Kubernetes — Complete Guide for Backend Engineers

☸️ Kubernetes —Guide for Backend Engineers

Architecture • Components • Deployments • Services • Storage • CronJobs • CI/CD (Helm + ArgoCD)

---

✅ 1. Kubernetes Master Architecture 

                        ┌──────────────────────────────┐
                        │        CONTROL PLANE         │
                        │──────────────────────────────│
                        │ • API Server                 │
                        │ • etcd (cluster store)       │
                        │ • Scheduler                  │
                        │ • Controller Manager         │
                        └───────────────┬──────────────┘
                                        │
                                        ▼
                ┌──────────────────────────────────────────┐
                │               WORKER NODES                │
                └──────────────────────────────────────────┘

     ┌───────────────────────┐    ┌───────────────────────┐
     │       NODE #1         │    │       NODE #2         │
     │───────────────────────│    │───────────────────────│
     │ • Kubelet             │    │ • Kubelet             │
     │ • Kube-Proxy          │    │ • Kube-Proxy          │
     │ • Runtime             │    │ • Runtime             │
     │                       │    │                       │
     │  [Pod A]  [Pod B]     │    │  [Pod C]  [Pod D]     │
     └───────────────────────┘    └───────────────────────┘

                   INTERNAL NETWORKING & SERVICES
        ┌────────────────────────────────────────────────┐
        │ • ClusterIP (internal load balancing)          │
        │ • NodePort (expose on node)                    │
        │ • LoadBalancer (AWS ELB/NLB)                   │
        └────────────────────────────────────────────────┘

                         INGRESS LAYER (HTTP)
        ┌────────────────────────────────────────────────┐
        │ Internet → Ingress Controller → Service → Pods │
        └────────────────────────────────────────────────┘

                             STORAGE
        ┌────────────────────────────────────────────────┐
        │ PVC → PV → Backend Storage (EBS/EFS/NFS)       │
        └────────────────────────────────────────────────┘

                      CI/CD (HELM + ARGOCD)
        ┌────────────────────────────────────────────────┐
        │ Dev → GitHub → Docker Build → ECR → Helm Chart │
        │        → GitOps Repo → ArgoCD Sync → Cluster   │
        └────────────────────────────────────────────────┘

---

✅ 2. What is Kubernetes? Why Do We Need It?

Modern backend systems need:

• High availability

• Auto-scaling

• Self-healing

• Easy rollouts and rollbacks

• Service discovery

• Secret and config management

• Load balancing

• Observability

• Zero-downtime deploys

Docker solved packaging, but not orchestration.

Kubernetes automates all aspects of container orchestration and has become the industry standard.

---

✅ 3. Control Plane Components (The Brain)

API Server

• Entry point for all commands

• Validates and processes Kubernetes objects

• All components talk to it

etcd

• Distributed, consistent key-value store

• Stores entire cluster state

Scheduler

• Decides which Node a Pod should run on

• Schedules based on:
  CPU, memory, taints/tolerations, affinity rules

Controller Manager

Responsible for maintaining desired state:

• Deployments

• ReplicaSets

• Node health

• Pod restart logic

---

✅ 4. Worker Node Components (Where Apps Run)

Kubelet

• Runs on each Worker Node

• Starts/stops Pods

• Reports health

Kube-Proxy

• Manages networking rules

• Enables Pod-to-Pod communication

• Handles service load balancing

Container Runtime

• Docker / containerd / CRI-O

• Actually runs containers

---

✅ 5. Workload Objects (Pods, ReplicaSets, Deployments)

Pod

• Smallest deployable unit

• Contains 1 or more containers

• Short-lived, recreated automatically

ReplicaSet

• Ensures N number of Pods are always running

Deployment

• High-level object managing ReplicaSets

• Supports rolling updates & rollbacks

• Industry standard for stateless apps

---

✅ 6. Services (ClusterIP, NodePort, LoadBalancer)

A Service is required even for internal access because Pod IPs are ephemeral.

✅ What a Service provides:

• Stable IP

• Stable DNS

• Internal load balancing

• Service discovery

ClusterIP

Default. Used for internal microservices.

NodePort

Exposes app on <NodeIP>:30000-32767
Used rarely in production.

LoadBalancer

Creates AWS ELB/NLB to expose service to internet.

Headless Service

clusterIP: None
Used for StatefulSets (Mongo, Kafka, Redis).

---

✅ 7. Ingress (HTTP/HTTPS Routing)

Ingress provides:

• Custom domain names

• SSL termination

• Path-based routing

• Multi-service routing

Flow:

Internet → Ingress → Service → Pod

Most common controllers:

• NGINX Ingress

• AWS ALB Ingress Controller

---

✅ 8. Storage (PV, PVC)

PV (Persistent Volume)

Physical storage:
EBS, EFS, Ceph, NFS.

PVC (Persistent Volume Claim)

Pod’s request for storage.

Mapping:

PVC → PV → Storage Backend

Used for:

• Databases

• Stateful workloads

• Caches with persistence

---

✅ 9. Additional Key Kubernetes Resources

ConfigMap

Stores non-secret config.

Secret

Stores passwords, tokens, certificates.

Job

Runs once and finishes.

CronJob

Runs on schedule (cron-based):

• Cleanup jobs

• Daily imports

• Periodic reports

StatefulSet

Used for:

• MongoDB

• Redis

• Cassandra

• Kafka

Provides:

• Stable Pod identity

• Ordered startup

• Stable storage

DaemonSet

Runs one Pod per Node.
Used for:

• Logging agents

• Monitoring agents

• Security agents

ServiceAccount

Identity for Pods.

NetworkPolicy

Restrict Pod-to-Pod communication
(Zero Trust networking)

HPA (Horizontal Pod Autoscaler)

Auto-scales Pod count based on CPU/memory/custom metrics.

VPA (Vertical Pod Autoscaler)

Auto-scales Pod CPU/memory resources.

PDB (Pod Disruption Budget)

Ensures minimum number of Pods stay alive during updates.

---

✅ 10. How a Deployment Actually Happens (Life of a Pod)

✅ End-to-end flow

1. Developer writes Deployment YAML
2. kubectl/ArgoCD sends to API Server
3. API Server stores in etcd 
4. Deployment Controller creates ReplicaSet
5. ReplicaSet demands N pods
6. Scheduler picks the best Node
7. Kubelet starts containers through runtime
8. Service maps traffic to Pods
9. Ingress exposes HTTP endpoints (optional)

Kubernetes ensures desired state meets actual state continuously.

---

✅ 11. Helm – Package Manager for Kubernetes

Why Helm?

✅ Templates Kubernetes YAML
✅ Versioned releases
✅ Rollbacks
✅ Environment-specific values
✅ Reusable charts

Deployment becomes:

helm upgrade --install api ./chart

Instead of 30+ YAML files.

---

✅ 12. CI/CD using GitOps (ArgoCD + Helm)

✅ Modern Kubernetes deployment workflow:

Developer Push Code
       │
       ▼
GitHub/Jenkins CI → Build Docker → Push to ECR
       │
       ▼
Update Helm values.yaml (new image tag)
       │
       ▼
GitOps Repo (manifests)
       │
       ▼
ArgoCD automatically pulls changes
       │
       ▼
Deployment updated → New Pods rolled out

Benefits:

✅ No manual kubectl
✅ Automatic rollbacks
✅ Drift detection
✅ Git as source of truth
✅ Visibility into deployment health

---

✅ 13. Kubernetes Best Practices

• Use Deployments for stateless apps

• Use StatefulSets for DB/Kafka/Redis

• Use Ingress + LoadBalancer for routing

• Configure liveness/readiness probes

• Always set resource requests/limits

• Use HPA for auto-scaling

• Store configs in ConfigMaps and Secrets

• Use ArgoCD for production CD

• Avoid NodePort in production

• Use NetworkPolicies for microservice isolation

• Use PVCs for stateful apps

---

✅ 14. Common Kubernetes Interview Questions

1. Difference between Deployment and StatefulSet?

Deployment = stateless
StatefulSet = stateful (stable identity + ordered pods)

2. Why do we need a Service?

Pods have dynamic IPs.
Service gives:

• stable IP

• DNS

• load balancing

3. How does Ingress work?

Routes HTTP → Service → Pods.

4. What is the role of Kubelet?

Runs containers and reports node/pod health.

5. Explain the Deployment flow.

Deployment → ReplicaSet → Pods → Scheduler → Nodes.

6. What is HPA?

Automatically scales Pods based on CPU/memory/custom metrics.

7. Why use Helm?

Templating + versioning + rollbacks.

8. Why use ArgoCD?

GitOps-based continuous deployment.