Kubernetes (K8s) is the dominant container orchestration system, but its learning curve is steep and the concept count is high. Here are the concepts that actually matter for understanding what Kubernetes does and how to use it effectively.
What Problem Kubernetes Solves
Without Kubernetes: you run containers (Docker) on a server. The server crashes — the container dies. You want to run more instances — you manually provision more servers and run more containers. You want to update the application — you stop the old containers and start new ones, causing downtime. With Kubernetes: containers run in Pods across a cluster of nodes; if a node fails, Kubernetes reschedules the Pods onto healthy nodes; if you need more instances, you change a number and Kubernetes scales; if you deploy a new version, Kubernetes does a rolling update — replacing old Pods one by one without downtime. Kubernetes is, fundamentally, a control loop: you describe the desired state of your application (“I want 3 instances of my web service, each with 512MB RAM and 0.5 CPU”), and Kubernetes continuously works to make reality match that description.
The Core Concepts
Pod: the smallest deployable unit in Kubernetes — one or more containers that share networking and storage and are scheduled together on the same node. Most Pods contain one container; multi-container Pods are used for sidecar patterns (a logging sidecar, a proxy sidecar). Deployment: manages the lifecycle of Pods — desired replica count, rolling update strategy, rollback capability. You rarely create Pods directly; you create Deployments that create Pods. Service: a stable network endpoint for a set of Pods. Since Pods come and go (they’re ephemeral — crashed, rescheduled, replaced during updates), their IP addresses change. A Service provides a stable IP and DNS name that routes to healthy Pods. Service types: ClusterIP (internal cluster only), NodePort (accessible on each node’s port), LoadBalancer (provisions a cloud load balancer), ExternalName (maps to an external DNS name). Ingress: HTTP routing rules that direct external traffic to Services based on URL path or hostname — a single entry point that routes `/api/*` to the API service and `/static/*` to the frontend service. Requires an Ingress Controller (nginx-ingress, Traefik) to function. ConfigMap and Secret: ConfigMaps store configuration (key-value pairs, config files) that can be injected into Pods as environment variables or volume mounts; Secrets store sensitive values (passwords, API keys) in base64 encoded form (not encrypted — Kubernetes Secrets require additional tools like Vault or Sealed Secrets for actual encryption at rest). Namespace: logical isolation within a cluster — separate teams or environments (dev, staging, prod) can share a cluster with namespace separation.
The Operations That Matter
`kubectl get pods -n namespace`: list Pods in a namespace. `kubectl describe pod pod-name`: detailed status and event log for a Pod — the most useful debugging command. `kubectl logs pod-name -c container-name`: stream container logs. `kubectl exec -it pod-name — /bin/bash`: exec into a running container — for interactive debugging. `kubectl apply -f manifest.yaml`: apply a configuration (create or update resources described in the YAML). `kubectl rollout status deployment/my-app`: watch a rolling deployment. `kubectl rollout undo deployment/my-app`: roll back to the previous deployment. Resource requests and limits: `requests` (what Kubernetes reserves for scheduling), `limits` (the maximum the container can use before being throttled or killed). Not setting these is one of the most common Kubernetes configuration mistakes — without limits, one misbehaving Pod can consume all resources on a node.
