This week was all about Kubernetes – the backbone of modern container orchestration. If Docker helps us package applications, Kubernetes ensures those containers run at scale, reliably, and securely. Through the SpringBoot BankApp project, I explored real-world Kubernetes scenarios that DevOps engineers face daily: deployments, networking, storage, scaling, RBAC, job scheduling, and even advanced tools like Helm and Service Mesh.

🔹 Task 1: Kubernetes Architecture & Deploying a Pod

🏗 Understanding Kubernetes Architecture

Kubernetes follows a master-worker model:

Control Plane (Master)
- API Server → Acts as the "front door" of the cluster. All commands (kubectl) go here.
- etcd → The "database" of Kubernetes, stores the desired cluster state.
- Scheduler → Assigns pods to nodes based on resource availability.
- Controller Manager → Ensures actual state = desired state (e.g., ReplicaSet ensures required pods are running).
- Cloud Controller → Integrates with cloud providers (AWS, GCP, Azure).
Worker Nodes
- Kubelet → Talks to API Server, ensures containers are running.
- Kube Proxy → Handles service networking inside the cluster.
- Container Runtime → Docker/Containerd runs the actual containers.

📦 Deploying a Pod

I created my first Pod running NGINX:

apiVersion: v1
kind: Pod
metadata:
  name: nginx-pod
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: nginx:latest
    ports:
    - containerPort: 80

Applied with:

kubectl apply -f pod.yaml

✅ Learned that Pods are the smallest deployable unit in Kubernetes.

🔹 Task 2: Deployments, StatefulSets, DaemonSets & Namespaces

Kubernetes has different controllers to manage Pods efficiently.

Namespace → Used for isolating resources.

apiVersion: v1
kind: Namespace
metadata:
  name: bankapp-namespace

Deployment → Manages stateless pods. If a pod fails, Deployment ensures a new one comes up.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: bankapp-deployment
  namespace: bankapp-namespace
spec:
  replicas: 3
  selector:
    matchLabels:
      app: bankapp
  template:
    metadata:
      labels:
        app: bankapp
    spec:
      containers:
      - name: bankapp
        image: bankapp:latest
        ports:
        - containerPort: 8080

StatefulSet → Best for databases (stable network IDs + persistent storage).
DaemonSet → Runs one pod per node (useful for logging/monitoring agents).

📌 Key takeaway:

Deployment = stateless apps
StatefulSet = databases, queues
DaemonSet = monitoring/security

🔹 Task 3: Networking & Exposure

By default, pods are ephemeral and isolated. To expose them:

ClusterIP → Default service, internal-only.
NodePort → Exposes service on each node’s IP with a static port.
LoadBalancer → Cloud provider provisioned LB for external traffic.

Example Service YAML:

apiVersion: v1
kind: Service
metadata:
  name: bankapp-service
  namespace: bankapp-namespace
spec:
  selector:
    app: bankapp
  ports:
    - port: 80
      targetPort: 8080
  type: NodePort

Ingress → Provides HTTP routing + SSL termination.
Network Policies → Control who can talk to whom in the cluster.

👉 This is where real production apps get secured.

🔹 Task 4: Storage Management

Apps like databases need persistent storage:

Persistent Volume (PV) → Storage provided by admin.
Persistent Volume Claim (PVC) → App requests for storage.
StorageClass → Enables dynamic provisioning (e.g., AWS EBS, GCP PD).

Example PVC YAML:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: db-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

✅ Learned how Kubernetes abstracts storage like it does with compute & networking.

🔹 Task 5: ConfigMaps & Secrets

ConfigMap → For environment configs.
Secret → For sensitive data (base64 encoded).

Example:

apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  username: YWRtaW4=   # admin
  password: cGFzc3dvcmQ= # password

👉 Mounted these into pods → application consumes configs without hardcoding.

🔹 Task 6: Autoscaling & Resource Management

Defined resource requests & limits to ensure fair scheduling:

resources:
  requests:
    cpu: "100m"
    memory: "200Mi"
  limits:
    cpu: "500m"
    memory: "512Mi"

Implemented Horizontal Pod Autoscaler (HPA):

kubectl autoscale deployment bankapp-deployment --cpu-percent=50 --min=1 --max=5

Explored Vertical Pod Autoscaler (VPA) for memory-hungry apps.

📌 Lesson: HPA = scale out, VPA = scale up.

🔹 Task 7: Security & Access Control

✅ RBAC (Role-Based Access Control)

Created Roles & RoleBindings for different teams:

Admin → full access
Developer → create pods, but not delete critical resources
Tester → read-only

👉 Simulated unauthorized access → RBAC blocked it.

✅ Node Taints & Pod Tolerations

Marked a node as critical workloads only.
Only pods with tolerations could run there.

✅ Pod Disruption Budget (PDB)

Ensured at least 2 pods were always running during upgrades.

🔹 Task 8: Jobs, CronJobs & CRDs

Job → Ran a one-time DB migration.
CronJob → Scheduled daily backups.
CRD (Custom Resource Definition) → Extended Kubernetes with a new resource type.

📌 CRDs make Kubernetes infinitely extensible.

🔹 Task 9: Bonus – Helm

Created a Helm chart for SpringBoot BankApp → deployed with:

helm install bankapp ./bankapp-chart

👉 Helm = Kubernetes package manager → simplifies deployments & upgrades.

💡 Interview Prep Q&A

Q: What’s the role of etcd?
A: Stores the entire cluster state (like a database).
Q: Deployment vs StatefulSet vs DaemonSet?
A: Deployment = stateless apps, StatefulSet = databases, DaemonSet = per-node agents.
Q: HPA vs VPA?
A: HPA scales pods horizontally, VPA adjusts pod resources vertically.
Q: Why RBAC?
A: Prevents unauthorized access → critical in multi-team environments.

🌟 Key Takeaways

✅ Kubernetes abstracts infra → compute, networking, storage, configs.
✅ Learned how to deploy, expose, scale, and secure apps.
✅ Explored advanced tools like Helm & CRDs.
✅ Gained interview-level knowledge of Kubernetes.

📝 Final Thoughts

This week was intense! Kubernetes initially feels complex, but breaking it down into architecture → workloads → networking → storage → scaling → security made it manageable.

The SpringBoot BankApp project gave me hands-on exposure that matches real-world DevOps challenges.

Excited to keep building and move towards GitOps + Cloud-native setups in future weeks 🚀

📤 Connect With Me

🔗LinkedIn: linkedin.com/in/vaishnavi-tandekar 📖 Blog Series: hashnode.com/@VaishnaviTandekar
💻 GitHub Repo: 90DaysOfDevOps

🔖 Hashtags

#90DaysOfDevOps #Kubernetes #DevOps #CloudNative #InterviewPrep #Helm #Microservices

🚀 Week 7: Kubernetes Basics & Advanced Challenge