Back to Recording

Summary

Overview

This course module provides a comprehensive introduction to Kubernetes command-line tools (primarily kubectl) and core Kubernetes components. It covers the structure and usage of kubectl commands, configuration management via kubeconfig, certificate validation, and the foundational resource types including namespaces, pods, deployments, replica sets, stateful sets, and daemon sets. The session includes hands-on demonstrations of creating, labeling, and deleting namespaces, deploying pods via YAML manifests, and troubleshooting common YAML syntax errors. The content is designed to build foundational operational skills for managing Kubernetes clusters.

Topic (Timeline)

1. Kubernetes CLI Tools and kubectl Configuration [00:00:03 - 00:07:51]

  • Introduces kubectl as the primary CLI tool for interacting with the Kubernetes control plane.
  • Explains that kubectl reads configuration from ~/.kube/config by default, but can use alternative paths via the KUBECONFIG environment variable.
  • Clarifies version compatibility: kubectl supports versions within one minor version of the API server (e.g., server 1.34 supports client versions 1.33–1.35).
  • Details kubectl command syntax: kubectl <command> <type> <name> <flags>, with examples of commands (create, get, describe, delete, apply, exec, logs) and resource types (pods, nodes, services/svc, deployments).
  • Describes output format flags: -o json, -o yaml, -o wide, -o jsonpath.
  • Explains that kubeconfig files can be descriptively named (e.g., kconfig.yml) and stored in custom directories, not just ~/.kube/config.
  • Demonstrates minikube auto-exporting the kubeconfig and how to unset it with unset KUBECONFIG.
  • Covers kubectl plugins via the krew repository, noting that many are community-maintained and vary in quality.
  • Walks through inspecting client certificate validity using openssl x509 -in client.crt -text -noout, including checking Not After date and signature algorithm (e.g., SHA256WithRSA).
  • Shows how to view kubeconfig in JSON format using kubectl config view -o json.
  • Demonstrates removing a user (e.g., minikube) from the config using kubectl config delete-user.

2. Kubernetes Core Components: Namespaces and Resource Isolation [00:07:51 - 00:11:44]

  • Defines namespaces as logical partitions for isolating resources within a cluster; resource names must be unique within a namespace.
  • Recommends avoiding the default namespace in production; only the kubernetes service should reside there.
  • Identifies kube-system as the namespace for control plane components.
  • Provides real-world namespace examples: gitlab-minio, loki-minio, minio-operator for separating application components.
  • Explains that namespaces span nodes (visualized with dashed lines) and enable resource constraints:
    • Default CPU/memory requests and limits
    • Minimum/maximum CPU/memory ranges
    • Total resource quotas
    • Pod count limits
  • Notes that deleting a namespace removes all contained resources — useful for testing, dangerous in production.
  • States that namespaces can be labeled like other resources, enabling cross-namespace service access via features like Gateway API.

3. Kubernetes Core Components: Pods, Deployments, StatefulSets, DaemonSets, and Probes [00:11:44 - 00:17:33]

  • Defines a pod as the smallest deployable unit, consisting of one or more containers (e.g., sidecars).
  • Explains pod labels as key-value pairs; keys may have a prefix (e.g., app.kubernetes.io/name), or be private (no prefix).
  • Describes deployments as stateless workload controllers that manage replica sets; deployments use spec.selector to match pods via labels.
  • Notes that replica sets append a unique hash to pod names on creation/restart.
  • Introduces stateful sets for stateful applications: pods retain stable network identities (e.g., statefulset-0, statefulset-1) and persistent storage.
  • Emphasizes that stateful sets require scaling to 0 before deletion to avoid orphaned resources; Helm uninstall may not delete them if not scaled down.
  • Explains that stateful sets use headless services (DNS-based, not ClusterIP), which can cause integration issues if misconfigured by upstream charts.
  • Describes daemon sets: run one pod per node (or selected nodes), used for CNI agents (e.g., Cilium), logging, or monitoring.
  • Explains liveness, readiness, and startup probes:
    • Liveness: restarts container if failing
    • Readiness: removes pod from service endpoints if failing
    • Startup: delays liveness/readiness checks until app is ready (for slow-starting apps)
  • Notes that probes can share endpoints (e.g., /healthz) and warns against misconfigurations that cause cascading failures.

4. Hands-On: Namespace and Pod Management with YAML [00:17:33 - 00:23:53]

  • Guides creation of a namespace app-a using kubectl create ns app-a.
  • Demonstrates labeling a namespace: kubectl label ns app-a environment=develop.
  • Shows deletion of namespace: kubectl delete ns app-a (deletes all contained resources).
  • Walks through creating a pod manifest (pod-deployment.yaml) using vim, emphasizing YAML syntax:
    • Correct indentation (2 spaces)
    • Proper alignment of image, imagePullPolicy under spec.containers
    • Hyphen (-) must be directly under c in containers
  • Highlights common YAML errors: misalignment causes kubectl apply to fail silently or with vague errors.
  • Demonstrates that applying a manifest to a non-existent namespace results in “namespace not found” error.
  • Shows re-creating the namespace and re-applying the manifest to successfully deploy the pod.
  • Confirms pod creation with kubectl get pods -n app-a.
  • Deletes the namespace again to clean up, confirming all resources (including the pod) are removed.
  • Concludes with a note that next session will cover replica sets.

Appendix

Key Principles

  • kubectl Version Compatibility: Always ensure kubectl version is within ±1 minor version of the API server.
  • YAML Syntax: Indentation and alignment are critical; one misaligned line breaks the manifest. Use linters or validate with kubectl apply --dry-run=client.
  • Namespaces: Use for environment isolation (dev/stage/prod) and resource quotas. Never use default in production for user workloads.
  • StatefulSets: Always scale to 0 before deletion. Do not rely on Helm uninstall alone.
  • Probes: Use startupProbe for slow-starting apps; avoid identical endpoints for liveness/readiness if app behavior differs during startup.

Tools Used

  • kubectl — Primary CLI
  • minikube — Local cluster for testing
  • openssl — Certificate inspection
  • vim — YAML file editing
  • KUBECONFIG — Environment variable for config path override
  • krew — Plugin manager for kubectl

Common Pitfalls

  • Misaligned YAML in pod manifests (e.g., image not under containers)
  • Forgetting to create namespace before applying manifest
  • Assuming Helm uninstall removes StatefulSet resources
  • Misconfiguring headless services in StatefulSet charts
  • Using kubectl delete ns in production without verifying contents

Practice Suggestions

  • Manually type 3–5 small pod manifests from scratch to internalize YAML structure.
  • Use kubectl config view -o json to explore your kubeconfig structure.
  • Create a namespace, label it, and delete it — repeat with different names.
  • Inspect a minikube client certificate with openssl and note its expiration.
  • Try applying a malformed YAML file and interpret the error message.