Skip to content
Almamy B. Coulibaly

Containers & Kubernetes

Kubernetes is the de-facto container orchestration platform. Understanding it deeply is essential for any platform or DevSecOps engineer operating modern infrastructure.

Prerequisites

Section titled “Prerequisites”
  • Comfort with Linux command line (Essential Commands)
  • Basic understanding of containers (Docker run, images, volumes)

Architecture overview

Section titled “Architecture overview”
Control Plane                          Worker Nodes
┌────────────────────────┐            ┌──────────────────┐
│  kube-apiserver        │◄──────────►│  kubelet         │
│  etcd                  │            │  kube-proxy      │
│  kube-controller-mgr   │            │  container runtime│
│  kube-scheduler        │            │  Pods            │
└────────────────────────┘            └──────────────────┘
  • kube-apiserver — the front door; everything talks to this
  • etcd — distributed key-value store; the source of truth for cluster state
  • kube-scheduler — assigns pods to nodes based on resource requirements and constraints
  • kube-controller-manager — reconciliation loops (ReplicaSet, Deployment, Node controllers)
  • kubelet — agent on each node; ensures containers in pods are running
  • kube-proxy — manages iptables/ipvs rules for Service networking

Core resources

Section titled “Core resources”
ResourceWhat it does
PodSmallest deployable unit — one or more containers sharing network and storage
DeploymentManages replicated Pods with rolling updates and rollback
StatefulSetLike Deployment, but for stateful workloads — stable pod names and persistent storage
DaemonSetRuns one pod per node — used for logging, monitoring agents
ServiceStable network endpoint for a set of Pods
IngressHTTP/HTTPS routing from outside the cluster to Services
ConfigMap / SecretInject configuration and credentials into Pods
NamespaceVirtual cluster — isolate resources, apply RBAC and quotas

Essential kubectl commands

Section titled “Essential kubectl commands”
Terminal window
# Context management
kubectl config get-contexts
kubectl config use-context prod


# Pod operations
kubectl get pods -n default
kubectl get pods -A                    # all namespaces
kubectl describe pod my-pod
kubectl logs my-pod -f                 # follow logs
kubectl exec -it my-pod -- /bin/sh     # shell into pod


# Apply manifests
kubectl apply -f deployment.yaml
kubectl delete -f deployment.yaml


# Rollout
kubectl rollout status deployment/app
kubectl rollout undo deployment/app    # rollback

Where to go next

Section titled “Where to go next”

Kubernetes Security Hardening — CIS benchmarks, network policies, admission control