Master Kubernetes fundamentals and advanced container orchestration techniques for deploying, scaling, and managing containerized applications in production environments.
Understanding Kubernetes Architecture
Kubernetes provides a powerful platform for automating deployment, scaling, and operations of application containers across clusters of hosts. This guide covers essential concepts and practical implementation strategies.
1. Kubernetes Cluster Setup
Set up a production-ready Kubernetes cluster using kubeadm:
Master Node Installation
# Update system and install dependencies
sudo apt update && sudo apt upgrade -y
sudo apt install -y apt-transport-https ca-certificates curl
# Add Kubernetes repository
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
# Install Kubernetes components
sudo apt update
sudo apt install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl
# Disable swap (required for Kubernetes)
sudo swapoff -a
sudo sed -i "/swap/d" /etc/fstab
# Configure container runtime (containerd)
sudo apt install -y containerd
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
sudo systemctl restart containerd
sudo systemctl enable containerd
# Initialize Kubernetes cluster
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
# Set up kubectl for current user
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
# Install Flannel network plugin
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.ymlWorker Node Setup
# Run on worker nodes (repeat installation steps above, then join)
# Get join command from master node
sudo kubeadm token create --print-join-command
# Example join command (run on worker nodes)
sudo kubeadm join 192.168.1.100:6443 --token abc123.xyz789 --discovery-token-ca-cert-hash sha256:hash2. Application Deployment Strategies
Deploy applications using various Kubernetes deployment patterns:
Basic Application Deployment
# Create a sample web application deployment
cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp-deployment
labels:
app: webapp
spec:
replicas: 3
selector:
matchLabels:
app: webapp
template:
metadata:
labels:
app: webapp
spec:
containers:
- name: webapp
image: nginx:1.20
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 5
EOFService and Load Balancer Configuration
# Create service to expose the application
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: webapp-service
spec:
selector:
app: webapp
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
EOF
# Create ingress for external access
cat << EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: webapp-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: webapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: webapp-service
port:
number: 80
EOF3. ConfigMaps and Secrets Management
Manage application configuration and sensitive data securely:
ConfigMap for Application Configuration
# Create ConfigMap from literal values
kubectl create configmap webapp-config --from-literal=database_url=postgresql://db:5432/webapp --from-literal=cache_driver=redis --from-literal=log_level=info
# Create ConfigMap from file
echo "worker_processes auto;" > nginx.conf
echo "events { worker_connections 1024; }" >> nginx.conf
kubectl create configmap nginx-config --from-file=nginx.conf
# Use ConfigMap in deployment
cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp-with-config
spec:
replicas: 2
selector:
matchLabels:
app: webapp-config
template:
metadata:
labels:
app: webapp-config
spec:
containers:
- name: webapp
image: nginx:alpine
envFrom:
- configMapRef:
name: webapp-config
volumeMounts:
- name: nginx-config-volume
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
volumes:
- name: nginx-config-volume
configMap:
name: nginx-config
EOFSecrets for Sensitive Data
# Create secret for database credentials
kubectl create secret generic db-credentials --from-literal=username=webapp_user --from-literal=password=secure_password_123
# Create TLS secret for HTTPS
kubectl create secret tls webapp-tls --cert=path/to/cert.crt --key=path/to/private.key
# Use secrets in deployment
cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: webapp-with-secrets
spec:
replicas: 2
selector:
matchLabels:
app: webapp-secrets
template:
metadata:
labels:
app: webapp-secrets
spec:
containers:
- name: webapp
image: myapp:latest
env:
- name: DB_USERNAME
valueFrom:
secretKeyRef:
name: db-credentials
key: username
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: db-credentials
key: password
EOF4. Monitoring and Logging
Implement comprehensive monitoring and logging for your Kubernetes cluster:
Prometheus and Grafana Setup
# Install Prometheus using Helm
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
# Install Prometheus stack
helm install prometheus prometheus-community/kube-prometheus-stack --namespace monitoring --create-namespace --set prometheus.prometheusSpec.storageSpec.volumeClaimTemplate.spec.resources.requests.storage=50Gi --set grafana.adminPassword=admin123
# Access Grafana dashboard
kubectl port-forward -n monitoring svc/prometheus-grafana 3000:80Application Logging with Fluentd
# Deploy Fluentd as DaemonSet
cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd
namespace: kube-system
spec:
selector:
matchLabels:
name: fluentd
template:
metadata:
labels:
name: fluentd
spec:
serviceAccountName: fluentd
containers:
- name: fluentd
image: fluent/fluentd-kubernetes-daemonset:v1-debian-elasticsearch
env:
- name: FLUENT_ELASTICSEARCH_HOST
value: "elasticsearch.logging.svc.cluster.local"
- name: FLUENT_ELASTICSEARCH_PORT
value: "9200"
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
EOF5. Scaling and Auto-scaling
Implement horizontal and vertical scaling strategies:
Horizontal Pod Autoscaler (HPA)
# Create HPA based on CPU utilization
kubectl autoscale deployment webapp-deployment --cpu-percent=70 --min=2 --max=10
# Advanced HPA with custom metrics
cat << EOF | kubectl apply -f -
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: webapp-hpa-advanced
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: webapp-deployment
minReplicas: 2
maxReplicas: 15
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 80
behavior:
scaleDown:
stabilizationWindowSeconds: 300
policies:
- type: Percent
value: 10
periodSeconds: 60
scaleUp:
stabilizationWindowSeconds: 60
policies:
- type: Percent
value: 50
periodSeconds: 60
EOFCluster Autoscaler
# Deploy cluster autoscaler (for cloud providers)
cat << EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
name: cluster-autoscaler
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
app: cluster-autoscaler
template:
metadata:
labels:
app: cluster-autoscaler
spec:
serviceAccountName: cluster-autoscaler
containers:
- image: k8s.gcr.io/autoscaling/cluster-autoscaler:v1.21.0
name: cluster-autoscaler
command:
- ./cluster-autoscaler
- --v=4
- --stderrthreshold=info
- --cloud-provider=aws
- --skip-nodes-with-local-storage=false
- --expander=least-waste
- --node-group-auto-discovery=asg:tag=k8s.io/cluster-autoscaler/enabled,k8s.io/cluster-autoscaler/my-cluster
EOF
Best Practices: Always test deployments in staging environments, implement proper RBAC (Role-Based Access Control), use namespaces for resource isolation, and maintain regular backups of etcd data.
Conclusion
Kubernetes provides powerful orchestration capabilities for modern containerized applications. Mastering these concepts enables you to build resilient, scalable infrastructure that can adapt to changing demands while maintaining high availability and performance.
Continue exploring advanced topics like service mesh (Istio), GitOps workflows (ArgoCD), and advanced networking policies to further enhance your Kubernetes expertise.