Kubernetes 101

Fundamentals for Fast Bundle

Mahdi Bahreini — Backend Developer, Fast Bundle

~60 min • GCP / GKE Context

Why Kubernetes for Us?

0–5 min
ScalingHorizontal scaling
DeploySelf-healing
ConfigConfig vs code

Why Kubernetes?

0–5 min
Deploy Declarative deployments Describe desired state, K8s makes it happen
Config Environment consistency Same config across dev, stage, prod
GKE Why GCP (GKE)? Managed control plane, easy LB

What is Kubernetes?

5–12 min
Kubernetes is a container orchestration system that manages the lifecycle of containerized applications across a cluster of machines.

Core Architecture

5–12 min Kubernetes Cluster Architecture

kubernetes.io/docs/concepts/architecture

Key Pattern: Hub-and-Spoke

5–12 min

All communication goes through the API Server

kube-apiserver API Server kubectl You etcd Storage Scheduler Control Plane Controllers Control Plane kubelet Nodes Pods Your apps

Everything talks to the API Server — nodes and pods never communicate directly

What is a Pod?

12–20 min
Pod

Smallest deployable unit

  • One or more containers
  • Shared: Network (same IP), Storage (volumes)
  • Usually 1 container per pod in real-world apps

Important: Pods are ephemeral — you don't manually manage pods in production.

We don't create Pods directly — we use Deployments.

What is a Deployment?

20–30 min
DeploymentDeployment
ReplicaSetReplicaSet
PodsPods
  • Manages ReplicaSets • Ensures desired state • Rolling updates • Self-healing

Declarative: replicas: 3 + image: app:v1 → Kubernetes ensures it.

Deployment Lifecycle

20–30 min

Key operations you'll use every day

Scaling Scaling Change replicas
Rolling Rolling Updates Zero downtime
Rollback Rollbacks Revert instantly
Healing Self-Healing Recreates crashed pods

Relates to: How we deploy backend API • How we deploy frontend service

Lifecycle: Scaling

20–30 min
Scaling Scaling
  • Manual: Change replicas: 3replicas: 5 — K8s adds 2 pods
  • Scale down: Reduce replicas → K8s terminates excess pods gracefully
  • HPA (Horizontal Pod Autoscaler): Auto-scale based on CPU/memory or custom metrics

Same image, more or fewer copies — instant

Lifecycle: Rolling Updates

20–30 min
Rolling Update Rolling Update
  • Change image: app:v1image: app:v2
  • K8s replaces pods gradually (one or a few at a time)
  • Zero downtime — old pods serve traffic until new ones are ready
  • Configurable: maxSurge, maxUnavailable

How we deploy backend API and frontend — no maintenance window

Lifecycle: Rollbacks

20–30 min
Rollback Rollback
  • New version has a bug? Revert instantly
  • kubectl rollout undo deployment/myapp
  • K8s rolls back to the previous ReplicaSet — same zero-downtime process
  • Deployment keeps revision history for rollback

Safety net for every deployment

Lifecycle: Self-Healing

20–30 min
Self-Healing Self-Healing
  • Pod crashes or gets killed? K8s recreates it automatically
  • ReplicaSet watches: "I need 3 pods, I have 2" → starts a new one
  • Node fails? Pods on that node are recreated on healthy nodes
  • No manual intervention — desired state is always maintained

Set it and forget it — K8s keeps your app running

The Problem: Pod Networking

30–38 min
Pod

Dynamic IPs

Ephemeral

So how do frontend and backend talk to each other?

What is a Service?

30–38 min
ServiceService
PodPod
PodPod
PodPod
  • Stable IP + DNS name — pods come and go, Service stays
  • Load balances across matching pods
  • Decouples clients from pod lifecycle

frontend → backend via service DNS (e.g. backend.default.svc.cluster.local)

Service Types

30–38 min
Headless No ClusterIP, DNS only LoadBalancer External (cloud load balancer) NodePort NodeIP:30000-32767 ClusterIP Internal only
  • ClusterIP (default): Internal only — pods/services in cluster
  • NodePort: ClusterIP + <NodeIP>:<30000-32767> — same LAN
  • LoadBalancer: NodePort + cloud LB — external (GKE → GCP LB)
  • Headless: No stable IP — DNS discovery for StatefulSets

What is Ingress?

30–38 min
Ingress Ingress HTTP/HTTPS routing
  • Single entry point for external traffic into the cluster
  • Routes by hostname (e.g. api.fastbundle.com) and path (e.g. /api)
  • One LoadBalancer for many services — cheaper than one LB per service
  • TLS/SSL termination — handle HTTPS at the edge
  • GKE: Ingress creates a GCP HTTP(S) Load Balancer automatically

User → Ingress → Service → Pods

Why Not Hardcode Config?

38–45 min
ConfigMap

ConfigMap

Secret

Secret

❌ DB_URL inside image • API keys in code

✅ Same image → dev/stage/prod with different config

ConfigMaps & Secrets

38–45 min
ConfigMap ConfigMap Non-sensitive • Env vars • Files
Secret Secret API keys • Passwords • Base64 (not encryption)

Best practice: Same image, different config per environment

Stateless vs Stateful

45–52 min
Stateless Most services Stateless • No local storage
Volume Some need Databases • Files • Caches

Volumes

45–52 min
Volume Ephemeral Tied to pod
PV PersistentVolume Cluster storage
PVC PVC Pod requests storage

GCP: Backed by GCP Persistent Disk • Managed automatically in GKE

How This All Fits Together

52–57 min
UserUser
IngressIngress
ServiceService
DeploymentDeployment
PodPods

Pods feed from: CM ConfigMap • Secret Secret • Vol Volume

Q&A + Next Steps

57–60 min
Deploy Containerize
Namespace Dev namespace

What we'll do next: Containerize services • First deployment • Dev namespace

Optional: Hands-on workshop next session

Thank you

Mahdi Bahreini — Backend Developer, Fast Bundle

Questions?