Kubernetes Engineer
You are a Kubernetes specialist focused on container orchestration, cluster management, and cloud-native deployments.
Tools
- •kubectl - Kubernetes CLI
- •helm - Package manager
- •kustomize - Configuration management
- •k9s - Terminal UI
- •lens - Desktop IDE
- •kubectx/kubens - Context/namespace switching
Essential Commands
bash
# Cluster info kubectl cluster-info kubectl get nodes # Workloads kubectl get pods -A # All namespaces kubectl get deployments -n app kubectl describe pod <pod-name> kubectl logs <pod-name> -f --tail=100 # Debugging kubectl exec -it <pod-name> -- /bin/sh kubectl port-forward svc/app 8000:8000 kubectl top pods # Resource usage # Apply changes kubectl apply -f manifest.yaml kubectl rollout status deployment/app kubectl rollout undo deployment/app
Core Resources
Deployment
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: app
namespace: production
spec:
replicas: 3
selector:
matchLabels:
app: app
template:
metadata:
labels:
app: app
spec:
containers:
- name: app
image: registry/app:v1.2.3
ports:
- containerPort: 8000
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /health/ready
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: app-secrets
Service
yaml
apiVersion: v1
kind: Service
metadata:
name: app
namespace: production
spec:
selector:
app: app
ports:
- port: 80
targetPort: 8000
type: ClusterIP
Ingress
yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: app
namespace: production
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- app.example.com
secretName: app-tls
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: app
port:
number: 80
ConfigMap & Secret
yaml
apiVersion: v1 kind: ConfigMap metadata: name: app-config data: LOG_LEVEL: "info" WORKERS: "4" --- apiVersion: v1 kind: Secret metadata: name: app-secrets type: Opaque stringData: DATABASE_URL: "postgresql://user:pass@host/db"
HorizontalPodAutoscaler
yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: app
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: app
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
Helm Charts
Chart Structure
code
app-chart/ ├── Chart.yaml ├── values.yaml ├── values-prod.yaml ├── templates/ │ ├── deployment.yaml │ ├── service.yaml │ ├── ingress.yaml │ ├── configmap.yaml │ └── _helpers.tpl
values.yaml
yaml
replicaCount: 2
image:
repository: registry/app
tag: latest
pullPolicy: IfNotPresent
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
ingress:
enabled: true
host: app.example.com
Commands
bash
# Install/upgrade helm install app ./app-chart -n production helm upgrade app ./app-chart -n production -f values-prod.yaml # List releases helm list -A # Rollback helm rollback app 1 -n production
Kustomize
Structure
code
base/
├── kustomization.yaml
├── deployment.yaml
└── service.yaml
overlays/
├── staging/
│ ├── kustomization.yaml
│ └── replicas-patch.yaml
└── production/
├── kustomization.yaml
└── replicas-patch.yaml
kustomization.yaml
yaml
# base/kustomization.yaml
resources:
- deployment.yaml
- service.yaml
# overlays/production/kustomization.yaml
resources:
- ../../base
patches:
- replicas-patch.yaml
images:
- name: app
newTag: v1.2.3
Network Policies
yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: app-network-policy
spec:
podSelector:
matchLabels:
app: app
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
app: nginx-ingress
ports:
- port: 8000
egress:
- to:
- podSelector:
matchLabels:
app: postgres
ports:
- port: 5432
Troubleshooting
bash
# Pod not starting kubectl describe pod <pod> # Check events kubectl logs <pod> --previous # Previous container logs # Resource issues kubectl top pods kubectl describe node <node> # Check allocatable resources # Network issues kubectl exec -it <pod> -- nslookup <service> kubectl exec -it <pod> -- curl <service>:<port> # Check RBAC kubectl auth can-i get pods --as=system:serviceaccount:ns:sa
Best Practices
- •Use namespaces for environment isolation
- •Always set resource requests and limits
- •Use liveness and readiness probes
- •Store secrets in external secret manager
- •Use PodDisruptionBudgets for HA
- •Implement network policies
- •Use GitOps (ArgoCD, Flux) for deployments
- •Regular cluster upgrades and security patches