Zum Inhalt

Kubernetes Basics: Orchestrating Containers at Scale

You’ve mastered Docker. You’ve built immutable images, pushed them to registries, and run them locally.
Now you’re ready to move to Kubernetes – the de‑facto standard for container orchestration.

But Kubernetes isn’t just “Docker with more features”. It’s a complex platform with its own vocabulary, architecture, and operational challenges.
If you dive in without understanding the basics, you’ll quickly get lost in YAML, Services, and Pods.

In this article we’ll strip away the hype and give you a practical, beginner‑friendly roadmap to Kubernetes. By the end you’ll know:

  • What a Pod, Service, and Deployment really are
  • How to deploy your first app on a local cluster (Minikube)
  • The core concepts of namespaces, labels, and selectors
  • How to expose an app with a LoadBalancer or Ingress
  • Why Helm is the “apt‑get” of Kubernetes
  • How to avoid the three most common beginner pitfalls

Ready to stop juggling containers manually and let Kubernetes do the heavy lifting? Let’s dive in.

📦 1. The Core abstractions: Pods, Services, and Deployments

Kubernetes works with a declarative model. You describe the desired state, and the control plane makes it happen.

Pod – The smallest deployable unit

A Pod is a group of one or more containers that share:

  • Network namespace (IP address, port space)
  • Volumes (persistent storage)
  • Runtime configuration

Why not run a container directly? Because Kubernetes needs to manage scaling, health‑checks, and restarts. A Pod is the unit that the scheduler works with.

apiVersion: v1
kind: Pod
metadata:
  name: hello-nginx
spec:
  containers:
  - name: nginx
    image: nginx:1.27-alpine
    ports:
    - containerPort: 80

Service – The stable endpoint

A Pod’s IP is ephemeral – it changes when the Pod is recreated. A Service provides a stable IP and DNS name that load‑balances traffic to a set of Pods.

apiVersion: v1
kind: Service
metadata:
  name: web-service
spec:
  selector:
    app: hello-nginx
  ports:
    - protocol: TCP
      port: 80          # Service port
      targetPort: 80    # Container port
  type: LoadBalancer    # Exposes it outside the cluster

After you apply these manifests (kubectl apply -f pod.yaml -f service.yaml), Kubernetes will:

  1. Pull the nginx image, start a Pod, and expose port 80.
  2. Assign a stable DNS name (e.g., web-service.default.svc.cluster.local).
  3. Route incoming traffic to the Pod’s IP:Port.

Deployment – Managing multiple replicas

A Deployment ensures that a specified number of Pod replicas are running, handling roll‑outs, roll‑backs, and scaling automatically.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-nginx-deploy
spec:
  replicas: 3               # Scale to 3 identical Pods
  selector:
    matchLabels:
      app: hello-nginx
  template:
    metadata:
      labels:
        app: hello-nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.27-alpine
        ports:
        - containerPort: 80

Key points

  • Desired state is expressed once (e.g., replicas: 3).
  • Kubernetes constantly reconciles the actual state to match this.
  • If a Pod crashes, the Deployment recreates it automatically.
  • You can roll out a new version by updating the image: field – Kubernetes performs a rolling update without downtime.

🎯 Takeaway: Pods are ephemeral, Services make them stable, Deployments keep the right number of them running.

🚀 2. Getting a cluster up and running (Minikube)

You don’t need a cloud provider to try Kubernetes. Minikube runs a single‑node cluster on your laptop.

Installation (Linux/macOS)

# 1. Install kubectl (the CLI)
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl && sudo mv kubectl /usr/local/bin/

# 2. Install Minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo mv minikube-linux-amd64 /usr/local/bin/minikube
minikube version   # should print the version

# 3. Start the cluster
minikube start

Verify everything works

kubectl get nodes          # Should show a single node named "minikube"
kubectl get pods           # Should be empty at first
kubectl apply -f pod.yaml  # Creates the hello‑nginx Pod
kubectl get pods           # Now you’ll see "hello-nginx" in Running state
kubectl expose pod hello-nginx --type=LoadBalancer --port=80
minikube service hello-nginx   # Opens the app in your browser

Note: On a local cluster the LoadBalancer type is emulated via NodePort. The minikube service command creates a temporary tunnel so you can access the app in your browser.

🛠️ 3. Common beginner pitfalls (and how to avoid them)

Pitfall Why it hurts Fix
Hard‑coding image tags (nginx:latest) latest is mutable; builds can change unexpectedly → your Pod may break. Use immutable tags like nginx:1.27-alpine.
Skipping health‑checks Kubernetes restarts crashing containers, but if you never define a readinessProbe, the Service may keep sending traffic to a dead Pod. Add readinessProbe and livenessProbe to your Pod spec.
Over‑provisioning resources Requesting too much CPU/memory can starve other workloads; requesting too little leads to throttling. Start with modest requests (200m CPU, 128Mi RAM) and adjust based on monitoring.
Storing secrets in plain YAML Secrets end up in Git history, which is a security nightmare. Use Kubernetes Secrets or external secret managers (e.g., HashiCorp Vault, Bitnami Sealed Secrets).
Ignoring namespace boundaries All objects live in default namespace by default; as you grow, you’ll want isolation. Create separate namespaces (dev, staging, prod) and apply resources with -n <ns>.
Manually editing etcd Directly mutating the datastore can corrupt the cluster. Always use kubectl or declarative manifests.

📦 4. Helm – The package manager for Kubernetes

Manually creating YAMLs for every resource is error‑prone and repetitive. Helm packages everything into a single, versioned chart.

# Add the official Helm repo
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update

# Search for a chart
helm search repo bitnami

# Install a chart (e.g., nginx)
helm install my-nginx bitnami/nginx --set service.type=LoadBalancer

A Helm chart typically contains:

  • Chart.yaml – metadata (name, version, dependencies)
  • templates/ – Jinja‑style templates for every Kubernetes manifest
  • values.yaml – configurable parameters (image tag, replica count, resources)

Why Helm helps beginners

  • Parameterization – Change a value once, propagate throughout all manifests.
  • Versioning – Roll back to a previous chart version with helm rollback.
  • Dependency management – Charts can depend on other charts (e.g., a chart that needs a database).

🧭 5. Next steps: From “Hello World” to Production‑Ready Workloads

  1. Add a namespace for isolation:
    kubectl create namespace demo
kubectl apply -f pod.yaml -n demo
  2. Expose the app publicly with an Ingress (instead of LoadBalancer):
    apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
spec:
  rules:
  - host: nginx.demo.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-service
            port:
              number: 80
    Apply with kubectl apply -f ingress.yaml and add an entry to your /etc/hosts: 127.0.0.1 nginx.demo.com.
  3. Enable monitoring: Install the Prometheus Helm chart and set up alerts for CPU/Memory usage.
  4. Automate CI/CD: Connect your Git repo to a pipeline (GitHub Actions, GitLab CI) that runs helm lint, helm test, and helm upgrade on every push.

🎯 Goal: By the end of this roadmap you’ll be comfortable writing, versioning, and deploying real‑world Kubernetes workloads – without drowning in YAML.

📚 Further learning resources

Topic Resource Link
Kubernetes Fundamentals CNCF – Kubernetes Basics https://kubernetes.io/docs/tutorials/kubernetes-basics/
Helm Chart Hub Artifact Hub https://artifacthub.io/
Production‑Ready Kubernetes “Kubernetes Patterns” (Book) https://github.com/gardock/kubernetes-patterns
Security Best Practices CIS Benchmarks for Kubernetes https://www.cisecurity.org/benchmark/kubernetes
Observability “The Ultimate Guide to Prometheus” https://prometheus.io/docs/introduction/overview/

💭 Final thought

Kubernetes is not a magic button that makes your containers run faster.
It is a control plane that shifts the complexity of scaling, healing, and networking from your shoulders to a well‑engineered, declarative system.

When you master the three core objects — Pod, Service, and Deployment — and adopt a Git‑Ops workflow (declare → commit → CI → deploy), you’ll spend far less time babysitting containers and far more time building value.

Ready to move from “Docker‑only” to “Kubernetes‑ready”? Grab a coffee, fire up Minikube, and start experimenting. The future of scalable, resilient applications is now.

This article was created on 2026‑04‑06. Kubernetes evolves rapidly; always check the official docs for the latest version.

💡 Community & Feedback