Kubernetes is an open-source container orchestration platform automating deployment, scaling, and management of containerized applications. Developed by Google and released in 2014, Kubernetes manages containerized workloads across clusters of machines, abstracting underlying infrastructure.
Pods are the smallest deployable units in Kubernetes, containing one or more containers sharing network namespace. Containers within pods communicate via localhost. Sidecar containers augment application containers with logging, monitoring, or security functionality.
Services provide stable network endpoints for accessing pods. ClusterIP services enable internal communication. NodePort services expose ports on nodes. LoadBalancer services provide external load balancing. Service discovery enables services finding other services by DNS names.
Deployments manage pod replicas, ensuring desired replicas run and enabling rolling updates. Replica sets maintain specified pod counts, replacing failed pods. StatefulSets manage stateful applications requiring stable identities and persistent storage.
ConfigMaps and Secrets manage configuration and sensitive data separately from container images. Environment variables and mounted volumes inject configuration into containers. Secrets encrypt sensitive data like passwords and API keys.
Persistent volumes provide storage independent of pod lifecycle. Persistent volume claims enable pods requesting storage without knowing underlying implementation. Storage classes define storage types and provisioning policies.
Ingress manages external HTTP/HTTPS access to services. Ingress controllers implement routing rules specified in Ingress resources. Path-based and host-based routing enable complex routing scenarios. TLS termination encrypts external traffic.
Labels and selectors enable organizing and selecting resources. Resources can have multiple labels, enabling flexible organization. Selectors identify subsets of resources for operations and access control.
RBAC (Role-Based Access Control) manages permissions for users and service accounts. Roles define sets of permissions. RoleBindings associate roles with users or service accounts. Namespace-scoped and cluster-scoped roles enable granular access control.
Resource requests and limits enable efficient resource allocation. Requests reserve resources for pods. Limits prevent pods from consuming excessive resources. Schedulers use requests for placement decisions.
Namespaces provide logical isolation within clusters. Namespaces enable running multiple applications on shared clusters with resource and policy isolation. Default namespace provides default isolation level.
HelmCharts enable packaging and deploying applications with configurable parameters. Helm enables versioning application configurations and easy rollbacks. Charts simplify deploying complex multi-component applications.
Monitoring with Prometheus and Grafana enables visibility into cluster and application health. Alerts trigger on anomalies. Logging aggregates container and application logs centrally. Observability enables debugging issues in production.
Kubernetes enables running applications at scale with automatic scaling, self-healing, and rolling updates. Declarative configuration enables infrastructure as code. The Kubernetes ecosystem includes numerous tools and projects extending functionality.
