on this node
    ├── kube-proxy        ← Handles networking for pods
    └── Container Runtime ← Runs the containers (containerd / Docker)

Object	What it is
Pod	Smallest deployable unit — one or more containers running together
Deployment	Manages a set of identical pods, handles rolling updates
Service	Stable network endpoint (IP + DNS) for accessing pods
ConfigMap	Store configuration data (non-sensitive)
Secret	Store sensitive data (passwords, tokens) — base64 encoded
Namespace	Logical isolation within a cluster (dev, staging, prod)
Ingress	HTTP/HTTPS routing — maps URLs to services

📦

Object 1

Pods

A Pod is like a flat/apartment. It can have one or more tenants (containers) who share the same address (IP) and can communicate via localhost. Usually, one Pod = one container.

pod.yaml (for learning — in production use Deployments)

apiVersion: v1
kind: Pod
metadata:
  name: student-api-pod
  labels:
    app: student-api
spec:
  containers:
    - name: student-api
      image: myregistry.azurecr.io/student-api:1.0.0
      ports:
        - containerPort: 8080
      env:
        - name: SPRING_PROFILES_ACTIVE
          value: "prod"
      resources:
        requests:
          memory: "256Mi"
          cpu: "250m"    # 250 millicores = 0.25 CPU
        limits:
          memory: "512Mi"
          cpu: "500m"

🚀

Object 2 — Most Used

Deployments

Manages multiple pod replicas + rolling updates

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: student-api
spec:
  replicas: 3                # Run 3 identical pods
  selector:
    matchLabels:
      app: student-api
  template:
    metadata:
      labels:
        app: student-api
    spec:
      containers:
        - name: student-api
          image: myregistry.azurecr.io/student-api:1.0.0
          ports:
            - containerPort: 8080
  strategy:
    type: RollingUpdate         # Zero-downtime updates
    rollingUpdate:
      maxSurge: 1               # Max extra pods during update
      maxUnavailable: 0         # Never go below 3 pods

🌐

Object 3

Services

Stable network access to pods

apiVersion: v1
kind: Service
metadata:
  name: student-api-service
spec:
  selector:
    app: student-api    # Routes to pods with this label
  ports:
    - port: 80            # Service port
      targetPort: 8080   # Container port
  type: LoadBalancer    # Public IP (AKS creates Azure Load Balancer)

Service Type	Use Case
ClusterIP (default)	Internal only — accessible within cluster
NodePort	Accessible on a specific port of each node — dev/testing
LoadBalancer	Public IP via cloud load balancer — production APIs

⚙️

Configuration

ConfigMap & Secrets

# ConfigMap — non-sensitive config
apiVersion: v1
kind: ConfigMap
metadata:
  name: student-api-config
data:
  SPRING_PROFILES_ACTIVE: "prod"
  LOG_LEVEL: "INFO"
---
# Secret — sensitive data (base64 encoded)
apiVersion: v1
kind: Secret
metadata:
  name: db-credentials
type: Opaque
data:
  DB_PASSWORD: c2VjcmV0MTIz  # base64 of "secret123"
  DB_URL: amRiYzpwb3N0Z3Jlc3FsOi8v...

K8s Secrets are only base64 encoded, not encrypted. For production, use Azure Key Vault with the Secrets Store CSI driver, or Azure Key Vault references for AKS.

⌨️

Daily Commands

kubectl — Essential Commands

# Apply a YAML file (create or update)
kubectl apply -f deployment.yaml

# View resources
kubectl get pods
kubectl get pods -o wide         # with node info
kubectl get deployments
kubectl get services
kubectl get all                   # everything

# Describe a resource (detailed info + events)
kubectl describe pod student-api-abc123

# View logs
kubectl logs student-api-abc123
kubectl logs -f student-api-abc123   # follow
kubectl logs student-api-abc123 --previous  # previous crashed container

# Shell into a running pod
kubectl exec -it student-api-abc123 -- sh

# Scale replicas
kubectl scale deployment student-api --replicas=5

# Update image (triggers rolling update)
kubectl set image deployment/student-api student-api=myregistry.azurecr.io/student-api:2.0.0

# Rollback to previous version
kubectl rollout undo deployment/student-api

# Watch rollout status
kubectl rollout status deployment/student-api

# Delete resources
kubectl delete pod student-api-abc123
kubectl delete -f deployment.yaml

🎯

Interview Prep

Common Interview Questions

QWhat is Kubernetes and what problem does it solve?

Kubernetes is a container orchestration platform that automates the deployment, scaling, and management of containerised applications. It solves the challenge of running containers in production at scale: automatically restarting crashed containers, scaling based on demand, enabling zero-downtime deployments, distributing load, and managing configuration/secrets.

QWhat is the difference between a Pod and a Deployment?

A Pod is the smallest deployable unit — it runs one or more containers. Pods are ephemeral (they can die and are not automatically replaced).

A Deployment manages a set of pods and ensures the desired number is always running. If a pod dies, Deployment creates a new one. It also handles rolling updates and rollbacks.

In production, you almost never create bare Pods — always use Deployments.

QWhat is a Kubernetes Service?

A Service provides a stable network endpoint (IP address + DNS name) for accessing a set of pods. Pods get random IPs that change when they restart — a Service provides a consistent address.

Service types: ClusterIP (internal only), NodePort (exposed on each node), LoadBalancer (public IP via cloud provider — creates Azure Load Balancer for AKS).

QWhat is the difference between ConfigMap and Secret?

ConfigMap stores non-sensitive configuration data as key-value pairs. The data is stored in plaintext and can be viewed by anyone with cluster access.

Secret stores sensitive data (passwords, tokens, certificates). The data is base64-encoded (NOT encrypted by default). For actual security, use K8s secrets with encryption at rest enabled, or use Azure Key Vault integration.

QWhat is a rolling update in Kubernetes?

A rolling update replaces pods one (or a few) at a time, ensuring the application remains available throughout the update. Kubernetes creates new pods with the new version and terminates old pods gradually.

With maxUnavailable: 0, it always maintains 100% capacity during the update. With maxSurge: 1, it creates one extra pod during the process.

If the new version has issues, you can roll back instantly with kubectl rollout undo deployment/name.