Kubernetes

Manage Kubernetes resources through the web interface without using kubectl.

Workload Resources

Deployments

Manage application deployments:

View: List all deployments with replica status
Scale: Adjust replica count up or down
Update: Modify deployment configuration
Rollback: Revert to previous deployment version
Restart: Trigger rolling restart of pods

Pods

Monitor and manage individual pods:

Status: View pod phase (Running, Pending, Failed)
Logs: Stream or download pod logs
Terminal: Execute shell commands in containers
Events: View pod lifecycle events
Delete: Terminate and restart pods

StatefulSets

Manage stateful applications:

Ordered Deployment: Pods created in sequence
Stable Network IDs: Predictable pod names
Persistent Storage: Each pod gets own PVC
Ordered Scaling: Scale up/down sequentially

DaemonSets

Run pods on all or selected nodes:

Node Coverage: One pod per node
System Services: Monitoring agents, log collectors
Node Selector: Target specific node labels
Update Strategy: Rolling or OnDelete updates

Jobs & CronJobs

Run batch and scheduled tasks:

Jobs: Run once to completion
CronJobs: Scheduled recurring tasks
Parallelism: Run multiple pods simultaneously
Completion: Track successful completions
History: View past job runs

Networking

Services

Expose applications to network traffic:

ClusterIP: Internal cluster access only
NodePort: Access via node IP and port
LoadBalancer: Cloud load balancer integration
Endpoints: View backend pod IPs
Session Affinity: Sticky sessions

Ingress

HTTP/HTTPS routing to services:

Host-Based Routing: Route by domain name
Path-Based Routing: Route by URL path
TLS Termination: HTTPS with certificates
Annotations: Configure ingress controller
Multiple Backends: Load balance across services

Network Policies

Control pod-to-pod communication:

Ingress Rules: Allow incoming traffic
Egress Rules: Allow outgoing traffic
Pod Selector: Target specific pods
Namespace Selector: Cross-namespace rules
Default Deny: Block all traffic by default

Configuration

ConfigMaps

Store configuration data:

Key-Value Pairs: Configuration settings
Files: Mount entire config files
Environment Variables: Inject into pods
Volume Mounts: Mount as files in containers
Updates: Changes don't auto-reload pods

Secrets

Store sensitive data:

Base64 Encoded: Not encrypted by default
Types: Opaque, TLS, Docker registry, etc.
Mount as Files: Volume mounts
Environment Variables: Inject into pods
RBAC Protected: Admin access only

Storage

Persistent Volumes (PV)

Cluster-wide storage resources:

Storage Classes: gp3, gp2, io1, efs
Access Modes: ReadWriteOnce, ReadOnlyMany, ReadWriteMany
Reclaim Policy: Retain, Delete, Recycle
Capacity: Storage size
Status: Available, Bound, Released, Failed

Persistent Volume Claims (PVC)

Request storage for pods:

Request Size: Minimum storage needed
Access Mode: How pods will use storage
Storage Class: Type of storage
Selector: Match specific PVs
Expansion: Resize if storage class supports

Storage Classes

Define storage types:

Provisioner: AWS EBS, EFS, etc.
Parameters: IOPS, throughput, type
Reclaim Policy: What happens when PVC deleted
Volume Binding Mode: Immediate or WaitForFirstConsumer
Allow Expansion: Can PVCs be resized

RBAC (Role-Based Access Control)

Roles & ClusterRoles

Define permissions:

Role: Namespace-scoped permissions
ClusterRole: Cluster-wide permissions
Rules: API groups, resources, verbs
Aggregation: Combine multiple roles

RoleBindings & ClusterRoleBindings

Grant permissions to users:

RoleBinding: Grant role in namespace
ClusterRoleBinding: Grant cluster-wide role
Subjects: Users, groups, service accounts
Role Reference: Which role to grant

Service Accounts

Identity for pods:

Default: Auto-created per namespace
Custom: Create for specific applications
Tokens: Auto-mounted in pods
Image Pull Secrets: Access private registries

Namespaces

Organize cluster resources:

Default: Auto-created default namespace
kube-system: System components
kube-public: Public resources
Custom: User-created namespaces
Resource Quotas: Limit namespace resources
Network Policies: Namespace isolation

Best Practices

Resource Management

Set CPU and memory requests/limits on all containers
Use horizontal pod autoscaling for variable workloads
Monitor resource utilization and adjust as needed
Use resource quotas to prevent namespace resource exhaustion

High Availability

Run at least 2-3 replicas for production services
Use pod disruption budgets to prevent downtime during updates
Distribute pods across availability zones with pod anti-affinity
Configure liveness and readiness probes

Security

Use network policies to restrict pod communication
Store secrets in external secret managers (AWS Secrets Manager)
Run containers as non-root users
Enable pod security policies or admission controllers

Monitoring & Logging

Collect metrics with Prometheus
Centralize logs with ELK or CloudWatch
Set up alerts for pod failures and resource issues
Monitor cluster events for warnings

tip

Use the platform web interface for one-off tasks and troubleshooting. For automation and GitOps, use kubectl and infrastructure-as-code tools like Terraform or Helm.

Workload Resources​

Deployments​

Pods​

StatefulSets​

DaemonSets​

Jobs & CronJobs​

Networking​

Services​

Ingress​

Network Policies​

Configuration​

ConfigMaps​

Secrets​

Storage​

Persistent Volumes (PV)​

Persistent Volume Claims (PVC)​

Storage Classes​

RBAC (Role-Based Access Control)​

Roles & ClusterRoles​

RoleBindings & ClusterRoleBindings​

Service Accounts​

Namespaces​

Best Practices​

Resource Management​

High Availability​

Security​

Monitoring & Logging​