Kubernetes (K8s) is the industry-standard platform for automating deployment, scaling, and management of containerized applications. Originally developed by Google, it is now maintained by the Cloud Native Computing Foundation (CNCF). For IT professionals pursuing certifications like CKA or CKAD, understanding Kubernetes architecture is essential. This guide covers core concepts: clusters, nodes, pods, deployments, services, and the kubectl command-line tool. You'll learn how to inspect cluster resources, deploy applications, and expose them to traffic — all with real commands you'll use in exams and production environments.
Understanding Kubernetes Architecture
A Kubernetes cluster consists of a control plane and worker nodes. The control plane runs components like kube-apiserver, etcd, kube-scheduler, and kube-controller-manager. Worker nodes host pods via kubelet and kube-proxy. Use kubectl to interact with the API server. Check cluster info with 'kubectl cluster-info' and list nodes with 'kubectl get nodes'.
kubectl cluster-info
kubectl get nodes -o wideIn the CKA exam, you'll often need to check node status. Use 'kubectl describe node <name>' for detailed resource usage.
Never run kubectl commands against production clusters without proper RBAC permissions.
Working with Pods
Pods are the smallest deployable units in Kubernetes, containing one or more containers. Create a pod using a YAML manifest or imperatively with 'kubectl run'. View running pods with 'kubectl get pods' and inspect logs with 'kubectl logs'. Pods are ephemeral — they are replaced, not healed.
kubectl run nginx-pod --image=nginx --restart=Never
kubectl get pods
kubectl describe pod nginx-pod
kubectl logs nginx-podUse 'kubectl get pods -w' to watch pod status changes in real time — useful for debugging startup issues.
Deploying Applications with Deployments
Deployments manage ReplicaSets and provide declarative updates. Create a deployment with 'kubectl create deployment' or a YAML file. Scale replicas, perform rolling updates, and roll back if needed. Check rollout status with 'kubectl rollout status'.
kubectl create deployment web-app --image=nginx --replicas=3
kubectl scale deployment web-app --replicas=5
kubectl rollout status deployment/web-app
kubectl rollout undo deployment/web-appIn CKAD, practice writing deployment YAML from scratch. Use 'kubectl explain deployment.spec' to explore fields.
Always test rollbacks in a non-production environment first. A bad rollout can cause downtime.
Exposing Applications with Services
Services provide stable networking to pods. Common types: ClusterIP (internal), NodePort (external on node port), and LoadBalancer (cloud LB). Create a service to expose your deployment. Use 'kubectl expose' or a YAML manifest. Verify endpoints with 'kubectl get endpoints'.
kubectl expose deployment web-app --type=NodePort --port=80 --name=web-service
kubectl get svc
kubectl get endpoints web-service
curl http://<node-ip>:<node-port>For CKA, know how to create a ClusterIP service and test connectivity using a temporary pod with 'kubectl run test --image=busybox --rm -it -- sh'.
Using ConfigMaps and Secrets
ConfigMaps store non-sensitive configuration data; Secrets store sensitive data like passwords. Both can be consumed as environment variables or mounted as volumes. Create them imperatively or from literal values. Inject into pods via env or volume mounts.
kubectl create configmap app-config --from-literal=DB_HOST=mysql
kubectl create secret generic db-pass --from-literal=password=MyS3cret
kubectl run app --image=nginx --env-from=configmap/app-config --env-from=secret/db-passSecrets are base64-encoded, not encrypted. Use external secret stores (e.g., HashiCorp Vault) for production.
Never commit secrets to version control. Use tools like Sealed Secrets or External Secrets Operator.
Persistent Storage with Volumes
Pods need persistent storage for stateful applications. Use PersistentVolumeClaims (PVCs) to request storage. Kubernetes binds PVCs to PersistentVolumes (PVs). Mount the PVC in a pod's volume section. Check storage classes with 'kubectl get storageclass'.
kubectl apply -f - <<EOF
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
EOF
kubectl get pvcIn CKA, you may need to create a PV manually. Use 'kubectl explain persistentvolume.spec' to see required fields.
Monitoring and Debugging
Debugging is critical for exams and operations. Use 'kubectl exec' to run commands inside containers, 'kubectl logs' to view logs, and 'kubectl port-forward' to access services locally. Check events with 'kubectl get events --sort-by=.metadata.creationTimestamp'.
kubectl exec -it nginx-pod -- /bin/bash
kubectl logs -f deployment/web-app
kubectl port-forward service/web-service 8080:80
kubectl get events --sort-by='.metadata.creationTimestamp'For CKAD, practice using 'kubectl debug' to create ephemeral containers for troubleshooting without modifying the original pod.
Key tips
Always use 'kubectl explain' to explore resource fields — it's faster than searching docs and works offline.
Set up a local Kubernetes cluster with kind or minikube for hands-on practice before exam day.
In CKA, you can use 'kubectl run' with --dry-run=client -o yaml to generate YAML templates quickly.
Learn to use 'kubectl get all -n <namespace>' to see all resources in a namespace at once.
Master YAML indentation — a single space error can break your deployment. Use a linter like yamllint.
For CKAD, focus on writing YAML from scratch under time pressure. Practice with timed mock exams.
Frequently asked questions
What is the difference between a pod and a container?
A container is a runtime instance of a container image. A pod is the smallest Kubernetes object that can host one or more tightly coupled containers sharing the same network namespace, storage volumes, and lifecycle. Pods are the atomic unit of scheduling in Kubernetes.
Do I need to know Docker to learn Kubernetes?
Basic Docker knowledge helps but is not strictly required. Kubernetes uses container runtimes like containerd or CRI-O. You should understand container images, registries, and basic Docker commands, but the CKA and CKAD exams focus on Kubernetes-native concepts.
How long does it take to prepare for the CKA exam?
Most candidates spend 2-3 months studying with hands-on practice. The exam is 2 hours and includes 15-20 performance-based tasks. Focus on cluster setup, troubleshooting, networking, and storage. Use killer.sh or similar simulators for realistic practice.
What is the difference between CKA and CKAD?
CKA (Certified Kubernetes Administrator) covers cluster administration, networking, storage, and security. CKAD (Certified Kubernetes Application Developer) focuses on application design, deployment, and configuration. Both are CNCF certifications and require strong kubectl skills.
Can I use Kubernetes for stateful applications?
Yes, using StatefulSets, PersistentVolumeClaims, and Headless Services. StatefulSets provide stable network identities and ordered deployment for databases like MySQL or Cassandra. However, they require careful planning for backup, recovery, and scaling.
Related glossary terms
Container Runtime
A container runtime is software that runs containers by using the host operating system's kernel to isolate processes, manage filesystem layers, and handle networking.
kubectl Command Reference
kubectl is the command-line tool used to interact with and manage Kubernetes clusters by sending commands to the Kubernetes API.
DaemonSets
A DaemonSet is a Kubernetes object that ensures a copy of a specific pod runs on every node in a cluster, or on a subset of nodes.
Jobs and CronJobs
A Kubernetes Job is a controller that runs one or more Pods to completion for a finite task, while a CronJob schedules Jobs to run at specific times or intervals.
Taints and Tolerations
Taints and tolerations are Kubernetes features that control which pods can be scheduled onto which nodes by marking nodes with a taint and allowing pods to declare a toleration to the taint.
Kubernetes Services
A Kubernetes Service is a stable network endpoint that connects a set of pods to internal or external traffic, providing consistent access even as pods change.
Practice with real exam questions
Apply what you just learned with exam-style practice questions.