🚀 Week 7: Kubernetes Basics & Advanced Challenge

This week was all about Kubernetes – the backbone of modern container orchestration. If Docker helps us package applications, Kubernetes ensures those containers run at scale, reliably, and securely. Through the SpringBoot BankApp project, I explored real-world Kubernetes scenarios that DevOps engineers face daily: deployments, networking, storage, scaling, RBAC, job scheduling, and even advanced tools like Helm and Service Mesh.

---

🔹 Task 1: Kubernetes Architecture & Deploying a Pod

🏗 Understanding Kubernetes Architecture

Kubernetes follows a master-worker model:

• Control Plane (Master)

  • API Server → Acts as the "front door" of the cluster. All commands (kubectl) go here.

  • etcd → The "database" of Kubernetes, stores the desired cluster state.

  • Scheduler → Assigns pods to nodes based on resource availability.

  • Controller Manager → Ensures actual state = desired state (e.g., ReplicaSet ensures required pods are running).

  • Cloud Controller → Integrates with cloud providers (AWS, GCP, Azure).

• Worker Nodes

  • Kubelet → Talks to API Server, ensures containers are running.

  • Kube Proxy → Handles service networking inside the cluster.

  • Container Runtime → Docker/Containerd runs the actual containers.

📦 Deploying a Pod

I created my first Pod running NGINX:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: nginx:latest
    ports:
    - containerPort: 80

Applied with:

kubectl apply -f pod.yaml

✅ Learned that Pods are the smallest deployable unit in Kubernetes.

---

🔹 Task 2: Deployments, StatefulSets, DaemonSets & Namespaces

Kubernetes has different controllers to manage Pods efficiently.

• Namespace → Used for isolating resources.

apiVersion: v1
kind: Namespace
metadata:
  name: bankapp-namespace

• Deployment → Manages stateless pods. If a pod fails, Deployment ensures a new one comes up.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: bankapp-deployment
  namespace: bankapp-namespace
spec:
  replicas: 3
  selector:
    matchLabels:
      app: bankapp
  template:
    metadata:
      labels:
        app: bankapp
    spec:
      containers:
      - name: bankapp
        image: bankapp:latest
        ports:
        - containerPort: 8080

• StatefulSet → Best for databases (stable network IDs + persistent storage).

• DaemonSet → Runs one pod per node (useful for logging/monitoring agents).

📌 Key takeaway:

• Deployment = stateless apps

• StatefulSet = databases, queues

• DaemonSet = monitoring/security

---

🔹 Task 3: Networking & Exposure

By default, pods are ephemeral and isolated. To expose them:

• ClusterIP → Default service, internal-only.

• NodePort → Exposes service on each node’s IP with a static port.

• LoadBalancer → Cloud provider provisioned LB for external traffic.

Example Service YAML:

apiVersion: v1
kind: Service
metadata:
  name: bankapp-service
  namespace: bankapp-namespace
spec:
  selector:
    app: bankapp
  ports:
    - port: 80
      targetPort: 8080
  type: NodePort

• Ingress → Provides HTTP routing + SSL termination.

• Network Policies → Control who can talk to whom in the cluster.

👉 This is where real production apps get secured.

---

🔹 Task 4: Storage Management

Apps like databases need persistent storage:

• Persistent Volume (PV) → Storage provided by admin.

• Persistent Volume Claim (PVC) → App requests for storage.

• StorageClass → Enables dynamic provisioning (e.g., AWS EBS, GCP PD).

Example PVC YAML:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: db-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

✅ Learned how Kubernetes abstracts storage like it does with compute & networking.

---

🔹 Task 5: ConfigMaps & Secrets

• ConfigMap → For environment configs.

• Secret → For sensitive data (base64 encoded).

Example:

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4=   # admin
  password: cGFzc3dvcmQ= # password

👉 Mounted these into pods → application consumes configs without hardcoding.

---

🔹 Task 6: Autoscaling & Resource Management

Defined resource requests & limits to ensure fair scheduling:

resources:
  requests:
    cpu: "100m"
    memory: "200Mi"
  limits:
    cpu: "500m"
    memory: "512Mi"

• Implemented Horizontal Pod Autoscaler (HPA):

kubectl autoscale deployment bankapp-deployment --cpu-percent=50 --min=1 --max=5

• Explored Vertical Pod Autoscaler (VPA) for memory-hungry apps.

📌 Lesson: HPA = scale out, VPA = scale up.

---

🔹 Task 7: Security & Access Control

✅ RBAC (Role-Based Access Control)

Created Roles & RoleBindings for different teams:

• Admin → full access

• Developer → create pods, but not delete critical resources

• Tester → read-only

👉 Simulated unauthorized access → RBAC blocked it.

✅ Node Taints & Pod Tolerations

• Marked a node as critical workloads only.

• Only pods with tolerations could run there.

✅ Pod Disruption Budget (PDB)

Ensured at least 2 pods were always running during upgrades.

---

🔹 Task 8: Jobs, CronJobs & CRDs

• Job → Ran a one-time DB migration.

• CronJob → Scheduled daily backups.

• CRD (Custom Resource Definition) → Extended Kubernetes with a new resource type.

📌 CRDs make Kubernetes infinitely extensible.

---

🔹 Task 9: Bonus – Helm

Created a Helm chart for SpringBoot BankApp → deployed with:

helm install bankapp ./bankapp-chart

👉 Helm = Kubernetes package manager → simplifies deployments & upgrades.

---

💡 Interview Prep Q&A

• Q: What’s the role of etcd?
  A: Stores the entire cluster state (like a database).

• Q: Deployment vs StatefulSet vs DaemonSet?
  A: Deployment = stateless apps, StatefulSet = databases, DaemonSet = per-node agents.

• Q: HPA vs VPA?
  A: HPA scales pods horizontally, VPA adjusts pod resources vertically.

• Q: Why RBAC?
  A: Prevents unauthorized access → critical in multi-team environments.

---

🌟 Key Takeaways

✅ Kubernetes abstracts infra → compute, networking, storage, configs.
✅ Learned how to deploy, expose, scale, and secure apps.
✅ Explored advanced tools like Helm & CRDs.
✅ Gained interview-level knowledge of Kubernetes.

---

📝 Final Thoughts

This week was intense! Kubernetes initially feels complex, but breaking it down into architecture → workloads → networking → storage → scaling → security made it manageable.

The SpringBoot BankApp project gave me hands-on exposure that matches real-world DevOps challenges.

Excited to keep building and move towards GitOps + Cloud-native setups in future weeks 🚀

---

📤 Connect With Me

🔗LinkedIn: linkedin.com/in/vaishnavi-tandekar 📖 Blog Series: hashnode.com/@VaishnaviTandekar
💻 GitHub Repo: 90DaysOfDevOps

---

🔖 Hashtags

#90DaysOfDevOps #Kubernetes #DevOps #CloudNative #InterviewPrep #Helm #Microservices

---