liminfo

Kubernetes Reference

Free reference guide: Kubernetes Reference

41 results

About Kubernetes Reference

The Kubernetes Reference is a comprehensive, searchable guide to Kubernetes YAML manifests and kubectl commands, organized across eight practical categories. It covers Pod configuration (basic Pod definition, initContainers, livenessProbe, readinessProbe, resource requests and limits), Service types (ClusterIP for internal communication, NodePort for external node exposure, LoadBalancer for cloud load balancers, Headless Service for DNS-based discovery, and Ingress for HTTP/HTTPS routing), Deployment patterns (Deployment with replica sets, RollingUpdate strategy, StatefulSet for stateful apps, DaemonSet for per-node pods, and HPA for CPU-based autoscaling), Configuration management (ConfigMap key-value and volume mounts, Secret with base64 encoding, envFrom for bulk injection), Storage (PersistentVolume, PersistentVolumeClaim, StorageClass for dynamic provisioning, emptyDir ephemeral volumes), Networking (NetworkPolicy deny-all and port-specific allow rules, Pod DNS configuration), RBAC (Role, RoleBinding, ClusterRole, ServiceAccount), and kubectl commands (get, describe, apply, logs, exec, rollout, scale, port-forward, top, cordon/drain).

Kubernetes is the dominant container orchestration platform used by cloud-native engineering teams worldwide. DevOps engineers, platform engineers, and SREs rely on Kubernetes to deploy, scale, and manage containerized applications on AWS EKS, Google GKE, Azure AKS, and on-premises clusters. This reference is built for practitioners who already know what they want to do but need to quickly recall the exact YAML structure or kubectl syntax — whether they are debugging a CrashLoopBackOff, setting up RBAC for a new service account, or configuring a HorizontalPodAutoscaler.

Each entry in this reference shows the minimal but complete YAML snippet or kubectl command needed to accomplish a specific task. The reference mirrors the actual categories developers think in when working with Kubernetes: you think about Pods when debugging containers, Services when setting up networking, and RBAC when managing access control. The organized category navigation lets you jump to the right section instantly without scrolling through thousands of lines of documentation.

Key Features

  • Pod spec reference: basic Pod definition, initContainers for dependency ordering, livenessProbe (HTTP/TCP), readinessProbe, CPU/memory resource requests and limits
  • Service types with complete YAML: ClusterIP, NodePort with nodePort field, LoadBalancer for cloud providers, Headless Service with clusterIP: None, and Ingress routing rules
  • Deployment workload patterns: Deployment with replicas and matchLabels, RollingUpdate with maxSurge/maxUnavailable, StatefulSet with serviceName, DaemonSet, HPA with CPU utilization target
  • ConfigMap and Secret management: key-value data, volume mount as files, Secret with base64-encoded data, per-key env var injection with secretKeyRef, and envFrom bulk injection
  • Storage resources: PersistentVolume with hostPath, PersistentVolumeClaim with access modes, StorageClass with AWS EBS gp3 provisioner, emptyDir with size limit
  • Network security: NetworkPolicy deny-all (ingress+egress), port-specific allow rules with podSelector, and dnsPolicy/dnsConfig for custom DNS
  • RBAC access control: Role with resource/verb rules, RoleBinding with user subject, ClusterRole for cluster-wide permissions, ServiceAccount creation and Pod binding
  • Essential kubectl commands: get/describe for inspection, apply for declarative updates, logs with -c sidecar and --tail, exec for shell access, rollout history/undo, scale, port-forward, top, cordon/drain for maintenance

Frequently Asked Questions

What is the difference between livenessProbe and readinessProbe in Kubernetes?

A livenessProbe determines if a container is still running properly. If it fails, Kubernetes restarts the container. A readinessProbe determines if a container is ready to serve traffic. If it fails, the Pod is removed from the Service endpoints until it passes again. Use livenessProbe for detecting deadlocks and readinessProbe for detecting when an app has not finished starting or is temporarily overloaded.

When should I use ClusterIP, NodePort, or LoadBalancer service?

ClusterIP (default) exposes the service only within the cluster — use it for inter-service communication. NodePort opens a port on every node (30000-32767 range) and is useful for development or on-premises clusters without a load balancer. LoadBalancer provisions a cloud load balancer and is the standard way to expose services externally in managed Kubernetes environments like EKS or GKE. For HTTP/HTTPS traffic, use Ingress instead.

What is the difference between Deployment and StatefulSet?

Deployments are for stateless applications: Pods are interchangeable, get random names, and can be replaced in any order. StatefulSets are for stateful applications like databases: Pods get stable, ordered names (mysql-0, mysql-1), stable network identities, and their own PersistentVolumeClaims. StatefulSets are scaled in order and require a headless service to provide stable DNS.

How do I inject ConfigMap values as environment variables into a Pod?

You can inject specific keys using `env[].valueFrom.configMapKeyRef` or inject all keys at once using `envFrom[].configMapRef`. For configuration files, mount the ConfigMap as a volume using volumes[].configMap and reference it in containerSpec.volumeMounts. Changes to a ConfigMap mounted as a volume are automatically reflected without restarting the Pod (eventually consistent).

How does Horizontal Pod Autoscaling work in Kubernetes?

The HorizontalPodAutoscaler (HPA) controller watches a Deployment (or other scalable resource) and adjusts the replica count based on observed metrics. The most common metric is CPU utilization: if average CPU across all Pods exceeds the target percentage, HPA scales up. You set minReplicas and maxReplicas to bound the scaling. The metrics-server must be installed in your cluster for CPU and memory-based HPA.

How do I roll back a failed Deployment in Kubernetes?

Use `kubectl rollout undo deployment/my-deployment` to roll back to the previous revision. Use `kubectl rollout history deployment/my-deployment` to see the revision history, then `kubectl rollout undo deployment/my-deployment --to-revision=N` to roll back to a specific version. Kubernetes retains a configurable number of old ReplicaSets (controlled by revisionHistoryLimit) to enable rollbacks.

What is RBAC in Kubernetes and how do I set it up?

RBAC (Role-Based Access Control) restricts which users and service accounts can perform which actions on which resources. Create a Role (namespace-scoped) or ClusterRole (cluster-wide) defining allowed verbs (get, list, create, delete) on resources (pods, secrets). Then create a RoleBinding or ClusterRoleBinding to grant the role to a user, group, or ServiceAccount. Always follow the principle of least privilege.

How do I drain a Kubernetes node for maintenance?

First cordon the node to prevent new Pods from being scheduled: `kubectl cordon worker-1`. Then drain it to evict existing Pods: `kubectl drain worker-1 --ignore-daemonsets --delete-emptydir-data`. DaemonSet Pods are automatically ignored. After maintenance, uncordon the node: `kubectl uncordon worker-1` to allow scheduling again. Ensure Pod Disruption Budgets (PDBs) are respected during draining.