Kubernetes (K8s)
Pods, deployments, services, ingress, HPA, VPA, operators
Kubernetes (K8s) is the de facto container orchestration platform, managing containerised workloads across a cluster of nodes. The Control Plane — comprising the API Server, etcd, Scheduler, and Controller Manager — maintains desired state. Worker Nodes run the kubelet, kube-proxy, and a container runtime (containerd) and host application Pods. Key abstractions include Deployments (declarative rollouts), Services (stable network endpoints), Ingress (HTTP routing), and the Horizontal Pod Autoscaler (HPA) for traffic-driven scaling.
Key Points
- The API Server is the single entry point for all cluster operations — all components (kubectl, controllers, kubelet) communicate exclusively through the API Server, which persists state to etcd.
- etcd is a distributed key-value store (Raft consensus, typically 3 or 5 nodes) — back it up frequently; losing etcd without a backup means losing the entire cluster state.
- The Scheduler assigns Pods to Nodes based on resource requests, node affinity/anti-affinity, taints/tolerations, and topology spread constraints — never rely on default scheduling for latency-sensitive workloads.
- Always set resource requests (for scheduling) and limits (for cgroup enforcement): without requests, the scheduler cannot bin-pack correctly; without limits, a single pod can starve others.
- HPA scales Deployment replicas based on CPU/memory (via Metrics Server) or custom metrics (via KEDA + external sources like SQS queue depth, Kafka lag).
- Ingress controllers (nginx, AWS ALB Ingress Controller, Traefik) implement the Ingress resource — without a controller, the Ingress object has no effect.
- PodDisruptionBudget (PDB) guarantees minimum available replicas during voluntary disruptions (node drain, cluster upgrade) — set `minAvailable: 1` for all production Deployments.
- Kubernetes RBAC uses Roles (namespace-scoped) and ClusterRoles (cluster-wide), bound to ServiceAccounts via RoleBindings — follow least-privilege; avoid binding ServiceAccounts to `cluster-admin`.
Kubernetes cluster: Control Plane components and Worker Nodes hosting Pods, with key API objects
Real-World Example
Airbnb runs 1,000+ microservices on EKS, using HPA with custom Datadog metrics (request queue depth) to scale from 50 to 3,000 pods within 3 minutes during peak booking traffic.