Skip to content

TechWorld with Nana DevOps Linux Networking

Kubernetes Crash Course for Absolute Beginners [NEW]

Nana Janashia teaches all of Kubernetes in one hour. It starts with what container orchestration is and why microservices made it necessary, walks the cluster architecture of master and worker nodes, then explains every component you use day to day (pods, services, ingress, ConfigMaps, secrets, volumes, deployments, and StatefulSets) by building one example app. The second half is hands on: install Minikube and kubectl, write four YAML files, and deploy a MongoDB database with a Node.js web app reachable in a browser through a NodePort service. A reader finishes able to stand up a real application on Kubernetes.

Published Sep 30, 2021 1:12:03 video 31 min read Added Jun 16, 2026 Open on YouTube →

At a glance

Nana Janashia teaches all of Kubernetes in one hour, and the structure is deliberate: first what Kubernetes is and why container orchestration became necessary, then the cluster architecture (master and worker nodes), then a guided tour of the components you actually touch every day (pods, services, ingress, ConfigMaps, secrets, volumes, deployments, and StatefulSets), then how configuration works as declarative YAML, and finally a real demo that stands up a MongoDB database and a Node.js web app on a local cluster and opens it in a browser.

The teaching trick that holds it together is one running example. Nana builds a web application plus a database and asks, at each step, what breaks. The IP address changed when a pod restarted, so you need a Service. The database URL is baked into the image, so you need a ConfigMap. The password should not sit in plain text, so you need a Secret. The data vanishes on restart, so you need a Volume. The app went down during a redeploy, so you need a Deployment with replicas. The database has state, so a Deployment is wrong and you need a StatefulSet. Every component earns its place by solving a concrete problem.

The hands on half installs Minikube (a one node cluster for your laptop) and uses kubectl (the command line tool that talks to every cluster, local or cloud). You write four YAML files, apply them with kubectl apply -f, inspect the cluster with kubectl get, describe, and logs, and reach the app through a NodePort service at the Minikube IP. This page rebuilds the whole course in order, with the architecture diagrams, the component model, every command, and the full YAML, so a reader who never opens the video still finishes able to deploy on Kubernetes.

Figure 1. The cluster on one canvas. The master node runs the four control plane processes (API server, scheduler, controller manager, etcd) and is small but irreplaceable. The worker nodes are big, each running a kubelet and the pods that do the real work. A virtual network spans every node so the whole cluster behaves like one machine. Every client (a dashboard, a script, or kubectl) enters through the API server.

What Kubernetes is, and why it exists

Nana opens with the definition. Kubernetes is an open source container orchestration framework, originally developed by Google. At its foundation it manages containers, whether Docker containers or some other technology, which means it helps you manage applications made up of hundreds or thousands of containers across different environments: physical machines, virtual machines, cloud, or hybrid.

Then the why, told chronologically. The rise of microservices drove up the use of container technologies, because a container is the perfect host for a small independent service. That combination produced applications comprised of hundreds, sometimes thousands, of containers. Managing that many containers across multiple environments with hand written scripts and homemade tools gets complex and sometimes impossible. That exact pain created the need for container orchestration.

So what does an orchestration tool like Kubernetes guarantee. Nana names three features:

High availability. In plain words, no downtime. The application is always accessible to users.
Scalability. Scale up fast when load and users increase, scale back down just as easily when load drops, so the app flexes with demand.
Disaster recovery. If the infrastructure has a problem, data is lost, a server dies, something bad happens in the data center, there must be a mechanism to back up data and restore the latest state, so the application loses nothing and resumes from where it was.

Those three are exactly the functionalities orchestration tools like Kubernetes provide.

The architecture: one master, many workers

A Kubernetes cluster is made of at least one master node and a number of worker nodes connected to it. Every node runs a process called kubelet, the Kubernetes process that lets the nodes communicate with each other and actually execute tasks like running application processes.

Each worker node has containers of different applications deployed on it. Depending on how the workload is distributed, you get a different number of containers per worker. The worker nodes are where the actual work happens: your applications run here.

So what runs on the master node. The master runs several Kubernetes processes that are absolutely necessary to run and manage the cluster:

API server. Itself a container, and the entry point to the cluster. Every client talks to it: a UI like the Kubernetes Dashboard, an API such as a script or automation, and the command line tool. They all go through the API server.
Controller manager. Keeps an overview of what is happening in the cluster, whether something needs repair, whether a container died and needs restarting.
Scheduler. Decides which worker node the next container should run on, intelligently, based on the workload the container needs and the available resources (CPU, memory) on each node.
etcd. A key value store that holds the current state of the whole cluster at any time: all configuration data and all status data of each node and each container. The backup and restore mentioned earlier is made from these etcd snapshots, because you can recover the entire cluster state from one.

One more essential piece ties the nodes together: the virtual network spanning all the nodes in the cluster. In simple words it turns all the nodes into one powerful machine with the sum of all their resources.

A note on sizing and importance. Worker nodes usually carry the most load, since they run the applications, so they are bigger and have more resources. The master runs just a handful of processes, so it needs fewer resources, but it is far more important than any single worker: lose access to the master and you lose access to the cluster. That is why you must always have a master backup, and why production clusters run at least two masters (often more) so that if one master goes down the cluster keeps functioning smoothly.

The components, taught by building one app

To make the components concrete, Nana builds a simple use case, a web application with a database, and shows step by step what each Kubernetes component does and why you reach for it.

Pod: the smallest unit

Start with a basic worker node, which is just a server, physical or virtual. The smallest unit of Kubernetes is the pod, and a pod is an abstraction over a container. It creates a running environment, a layer, on top of the container.

Why the extra layer. Kubernetes wants to abstract away the container runtime so you can replace it, and so you never have to work directly with Docker or whatever runtime you use. You only interact with the Kubernetes layer.

So in the example you get an application pod (your own app) talking to a database pod (with its own container). An important convention: a pod usually runs one application container inside it. You can run multiple containers in one pod, but typically only when you have one main application container plus a helper or side service that must run alongside it.

Service: a stable IP that outlives the pod

Now make them communicate. Kubernetes gives you a virtual network out of the box, so each pod gets its own internal IP address (the pod gets the IP, not the container). The application container can reach the database using that IP.

But pods are ephemeral, they die easily. If the database container crashes, or the app inside crashes, or the node runs out of resources, the pod dies and a new one is created in its place, and the new pod gets a new IP address. Communicating by pod IP is therefore inconvenient, because you would have to adjust it every restart.

So Kubernetes has the Service, a static, permanent IP address attached to a pod. The app gets its service and the database gets its service. The lifecycles of a service and its pod are not connected, so even if the pod dies, the service and its IP stay, and you never have to change the endpoint.

Services come in types. To reach the app from a browser you need an external service, one that opens communication from outside. You would not want the database open to the public, so that gets an internal service. You choose the type when you create the service.

Ingress: the practical front door

The external service URL is not pretty: it is http:// plus the node IP address plus the service port number. That is fine for a quick test but not for a real product, where you want a secure protocol and a domain name. For that there is Ingress. Instead of going straight to the service, the request goes first to Ingress, which forwards it on to the service.

ConfigMap: external configuration without rebuilding the image

Pods talk through services, so the app uses a database endpoint, say mongodb-service, to reach the database. Normally that database URL lives in an application properties file, an environment variable, or, worst of all, baked inside the built image. If the service name changed to mongodb, you would have to adjust the URL in the app, rebuild the image with a new version, push it to the repository, pull the new image into the pod, and restart everything. Tedious for a tiny change.

So Kubernetes has the ConfigMap, your external configuration. It holds data like database URLs and other service endpoints, and you connect it to the pod so the pod receives that data. Change a service name, just edit the ConfigMap, no new image, no redeploy cycle.

Secret: the same idea, for credentials

Part of that external configuration is the database username and password. Putting a password in a ConfigMap in plain text is insecure. So there is the Secret, just like a ConfigMap but for credentials, stored in base64 encoded form rather than plain text.

Nana is careful here: base64 encoding alone does not make a secret secure. Secrets are meant to be encrypted using third party tools, because Kubernetes does not encrypt them out of the box. Cloud providers and separate third party tools you deploy on Kubernetes handle that. Practically, credentials, passwords, and certificates, anything you do not want others to access, go in a Secret, while a database username could sit in a ConfigMap. You connect the Secret to the pod, and the pod reads from it. You consume ConfigMap or Secret data inside the pod as environment variables or as a properties file.

Volume: persistence, which Kubernetes does not do for you

Next, data storage. The database pod generates data, but with the basic setup, if the database container or pod restarts, the data is gone. You want database and log data persisted reliably, long term.

The answer is the Volume. A volume attaches physical storage on a hard drive to your pod. That storage can be local (on the same node where the pod runs) or remote (outside the cluster: cloud storage or your own on premise storage). It is just an external reference. When the database pod restarts, the data is still there.

The key mental model: think of storage as an external hard drive plugged into the cluster, local or remote. Kubernetes explicitly does not manage data persistence. That means you, the administrator, are responsible for backing up data, replicating it, and keeping it on proper hardware. Kubernetes does not take care of it.

Deployment: replicas, so a redeploy is not an outage

Everything runs and a user reaches the app through a browser. Now ask: what if the application pod dies, crashes, or has to be restarted because you built a new image. You get downtime where the user cannot reach the app, which is very bad in production.

This is exactly where distributed systems and containers shine. Instead of relying on one app pod and one database pod, you replicate across multiple nodes. A second node runs a replica of the app, also connected to the service. Remember, the service is a persistent static IP with a DNS name, but it is also a load balancer: it catches the request and forwards it to whichever pod is least busy.

To create that second replica you do not create a second pod by hand. You define a blueprint for the pod and specify how many replicas to run. That blueprint is the Deployment. In practice you do not create pods directly, you create Deployments, because there you set the replica count and scale up or down. A pod is an abstraction over containers, and a Deployment is another abstraction on top of pods, making it convenient to replicate and configure them. So if one app pod replica dies, the service forwards requests to another, and the app stays available.

StatefulSet: because databases have state

What about the database pod. If it dies, the app is also unreachable, so you need a database replica too. But you cannot replicate a database with a Deployment. A database has state, its data, and replicas would all need to access the same shared storage, with a mechanism deciding which pods write and which read to avoid data inconsistency.

That mechanism, plus replication, is provided by the StatefulSet. It is meant specifically for stateful applications: MySQL, MongoDB, Elasticsearch, and the like should be created with StatefulSets, not Deployments. A StatefulSet replicates and scales pods like a Deployment, but keeps database reads and writes synchronized so no inconsistencies occur.

An honest caveat from Nana: deploying databases with StatefulSets in a cluster can be tedious, more difficult than working with Deployments. That is why it is common practice to host databases outside the cluster and keep only the stateless, easily replicated applications inside, talking to the external database.

With two replicas of the app and two of the database, both load balanced, the setup is robust. Even if a whole node is rebooted or crashes, a second node keeps app and database pods running and the user keeps access until the replicas are recreated.

App and DB managed by Deployment (stateless) and StatefulSet (stateful)

Figure 2. The running example, wired together. A browser request enters through Ingress, hits the external Service (a load balancer) which spreads it across the app pod replicas. Each app pod reads its config from a ConfigMap and credentials from a Secret, then reaches the database through an internal Service. The database pods persist their data to a Volume that survives restarts. App pods are managed by a Deployment, the stateful database by a StatefulSet.

To summarize the component tour: pods and services for communication, Ingress to route traffic into the cluster, ConfigMaps and Secrets for external configuration, Volumes for persistence, and Deployments and StatefulSets as pod blueprints with replication, where StatefulSets are specifically for stateful apps like databases. With just these core components you can build powerful clusters.

Nana credits a sponsor here: Kasten and its K10 data management platform for Kubernetes, which handles backup and restore so cluster administrators do not have to, with a simple UI and a free tier for up to 10 nodes.

How configuration actually works: declarative YAML

How do you create those components. All configuration goes through the master's API server. Clients (a UI, an API such as a script or a curl command, or the kubectl command line tool) send configuration requests to the API server, the single entry point, in YAML or JSON format.

Here is the shape of a Deployment request in YAML. It tells Kubernetes to create two replica pods named my-app, each with a container based on my-image, plus the environment variables and port for the container:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
spec:
  replicas: 2
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: my-app
          image: my-image
          ports:
            - containerPort: 8080
          env:
            - name: SOME_ENV
              value: some-value

The crucial idea: Kubernetes configuration is declarative. You declare your desired outcome and Kubernetes works to meet it. If you declare two replicas and one dies, the controller manager sees the actual state (one) differs from the desired state (two) and recovers automatically by restarting the second replica.

The three parts of every config file

Every configuration file has three parts:

metadata. Information about the component, including its name.
spec (specification). Where you put all configuration for that component. The attributes are specific to the kind: a Deployment has Deployment attributes, a Service has its own. The first two lines, apiVersion and kind, declare what you are creating, and you look up the right apiVersion per component.
status. Generated and updated automatically by Kubernetes. Kubernetes continuously compares the desired state (your spec) with the actual state (the status). If they differ, it knows something needs fixing and tries to fix it. This is the basis of Kubernetes self healing.

Where does the status data come from. From etcd, the cluster brain, which holds the current status of every component at any time.

Two practical notes. YAML is straightforward but very strict about indentation: one wrong indent makes the file invalid. And the usual practice is to store config files with your application code as part of infrastructure as code, or in their own Git repository dedicated to the configuration.

Setting up locally: Minikube and kubectl

A production cluster has multiple masters (at least two) and multiple workers, each a separate virtual or physical machine with its own responsibility. Standing that up just to test something locally is difficult or impossible without enough memory and CPU. So there is Minikube: an open source one node cluster where the master processes and the worker processes both run on a single node, with a Docker container runtime preinstalled so you can run pods on it.

To interact with that cluster you use kubectl, the command line tool for Kubernetes. Minikube runs the API server (the entry point), and you reach it through a client. Of the three clients (UI dashboard, the Kubernetes API, and kubectl), kubectl is the most powerful, because with it you can do anything in the cluster. When kubectl submits commands to the API server, the worker processes on the Minikube node actually create or destroy the pods and services. Important: kubectl is not just for Minikube, it is the tool to interact with any cluster, cloud or hybrid included.

Install and start

There are many install methods by operating system. The best source is the official documentation; Minikube can run as a container or a virtual machine, so check the resource requirements first. On macOS with Homebrew:

brew install minikube

Then start a cluster. Minikube needs a driver, a container or VM tool, and Docker is the preferred driver on all operating systems. A subtle point worth keeping straight: there are two layers of Docker. Minikube itself runs as a Docker container on your machine (Docker as the driver), and inside Minikube, Docker is packaged to run your application containers. If you already have Docker installed and running you are set; otherwise install Docker Desktop, then:

minikube start --driver=docker

The first run takes a while because it creates the cluster and downloads the necessary images; later starts are faster. Check it:

minikube status
kubectl get node

kubectl get node shows one node that is both control plane and worker at once, with its status, Kubernetes version (here 1.22), and age. kubectl is installed automatically as a dependency of Minikube, so you do not install it separately. From here, Minikube is only for starting and deleting the cluster; everything else you do through kubectl.

The complete demo: MongoDB plus a web app

Now the realistic deploy. The plan: a MongoDB database, a web application that connects to it using external configuration from a ConfigMap and a Secret, and the web app made accessible from a browser. Nana works the way you actually work, referencing the Kubernetes documentation for syntax and pulling the web app image from Docker Hub, where it is publicly available.

Four files: a ConfigMap with the MongoDB endpoint, a Secret with the username and password, a mongo.yaml for the MongoDB Deployment and Service, and a webapp.yaml for the web app Deployment and Service.

1. ConfigMap (mongo-config.yaml)

The data section holds key value pairs of external configuration. Here one key, the MongoDB URL, whose value is the name of the service to be created for MongoDB:

apiVersion: v1
kind: ConfigMap
metadata:
  name: mongo-config
data:
  mongo-url: mongo-service

2. Secret (mongo-secret.yaml)

A Secret looks like a ConfigMap but uses type: Opaque (the generic type for secret data) and base64 encoded values. Encode values first:

echo -n mongouser | base64
echo -n mongopassword | base64

apiVersion: v1
kind: Secret
metadata:
  name: mongo-secret
type: Opaque
data:
  mongo-user: bW9uZ291c2Vy
  mongo-password: bW9uZ29wYXNzd29yZA==

3. MongoDB Deployment and Service (mongo.yaml)

A Deployment is more complex than a ConfigMap or Secret. The heart of it is the template, which defines the pod blueprint and has its own metadata and spec, just like the Deployment does. Inside the pod spec is the list of containers, where you set the image (mongo:5.0, from Docker Hub) and the containerPort the container listens on.

Then the labels. In Kubernetes you can give any component key value labels as extra identifiers beyond the name. Labels matter because replicas of the same pod each get a unique name but can share a label, so you can address all replicas of an app by a label. For pods, labels are required; for other components they are optional but good practice. The Deployment's selector.matchLabels is how Kubernetes knows which pods belong to this Deployment: it matches pods carrying that label. The keys are arbitrary, but the common standard is to use app as the key.

The MongoDB Deployment uses one replica (it is a database, and scaling databases properly needs a StatefulSet, kept simple here):

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mongo-deployment
  labels:
    app: mongo
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mongo
  template:
    metadata:
      labels:
        app: mongo
    spec:
      containers:
        - name: mongodb
          image: mongo:5.0
          ports:
            - containerPort: 27017
          env:
            - name: MONGO_INITDB_ROOT_USERNAME
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-user
            - name: MONGO_INITDB_ROOT_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-password

Note the environment variables. The MongoDB image documentation gives the variable names for the root username and password (MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD), required fields you must set or you cannot access the database. Rather than hard coding values, each one is pulled with valueFrom and secretKeyRef, naming the Secret (mongo-secret) and the key (mongo-user, mongo-password). Kubernetes finds the Secret, reads the value for that key, and substitutes it.

The Service goes in the same file, separated by the standard YAML document separator ---. A Service needs a selector so it knows which pods to forward to (the same label the pods carry), a port (the port the service is reachable on inside the cluster, here any value you choose) and a targetPort (the port of the pods, which should equal the container port, since that is where the app listens). Keeping port and targetPort the same is a common simplifying convention:

---
apiVersion: v1
kind: Service
metadata:
  name: mongo-service
spec:
  selector:
    app: mongo
  ports:
    - protocol: TCP
      port: 27017
      targetPort: 27017

The service name, mongo-service, is exactly the endpoint the ConfigMap pointed at.

4. Web app Deployment and Service (webapp.yaml)

The web app file is the same shape with the labels and image swapped. The image is Nana's publicly available Node.js demo (nanajanashia/k8s-demo-app:v1.0), which starts on port 3000, so the container port, target port, and service port are all 3000.

The web app needs three pieces of data passed as environment variables: a username and password (which it expects under its own names), and the database endpoint. The username and password come from the Secret; the database URL comes from the ConfigMap using configMapKeyRef instead of secretKeyRef. An advantage Nana highlights: define the config once, reference it from as many applications as you like (ten apps, ten references, one source of truth).

To make the web app reachable from a browser, its Service must be external. The default service type is ClusterIP (internal only). Set type: NodePort and add a third port, nodePort, which opens on the cluster nodes so the service is reachable at the node IP plus that port. The NodePort range is fixed: it must be between 30000 and 32767.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: webapp-deployment
  labels:
    app: webapp
spec:
  replicas: 1
  selector:
    matchLabels:
      app: webapp
  template:
    metadata:
      labels:
        app: webapp
    spec:
      containers:
        - name: webapp
          image: nanajanashia/k8s-demo-app:v1.0
          ports:
            - containerPort: 3000
          env:
            - name: USER_NAME
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-user
            - name: USER_PWD
              valueFrom:
                secretKeyRef:
                  name: mongo-secret
                  key: mongo-password
            - name: DB_URL
              valueFrom:
                configMapKeyRef:
                  name: mongo-config
                  key: mongo-url
---
apiVersion: v1
kind: Service
metadata:
  name: webapp-service
spec:
  type: NodePort
  selector:
    app: webapp
  ports:
    - protocol: TCP
      port: 3000
      targetPort: 3000
      nodePort: 30100

With this, no configuration values are hard coded in the deployment files, only references, which keeps the configuration clean: change a value in the ConfigMap or Secret and nothing in the deployments needs to change.

Applying it, in order

The Minikube cluster is running but empty. Create the external configurations first, because the MongoDB and web app deployments reference them. kubectl apply -f takes a config file and creates whatever is defined inside:

kubectl apply -f mongo-config.yaml
kubectl apply -f mongo-secret.yaml
kubectl apply -f mongo.yaml
kubectl apply -f webapp.yaml

Create the database before the web app, because the web app depends on it. Then verify:

kubectl get all

kubectl get all shows deployments, the pods behind them, and the services. You should see the mongo and webapp deployments with one replica each, plus the mongo-service and webapp-service, the latter of type NodePort (so it is reachable externally). ConfigMaps and Secrets are not in get all; fetch them directly:

kubectl get configmap
kubectl get secret

Interacting with the cluster: the kubectl commands

kubectl is a powerful tool with many subcommands. Use its built in help as documentation:

kubectl --help            # lists all subcommands
kubectl get --help        # help and examples for one subcommand

The everyday commands Nana demonstrates:

List components. kubectl get pod, kubectl get service (or svc), kubectl get configmap, kubectl get secret. The pattern is kubectl get <component>.
More detail. kubectl describe service webapp-service or kubectl describe pod <pod-name> gives detailed output, including how the pod was scheduled, container configuration, and labels.
Logs. kubectl logs <pod-name> shows the logs of the container inside, for troubleshooting and debugging. Stream them with kubectl logs -f <pod-name>.
Wide output. Add -o wide to any get command (for example kubectl get node -o wide) for extra information like the node IP address.

kubectl get pod
kubectl describe pod <pod-name>
kubectl logs <pod-name>
kubectl logs -f <pod-name>
kubectl get node -o wide

Reaching the app in a browser

The NodePort service is always reachable at the IP address of the cluster node. With one node (Minikube), get its IP:

minikube ip
# or
kubectl get node -o wide

Then open http://<minikube-ip>:30100 in a browser. There is the web application, connected to MongoDB. Nana validates the connection by editing something in the app and saving it: because the write goes to MongoDB, refreshing the page shows the change still there. The app deploys with its database in Kubernetes, which is a blueprint configuration for most common application setups.

Component	What it solves	Stateless or stateful
Pod	A running environment around one (or a few) containers, abstracting the runtime	The unit of scheduling
Service	A stable IP and DNS name that outlives ephemeral pods, plus load balancing	ClusterIP internal, NodePort external
Ingress	A clean front door: https and a domain name instead of node IP plus port	Routes external traffic in
ConfigMap	External non secret config (URLs, endpoints) without rebuilding the image	Mounted as env vars or files
Secret	Credentials in base64, meant to be encrypted by third party tools	Base64 is not encryption
Volume	Persistent storage attached to a pod, local or remote	You manage backups, not Kubernetes
Deployment	A pod blueprint with replica count and scaling, the self healing target	Stateless apps
StatefulSet	Replication with synchronized reads and writes for shared data	Databases, stateful apps

Figure 3. The component ledger. Read top to bottom and it is the same story the demo tells: a pod needs a stable address (Service), a clean URL (Ingress), externalized config and credentials (ConfigMap and Secret), durable storage (Volume), and a replication strategy that depends on whether the workload is stateless (Deployment) or stateful (StatefulSet).

Figure 4. The hands on loop. You write declarative YAML, push it through kubectl apply -f to the API server, the master schedules the pods onto the worker and keeps them at the desired state, and you reach the app at the node IP plus the NodePort. Throughout, kubectl get, describe, and logs are how you see what the cluster is doing.

Key takeaways

Kubernetes is container orchestration, born from microservices producing apps with hundreds or thousands of containers that scripts could not manage. It guarantees high availability, scalability, and disaster recovery.
The cluster is one master plus many workers. The master runs the API server (entry point), scheduler, controller manager, and etcd (the state store). Workers run kubelets and pods. Run at least two masters in production.
Every component earns its keep by fixing a real problem. Pod is the runtime abstraction; Service gives a stable IP because pods are ephemeral; Ingress gives a clean URL; ConfigMap externalizes config; Secret holds credentials (base64, not encrypted); Volume persists data Kubernetes will not manage for you; Deployment replicates stateless apps; StatefulSet replicates stateful ones with synchronized reads and writes.
Configuration is declarative YAML with three parts: metadata, spec, and an auto generated status. Kubernetes constantly reconciles desired state against actual state, which is what self healing is. YAML indentation is strict.
Minikube is a one node cluster for your laptop; kubectl talks to any cluster. Install Minikube, start it with the Docker driver, and Minikube ships kubectl as a dependency.
The demo is a reusable blueprint. ConfigMap and Secret first, then the database, then the web app, all applied with kubectl apply -f, all referencing config rather than hard coding it.
NodePort exposes a service externally at the node IP plus a port in the 30000 to 32767 range, which is how the browser reaches the demo app.
kubectl get, describe, and logs are the daily tools for listing components, seeing detail, and debugging; add -o wide for more, and -f to stream logs.

Chapters

0:00:00 Intro and Course Overview 0:01:44 What is Kubernetes 0:04:33 Kubernetes Architecture 0:09:29 Node & Pod 0:12:19 Service & Ingress 0:14:31 ConfigMap & Secret 0:17:52 Volume 0:19:46 Deployment & StatefulSet 0:26:28 Kubernetes Configuration 0:32:39 Minikube and Kubectl - Setup K8s cluster locally 0:41:17 Complete Demo Project: Deploy WebApp with MongoDB 1:05:40 Interacting with Kubernetes Cluster 1:11:03 Congrats! You made it to the end

Notable quotes

"Kubernetes is an open source container orchestration framework which was originally developed by Google." (0:01:44)
"High availability in simple words means that the application has no downtime so it's always accessible by the users." (0:02:30)
"A pod is basically an abstraction over a container." (0:09:40)
"Pod components in Kubernetes are ephemeral, which means that they can die very easily." (0:11:10)
"The life cycles of service and the pod are not connected, so even if the pod dies, the service and its IP address will stay." (0:13:00)
"Base64 encoding a secret doesn't make it automatically secure. The secret components are meant to be encrypted using third party tools, because Kubernetes doesn't encrypt them out of the box." (0:16:30)
"Kubernetes cluster explicitly doesn't manage any data persistence, which means that you as a Kubernetes user or an administrator are responsible for backing up the data." (0:19:00)
"In practice you would not be working with pods or creating pods, you would be creating deployments." (0:21:00)
"MySQL, MongoDB, Elasticsearch, or any other stateful applications or databases should be created using stateful sets and not deployments. It's a very important distinction." (0:23:40)
"The configuration requests in Kubernetes are declarative form, so we declare what is our desired outcome from Kubernetes and Kubernetes tries to meet those requirements." (0:27:30)
"Kubectl isn't just for Minikube cluster. If you have a cloud cluster or a hybrid cluster, kubectl is the tool to use to interact with any type of Kubernetes cluster setup." (0:38:30)

Resources mentioned

Kubernetes, the open source container orchestration framework taught throughout, and its official documentation.
TechWorld with Nana (YouTube channel), the host's channel for DevOps education.
Google, the original developer of Kubernetes.
Docker and Docker Desktop, the container runtime and the local install used as the Minikube driver.
Docker Hub, where the MongoDB and demo web app images are pulled from.
Minikube, the one node local Kubernetes cluster.
kubectl, the command line tool for any Kubernetes cluster.
Homebrew, the macOS package manager used to install Minikube.
etcd, the key value store that holds cluster state and powers backup and restore.
Kubernetes Pods, Services, and Ingress, the communication components.
ConfigMaps and Secrets, the external configuration components.
Volumes, persistent storage attached to pods.
Deployments and StatefulSets, the pod blueprints with replication.
Kubernetes Dashboard, the UI client to the API server.
MongoDB, MySQL, and Elasticsearch, the stateful applications cited as StatefulSet candidates.
Node.js, the runtime of the demo web app (starts on port 3000).
YAML, the configuration file format.
Microservices, the architecture trend that drove container adoption.
Kasten and its K10 platform, the sponsor, a backup and restore tool for Kubernetes.
Certified Kubernetes Administrator (CKA), the Linux Foundation exam Nana's full administrator course prepares for.

Where it stands

This is a beginner crash course, and it is honest about being one: Nana says up front that Kubernetes is complex and that this hour gets you started, not certified, pointing serious learners to her full administrator and DevOps programs and the CKA exam. A few things are deliberately simplified for teaching and worth flagging so the page does not over promise. The demo runs the MongoDB database as a single replica Deployment, which directly contradicts the StatefulSet lesson taught earlier; Nana says so explicitly, choosing simplicity over correctness for the demo, but in a real system a database belongs in a StatefulSet or, more commonly, outside the cluster entirely. The demo also skips the Volume for the database, so the demo data would not survive a pod restart, which is fine for a walkthrough and not for production. Secrets are shown base64 encoded only, and the course is clear that base64 is encoding, not encryption, and that real clusters need third party encryption. Ingress is explained but not used in the demo, which reaches the app through a NodePort, a test pattern rather than a production front door. None of this is wrong, it is the standard shape of an introductory tutorial, and the architecture, the component model, and the declarative YAML workflow are all mainstream and accurate. The version shown (Kubernetes 1.22, Minikube of that era) has moved on since 2021, but the concepts and the kubectl workflow are stable and remain the right mental model for learning Kubernetes today.

Full transcript

hello and welcome to the kubernetes crash course where i will teach you everything you need to know to get started with kubernetes in one hour i am nana and i have taught hundreds of thousands of people how to advance their devops skills through my youtube channel online courses and the devops educational program if you're new here be sure to subscribe because i upload new videos all the time now let's look at an overview of what you will learn first of all we'll see what is kubernetes and why do we need it and why did it become so popular second we will go through the kubernetes architecture and you will see how kubernetes actually works in the background after that we will cover main kubernetes components that you need to learn to work efficiently with kubernetes and finally we will do a hands-on demo project to get your first practical experience with kubernetes now kubernetes is a very popular but also a very complex technology so this crash course will help you get your first experience to get started with kubernetes but if by the end of the video you decide to deepen your knowledge in kubernetes and are thinking about a career as a kubernetes administrator my new complete kubernetes administrator course will be a great resource for you where you will learn how to build configure and manage kubernetes clusters from scratch the course is also dedicated to help you pass the cka exam from linux foundation to become a certified kubernetes administrator now we have a lot to cover in this video so let's jump right into it so let's jump in right into the definition what is kubernetes so kubernetes is an open source container orchestration framework which was originally developed by google so on the foundation it manages containers be docker containers or from some other technology which basically means that kubernetes helps you manage applications that are made up of hundreds or maybe thousands of containers and it helps you manage them in different environments like physical machines virtual machines or cloud environments or even hybrid deployment environments so what problems does kubernetes solve and what are the tasks of a container orchestration tool actually so to go through this chronologically the rise of microservices caused increased usage of container technologies because the containers actually offer the perfect host for small independent applications like microservices and the rise of containers and the micro service technology actually resulted in applications they're now comprised of hundreds or sometimes maybe even thousands of containers managing those loads of containers across multiple environments using scripts and self-made tools can be really complex and sometimes even impossible so that specific scenario actually caused the need for having container orchestration technologies so what those orchestration tools like kubernetes do is actually guarantee following features one is high availability in simple words high availability means that the application has no downtime so it's always accessible by the users a second one is scalability which means you can scale your applications fast when you have more load on it and more users are trying to access it and the same way you can easily scale it down when the load goes down so it makes your application more flexible to adjust to the increasing or decreasing load and the third one is disaster recovery which basically means that if an infrastructure has some problems like data is lost or the servers explode or something bad happens with the service center the infrastructure has to have some kind of mechanism to back up the data and to restore it to the latest state so that application doesn't actually lose any data and the containerized application can run from the latest state after the recovery and all of these are functionalities that container orchestration technologies like kubernetes offer so how does the kubernetes basic architecture actually look like the kubernetes cluster is made up with at least one master node and then connected to it you have a couple of worker nodes where each node has a cubelet process running on it and cubelet is actually a kubernetes process that makes it possible for the cluster to talk to each other to communicate to each other and actually execute some tasks on those nodes like running application processes each worker node has containers of different applications deployed on it so depending on how the workload is distributed you would have different number of docker containers running on worker nodes and worker nodes are where the actual work is happening so here is where your applications are running so the question is what is running on masternode masternode actually runs several kubernetes processes that are absolutely necessary to run and manage the cluster properly one of such processes is an api server which also is a container an api server is actually the entry point to the kubernetes cluster so this is the process which the different kubernetes clients will talk to like ui if you're using kubernetes dashboard an api if you're using some scripts and automating technologies and a command line tool so all of these will talk to the api server another process that is running on master node is a controller manager which basically keeps an overview of what's happening in the cluster whether something needs to be repaired or maybe if a container died and it needs to be restarted etc and another one is scheduler which is basically responsible for scheduling containers on different nodes based on the workload and the available server resources on each node so it's an intelligent process that decides on which worker node the next container should be scheduled on based on the available resources on those worker nodes and the load that that container needs and another very important component of the whole cluster is actually an etcd key value storage which basically holds at any time the current state of the kubernetes cluster so it has all the configuration data inside and all the status data of each node and each container inside of that node and the backup and restore that we mentioned previously is actually made from these etcd snapshots because you can recover the whole cluster state using that etcd snapshot and last but not least also a very important component of kubernetes which enables those nodes worker nodes masternodes talk to each other is the virtual network that spans all the nodes that are part of the cluster and in simple words virtual network actually turns all the nodes inside of a cluster into one powerful machine that has the sum of all the resources of individual nodes one thing to be noted here is that worker knows because they actually have most load because they are running the applications on inside of it usually are much bigger and have more resources because they will be running hundreds of containers inside of them whereas master node will be running just a handful of master processes like we see in this diagram so it doesn't need that many resources however as you can imagine masternode is much more important than the individual worker nodes because if for example you lose a masternode access you will not be able to access the cluster anymore and that means that you absolutely have to have a backup of your master at any time so in production environments usually you would have at least two masters inside of your kubernetes cluster but in more cases of course you're going to have multiple musters where if one muster node is down the cluster continues to function smoothly because you have other masters available in this video we're going to learn about the main kubernetes components that we as kubernetes administrators or users will be working with most of the time to make it easier to understand all these components i'm gonna build a simple use case of a web application with a simple database and i'm gonna show you step by step how each component in kubernetes helps you deploy such an application setup and what is the role of each of these components so let's start with the basic setup of a worker node or in kubernetes terms a node which is a simple server a physical or virtual machine and the basic component or the smallest unit of kubernetes is a pod so what pod is is basically an abstraction over a container so if you're familiar with docker containers or container images so basically what pod does is it creates this running environment or a layer on top of the container and the reason is because kubernetes wants to abstract away the container runtime or container technologies so that you can replace them if you want to and also because you don't have to directly work with docker or whatever container technology you use in a kubernetes so you only interact with the kubernetes layer so we have an application pod which is our own application and that will maybe use a database pod with its own container and this is also an important concept here pod is usually meant to run one application container inside of it you can run multiple containers inside one pod but usually it's only the case if you have one main application container and the helper container or some side service that has to run inside of that pod and as you see this is nothing special you just have one server and two containers running on it with a abstraction layer on top of it so now let's see how they communicate with each other in kubernetes world so kubernetes offers out of the box a virtual network which means that each pod gets its own ip address not the container the pod gets the ip address and each pod can communicate with each other using that ip address which is an internal ip address obviously it's not the public one so my application container can communicate with database using the ip address however pod components in kubernetes also an important concept are ephemeral which means that they can die very easily and when that happens for example if i lose a database container because the container crashed because the application crashed inside or because the nodes the server that i'm running them on ran out resources the pod will die and a new one will get created in its place and when that happens it will get assigned a new ip address which obviously is inconvenient if you are communicating with the database using the ip address because now you have to adjust it every time pod restarts and because of that another component of kubernetes called service is used so service is basically a static ip address or permanent ip address that can be attached so to say to each pod so my app will have its own service and database pod will have its own service and the good thing here is that the life cycles of service and the pod are not connected so even if the pod dies the service and its ip address will stay so you don't have to change that endpoint anymore so now obviously you would want your application to be accessible through a browser right and for this you would have to create an external service so external services a service that opens the communication from external sources but obviously you wouldn't want your database to be open to the public requests and for that you would create something called an internal service so this is a type of a service that you specify when creating one however if you notice the url of the external service is not very practical so basically what you have is an http protocol with a node ip address so of the node not the service and the port number of the service which is good for test purposes if you want to test something very fast but not for the end product so usually you would want your url to look like this if you want to talk to your application with a secure protocol and a domain name and for that there is another component of kubernetes called ingress so instead of service the request goes first to ingress and it does the forwarding then to the service so now we saw some of the very basic components of kubernetes and as you see this is a very simple setup we just have a one server and a couple of containers running and some services nothing really special where kubernetes advantages or the actual cool features really come forward but we're gonna get there step by step so let's continue so as we said pods communicate with each other using a service so my application will have a database endpoint let's say called mongodb service that it uses to communicate with the database but whether you configure usually this database url or endpoint usually you would do it in application properties file or as some kind of external environmental variable but usually it's inside of the built image of the application so for example if the endpoint of the service or service name in this case changed to mongodb you would have to adjust that url in the application so usually you'd have to rebuild the application with a new version and you have to push it to the repository and now you'll have to pull that new image in your pod and restart the whole thing so a little bit tedious for a small change like database url so for that purpose kubernetes has a component called config map so what it does is it's basically your external configuration to your application so config map would usually contain configuration data like urls of a database or some other services that you use and in kubernetes you just connect it to the pod so that pod actually gets the data that config map contains and now if you change the name of the service the endpoint of the service you just adjust the config map and that's it you don't have to build a new image and have to go through this whole cycle now part of the external configuration can also be database username and password right which may also change in the application deployment process but putting a password or other credentials in a config map in a plain text format would be insecure even though it's an external configuration so for this purpose kubernetes has another component called secret so secret is just like config map but the difference is that it's used to store secret data credentials for example and it's stored not in a plain text format but in base 64 in encoded format but of course basics before encoding a secret doesn't make it automatically secure the secret components are meant to be encrypted using third-party tools in kubernetes because kubernetes doesn't encrypt them out of the box and there are tools for that from cloud providers or separate third-party tools that you can deploy on kubernetes to encrypt your secrets and that will make secrets secure so secret would contain things like credentials and of course i mean database user you could also put in config map but what's important is the passwords certificates things that you don't want other people to have access to would go in the secret and just like config map you just connect it to your pod so that pod can actually see those data and read from the secret you can actually use the data from configmap or secret inside of your application pod using for example environmental variables or even as a properties file so now let's see another very important concept generally which is data storage and how it works in kubernetes so we have this database pod that our application uses and it has some data or it generates some data with this setup that you see now if the database container or the pod gets restarted the data would be gone and that's problematic and inconvenient obviously because you want your database data or log data to be persisted reliably long term and the way you can do it in kubernetes is using another component of kubernetes called volumes and how it works is that it basically attaches a physical storage on a hard drive to your pod and that storage could be either on a local machine meaning on the same server node where the pod is running or it could be on a remote storage meaning outside of the kubernetes cluster it could be a cloud storage or it could be your own premise storage which is not part of the kubernetes cluster so you just have an external reference on it so now when the database pod or container gets restarted all the data will be there persisted it's important to understand the distinction between the kubernetes cluster and all of its components and the storage regardless of whether it's a local or remote storage think of a storage as an external hard drive plugged in into the kubernetes cluster because the point is kubernetes cluster explicitly doesn't manage any data persistence which means that you as a kubernetes user or an administrator are responsible for backing up the data replicating and managing it and making sure that it's kept on a proper hardware etc because it's not taking care of kubernetes so now let's see everything is running perfectly and a user can access our application through a browser now with this setup what happens if my application pod dies right crashes or i have to restart the pod because i built a new container image basically i would have a downtime where a user can reach my application which is obviously a very bad thing if it happens in production and this is exactly the advantage of distributed systems and containers so instead of relying on just one application part and one database part etc we are replicating everything on multiple servers so we would have another node where a replica or clone of our application would run which will also be connected to the service so remember previously we said the service is like a persistent static ip address with a dns name so that you don't have to constantly adjust the end point when a pod dies but service is also a load balancer which means that the service will actually catch the request and forward it to whichever part is least busy so it has both of these functionalities but in order to create the the second replica of the my application pod you wouldn't create a second part but instead you will define a blueprint for a my application pod and specify how many replicas of that pod you would like to run and that component or that blueprint is called deployment which is another component of kubernetes and in practice you would not be working with pods or you would not be creating pods you would be creating deployments because there you can specify how many replicas and you can also scale up or scale down the number of replicas of pots that you need so with pot we said that pot is a layer of abstraction on top of containers and deployment is another abstraction on top of pots which makes it more convenient to interact with the pods replicate them and do some other configuration so in practice you would mostly work with deployments and not with pods so now if one of the replicas of your application pod would die the service will forward the requests to another one so your application would still be accessible for the user so now you're probably wondering what about the database pod because if the database part died your application also wouldn't be accessible so we need a database replica as well however we can't replicate database using a deployment and the reason for that is because database has a state which is its data meaning that if we have clones or replicas of the database they would all need to access the same shared data storage and there you would need some kind of mechanism that manages which parts are currently writing to that storage or which pods are reading from the storage in order to avoid data inconsistencies and that mechanism in addition to replicating feature is offered by another kubernetes component called statefulset so this component is meant specifically for applications like databases so mysql mongodb elasticsearch or any other stateful applications or databases should be created using stateful sets and not deployments it's a very important distinction and stateful said just like deployment would take care of replicating the pots and scaling them up or scaling them down but making sure the database reads and writes are synchronized so that no database inconsistencies are offered however i must mention here that deploying database applications using stateful sets in kubernetes cluster can be somewhat tedious so it's definitely more difficult than working with deployments where you don't have all these challenges that's why it's also a common practice to host database applications outside of the kubernetes cluster and just have the deployments or stateless applications that replicate and scale with no problem inside of the kubernetes cluster and communicate with the external database so now that we have two replicas of my application pod and two replicas of the database and they're both load balanced our setup is more robust which means that now even if node one the whole node server was actually rebooted or crashed and nothing could run on it we would still have a second node with application and database pods running on it and the application would still be accessible by the user until these two replicas get recreated so you can avoid downtime so to summarize we have looked at the most used kubernetes components we start with the pods and the services in order to communicate between the parts and the ingress component which is used to route traffic into the cluster we've also looked at external configuration using config maps and secrets and data persistence using volumes and finally we've looked at pod blueprints with replicating mechanisms like deployments and stateful sets where stateful set is used specifically for stateful applications like databases just using these core components you can actually build pretty powerful kubernetes clusters before moving on i want to give a shout out to castin who made this video possible kessen's k10 is the data management platform for kubernetes k10 basically takes off most of the load of doing backup and restore in kubernetes from the cluster administrators it has a very simple ui so it's super easy to work with and has an intelligent logic which does all the heavy lifting for you and with my link you can download k10 for free and get 10 nodes free forever to do your kubernetes backups so make sure to check out the link in the video description and now let's continue so now that we have seen the basic concepts of kubernetes how do we actually create those components like pods and services to configure the kubernetes cluster all the configuration in kubernetes cluster actually goes through a master node with the process called api server which we mentioned briefly earlier so kubernetes clients which could be a ui a kubernetes dashboard for example or an api which could be a script or a curl command or a command line tool like cubectl they all talk to the api server and they send their configuration requests to the api server which is the main entry point or the only entry point into the cluster and these requests have to be either in yaml format or json format and this is how example configuration in yaml format actually looks like so with this we are sending a request to kubernetes to configure a component called deployment which is basically a template or a blueprint for creating pods and in this specific configuration example we tell kubernetes to create two replica pods for us called my app with each pod replica having a container based on my image running inside in addition to that we configure what the environment variables and the port configuration of this container inside of the pod should be and as you see the configuration requests in kubernetes are declarative form so we declare what is our desired outcome from kubernetes and kubernetes tries to meet those requirements meaning for example since we declare we want two replica parts of my app deployment to be running in the cluster and one of those parts dies the controller manager will see that the ease and shoot states now are different the actual state is one part our desired state is 2 so it goes to work to make sure that this desired state is recovered automatically restarting the second replica of that pod so here i have examples of a deployment and service configuration files side by side so the first thing is that every configuration file in kubernetes has three parts the first part is where the metadata of that component that you're creating resides and one of the metadata is obviously name of the component itself the second part in the configuration file is specification so each component's configuration file will have a specification where you basically put every kind of configuration that you want to apply for that component the first two lines here as you see is just declaring what you want to create here we are creating deployment and here we're creating a service and this is basically you have to look up for each component there's a different api version so now inside of the specification part obviously the attributes will be specific to the kind of a component that you're creating so deployment will have its own attributes that only apply for deployment and the service will have its own stuff but i said there are three parts of a configuration file and we just see metadata and the specification so where's the third part so the third part will be a status but it's going to be automatically generated and edit by kubernetes so the way it works is that kubernetes will always compare what is the desired state and what is the actual state or the status of that component and if the status and desired state do not match then kubernetes knows there's something to be fixed there so it's gonna try to fix it and this is the basis of the self-healing feature that kubernetes provides for example here you specify you want two replicas of nginx deployment so when you apply this when you actually create the deployment using this configuration file that's what apply means kubernetes will add here the status of your deployment and it will update that state continuously so for example if a status at some point will say just one replica is running then kubernetes will compare that status with the specification and we'll know there is a problem there another replica needs to be created sap now another interesting question here is where does kubernetes actually get the status data to automatically add here or update continuously that information comes from the icd remember the cluster brain one of the master processes that actually stores the cluster data so it cd holds at any time the current status of any kubernetes component and that's where the status information comes from so as you see the format of the configuration files is yemel that's why the extension here and generally it's pretty straightforward to understand it's a very simple format but yaml is very strict about the indentations so for example if you have something wrongly indented here your file will be invalid but other than that it's pretty simple another thing is where do you actually store those configuration files a usual practice is to store them with your code because since the deployment and service is going to be applied to your application it's a good practice to store these configuration files in your application code so usually it will be part of the whole infrastructure as a code concept or you can also have its own git repository just for the configuration files so in this video i'm going to show you what mini cube and cube ctl are and how to set them up so first of all let's see what is mini cube usually in kubernetes world when you are setting up a production cluster it will look something like this so you would have multiple masters at least two in a production setting and you would have multiple worker nodes and master nodes and the worker nodes have their own separate responsibility so as you see on the diagram you would have actual separate virtual or physical machines that each represent a note now if you want to test something on your local environment or if you want to try something out very quickly for example deploying new application or new components and you want to test it on your local machine obviously setting up a cluster like this will be pretty difficult or maybe even impossible if you don't have enough resources like memory and cpu etc and exactly for the use case there's this open source tool that is called a mini cube so what a mini cube is is basically one node cluster where the master processes and the worker processes both run on one node and this node will have a docker container runtime pre-installed so you will be able to run the containers or the pods with containers on this node so now that you have this virtual node on your local machine that represents mini cube you need some way to interact with that cluster so you need a way to create pods and other kubernetes components on the node and the way to do it is using cubectl which is a command line tool for kubernetes cluster so let's see how it actually works remember we said that minicube runs both master and work processes so one of the master processes called api server is actually the main entry point into the kubernetes cluster so if you want to do anything in the kubernetes if you want to configure anything create any component you first have to talk to the api server and the way to talk to the api server is through different clients so you can have a ui like a dashboard you can talk to it using kubernetes api or a command line tool which is cubectl and cubectl is actually the most powerful of all the three clients because with cube cdl you can basically do anything in the kubernetes that you want and throughout this video tutorials we're going to be using cube ctl mostly so once the cube ctl submits commands to the api server to create components delete components etc the work processes on minicube node will actually make it happen so they will be actually executing the commands to create the parts to destroy the parts to create services etc so this is the mini cube setup and this is how cubectl is used to interact with the cluster an important thing to note here is that kipctl isn't just for minikube cluster if you have a cloud cluster or a hybrid cluster whatever cube ctl is the tool to use to interact with any type of kubernetes cluster setup so that's important to note here so now that we know what mini cube and cube ctl are let's actually install them to see them in practice now let's see how to install and run mini cube there are many different ways depending on your operating system and its architecture so the best way is to reference the official documentation and here as you see minicube can run either as a container or a virtual machine and these are the resource requirements to run minicube on your machine so make sure you have enough resources for installation you just select the correct data for your machine in my case it's going to be mac os with a home homebrew installation and with one simple brew installed mini cube command i can basically install mini cube like this and as you see the latest mini cube version has been installed once minicube is installed we want to actually start or create a mini cube cluster which is also super easy as you see we simply execute a mini cube start however as i mentioned minicube must start either as a container or a virtual machine so we need either a container or a virtual machine tool installed on our laptop to run mini cube and this is going to be the driver for mini cube and opening the drivers page you see the list of supported drivers for linux mac os and windows and you see that docker is actually the preferred driver for running mini cube on all operating systems now this may be a little bit confusing because as you know inside the kubernetes cluster we run docker containers and it's important to note here that mini cube insulation actually comes with docker already installed to run those containers but docker as a driver from minicube means that we are hosting minicube on our local machine as a docker container itself so we have two layers of docker mini cube running is a docker container and inside mini cube we have docker packaged in minikube to run our application containers and for hosting minicube on our machine we can use docker so if you have docker already installed on your machine you're all set up to start a mini cube cluster if not also not a problem you can easily install it from here so clicking on install docker link this will take me to docker hub where i have docker desktop installation for windows and mac so i'm simply going to click in in my case docker desktop for mac and i'm gonna download and install docker and once downloaded just install it drag and drop into the applications folder and now we can start the docker daemon from the applications and as you see docker is starting up so the download and installation may take some time but once docker is installed and running we can switch back to the terminal and start the mini cube cluster using mini cube start command passing docker as a driver option using the driver flag with docker value and let's execute and this may also take a while when you're running it first time because it needs to actually create the cluster and download all the necessary images and components so the next time you do mini cube start it should actually go faster and as you see this command created a local kubernetes cluster on our machine with the latest kubernetes version 1.22 and now we can check the status of the cluster using minicube status command and we see that all the components inside are running and everything is configured and now start to actually interact with our cluster using command line tool and cubectl actually gets installed as a dependency when we install minicube which you see right here installing dependencies for minicube and kubernetes cli is actually cube ctl and that means we already have that available we don't have to install it so now i can do cube ctl get node and this will display all the nodes in the cluster in our case we just have one node which is control plane and the worker node at the same time and we see information for each node like the status the kubernetes version that it's running as well as when it was added to the cluster so with this we now have an actual kubernetes cluster running locally on our machine and we can start deploying applications in it so from this point on we are going to be interacting with the mini cube cluster using cubectl command line tool so minicube is basically just for the startup and for deleting the cluster but everything else configuring we're going to be doing through cubectl now we have enough knowledge to deploy a very simple but realistic application setup in a kubernetes cluster we will deploy a mongodb database and a web application which will connect to the mongodb database using external configuration data from config map and the secret and finally we will make our web application accessible externally from the browser so let's get right in so i have two resources here we're going to reference the kubernetes documentation to create our components which is a realistic way of working with kubernetes and also a docker hub where i have the web application image that i created which is publicly accessible so you can also pull it directly from the docker hub in your kubernetes cluster so first let's go ahead and create all the kubernetes configuration files that we need for deploying our application setup and for that i'm going to go to visual studio code where i have a kubernetes demo folder open and in this folder we're going to create four kubernetes configuration files that we need we're going to create a config map with mongodb database endpoint we're going to create a secret with username and password for mongodb and then we're going to create a configuration file for deploying a mongodb application and its service and then we're going to create kubernetes configuration file for deploying our simple demo app application with its service so the first file will be called config.yml and creating a config map in kubernetes is super simple for the syntax we can reference kubernetes documentation so i'm going to copy the first part here paste it in and that's basically the main syntax we're starting from let's call our config map config so we have the metadata and then we have the actual contents of this config map within the data attribute we have all the key value pairs that we define as external configuration within this config map in our case we just have one which we're going to call url as a key and of course we need a value for the mongodb url and the value will be the service that we're going to create for mongodb application and we're going to call that service service and in a couple of minutes you're going to see how to create this service and that will be basically all the configuration we need for creating config map so that one is done let's now go ahead and create secret dot yaml which will hold the username and password for mongodb application again to reference documentation i'm going to take this one and let's actually copy the whole thing so we have the secret kind instead of config map let's call this secret we have type opaque which is the generic type for defining secret data basically and we have the same data attribute here and let's actually create our own values let's call this [Music] user and password and as you already learned the values in secret are base64 encoded so we can just set the values plain text we have to encode them first and encoding values is super easy we're just gonna do echo and let's call it user base 64. encode it and the same way let's do paste those values and this will be our secret configuration and now when we create deployments for our applications we can reference any of the values defined in the secret or config map so let's see how that works again let's create a new file and let's call this dot yaml this is going to be a configuration file where we're going to create deployment and service for mongodb you can have separate files for them but it's a very common thing to put them together because all the deployments need services so you have them grouped in one yaml file and again let's reference the documentation for the deployment example syntax and we can then adjust the values as we need and as you see deployment configuration file looks a little bit more complex than configmap or a secret so let's go through the configuration and understand all these attributes so we have the metadata section and the specification and these are basically deployment specific configuration that we have in the specification section and let's start with the main part of the deployment which defines the blueprint for the pots and that blueprint is defined as a template so template basically is a configuration of the part within the configuration of deployment and you see that template section has its own metadata and own spec or specification just like deployment has its metadata and specification right so this part actually configures the pod within a deployment and in the specification of the pod we have the definition of containers so this is a list of containers as you learned you can have multiple containers in a pot but mostly one main application per pot and this is where we define which image will be used to create this pod in our case this is going to be a mongodb image and if we search for in docker hub that's basically the image name and you can find all the text in the text section and we're going to use the tag 5.0 so one go 5.0 that's where we define the image of the container within the pot we can name this mongodb this is just the name of the container and we also have the port where the container will listen and let's check our image and as you see mongodb starts at this port so we can just copy it and paste it in here so this basically just configures our deployment to create pods with a mongodb image version 5.0 so that's the core of a deployment now let's see what is all this other stuff here first of all we have this labels attribute in the metadata section and then we also have match labels attribute so what is this about in kubernetes you can give any component a key value pair labels so you can label anything from pod to deployment to configmap etc and labels basically are additional identifiers of the components in addition to the name for example so you can identify and address specific components using their labels now why do we need them first of all when we have multiple replicas of the same part each part will get a unique name however they can share the same label so we can identify all the part replicas of the same application using a specific label that all of them share and that's why in the metadata of the pod we always have this label so for pods labels is a required field for other components like deployment configmap etc labels is optional but it is a good practice to set them now when we create pod replicas how does deployment know which parts actually belong to it or how does kubernetes know which pods belong to which deployments and that is defined using this part right here so selector match labels is in the specification of the deployment as you see and this defines that all the parts that match this label belong to this deployment so that's why we have match labels here so this selector will match the pods created with this configuration because they have label app engine x now are these labels given or can you select any key value pairs well these are totally up to you you can call it whatever you want you can call it my key my value it doesn't really matter however the standard and a common practice in kubernetes is to use app key in the labels when labeling your applications and the value will obviously be whatever application you have so let's actually change and set the values to instead of nginx because that's our application and of course we want to match label app and let's also change this one right here to deployment and finally last attribute we have here is replicas which is super simple and straightforward this just defines how many pods you want to create using this blueprint in our case let's do just one replica because it's a database and as you learned if you want to scale databases in kubernetes you should use stateful set and not a deployment to keep everything simple we're going to stick to one replica and that basically configures our mongodb deployment and the pod blueprint now let's add a service configuration because every application needs a service in kubernetes and that's going to be a separate yaml unit or yaml section and we're going to separate it using three dashes which is basic yaml syntax nothing specific to kubernetes and again let's grab a service example and adjust it as we need now service configuration is much easier than the deployment as you see first let's change the name let's call it service and remember this is the end point which we will use to access and that's what we defined right here so this is the name of the service and in the specification we have service specific attributes first of all we have the selector attribute which you already know from here now why do we need a selector in service because as you know service needs to forward the request that it gets to its endpoint pods how does service know which pods belong to it and which ones it should forward the requests to well using the same label selector as we saw on deployment so this should match the label of the pods that will belong to the service which is and that's how service and pods will find each other and then we have the ports configuration which is also super simple service is accessible within the cluster using its own ip address and the port and we define its port right here and this can be any port that we decide on this could be 80 8080 doesn't really matter and we have the target port which is the port of the pods that belong to the service and logically enough the target port should always be the same as the container port because that's where the application in the pod is accessible that's where the service should forward the request to so again very important port attribute sets the port of the service and target port tells service to which port it should forward the request to the pods and this should be same as the container port port and target port values can be different or again it's a common standard to select the same port for the service as well just to keep things simple so let's save this and that's our configuration for mongodb deployment and service now i'm going to copy this whole thing create a deployment in service for web application for our kubernetes demo application and let's call this webapp dot yaml paste everything in and we can just adjust all these values in the service and deployment all the labels and label selectors of course and right here we of course need the correct image of our web application going back to our docker hub this is the name of my image and again this is publicly accessible so you can use it as well the tag is v 1.0 and there you go so this is a very simple node.js application which starts on port 3000 so that's why we need to define container port on 3000 and container port is same as target port on the service and we can set the service port to the same value and this will configure service for our web application so this is the basic configuration for deployment and service for any application in but we have one more thing to configure in our deployment components for both and web app which is we need to pass the data defined in the config and secret components first of all when starting a mongodb application we need to set user name and password so when mongodb application starts it will automatically generate username and password for mongodb and we can then use that to access it in our now how do we know how username and password can be configured in a mongodb on startup well we go to the image documentation and right here we see the environment variable names for username and password and these are actually required fields in most of the databases we have to set them otherwise we won't be able to access them so the next question is how do we configure environment variables in a container configuration so how do we pass environment variables to this application running inside the container well that's also very easy we have n attribute for that which is a list of environment variables with names values that's it so very simple so name is the environment variable name and value is the environment variable value so let's copy the name so this is the environment variable name that mongodb expects and we have to set a value whatever we want the username to be now we can directly set the username right here like this or in our case we're going to reference them from secret and config components how do we do that also pretty simple we do value from and we want to reference it from the secret so we do secret key ref and under that we have the name of the secret which we called secret and the key which is user so kubernetes will basically find a secret with this name and get the value set for this key and substitute it as a value for this environment variable and the same way we're gonna configure a password so let's take the password that's the name of the environment variable same secrets component this time with a different key and that's it so our mongodb configuration file is complete and when it starts a user with these credentials will be created when our web application starts it will need to connect to the database so we need to give this web application information about the database endpoint where can it access the database and which username and password to use to authenticate with the database and i have already configured this application inside to expect all these values as environment variables with specific names so we're going to pass these three pieces of data as environment variables to the web app application so let's do again the name of the environment variable the first one i actually called username and we can actually copy the same configuration and paste it here and you already see an advantage of using configuration from secret or config because if you need the same information in 10 different applications you create it once and reference it 10 times the second environment variable is for password and i called this one user pwd and finally our application needs the database endpoint which will be db url and this value is not in the secret but in configmap and how do we access value from config map very similar as the secret so we have the same value from and instead of secret key ref we have map kirev or key reference and then we have name which we called config and key which is the name of the key and that's it so we don't have any of the configuration values hard coded in our kubernetes configuration files we only have references which makes our configuration way cleaner so if something changes or the values change here we don't have to adjust anything in our deployments so connectivity with the database is configured and there is one last thing missing in our web application configuration before we deploy all this which is making it accessible from the browser we want to be able to type in some url and access our web application from the browser right and as you learned we have external services for that so we will need to adjust the service configuration a little bit right now these service configurations both of them are internal services so to make it external all we need to do is set a type which is by default cluster ip so that's the default type if we don't specify the type but we're going to set it to node port so node port is an external service type and it requires a third port which is called a node port so what is a node port port this is a port which will open on the kubernetes nodes on which the application will be accessible so on the node ip address in node port combination we will be able to access this service which will then access the pods behind it and node port range is actually defined in kubernetes so we can't just type anything we want here like this it has to be within the range of thirty thousand and thirty two thousand seven hundred sixty seven so anything within this range is fine as a value so we can do 30 000 or 30 100 doesn't really matter so let's set this as a value and this completes the web app configuration file now we have a very simple but also pretty realistic for deploying an application with its database with external configuration in the cluster so as a final step we're just gonna create all these components one by one in kubernetes so i'm gonna open a terminal and we already have a mini cube cluster running but there are no components inside so first we need to create the external configurations because they need to be there when we create mongodb and web application deployments because they reference those configurations so let's create config and secret first to do that we have cube ctl apply command with minus f which stands for file which takes a kubernetes configuration file as an input like this and creates whatever is defined inside and as you see config was created now let's create longer secret next we're gonna create a database because our web application depends on so it should start first and again let's do cube ctl apply with mongo.yaml as an input and as you see deployment and service were created and finally let's deploy our web application and there you go so everything seems fine but of course we want to check all the parts and all the components that were created in the cluster so for that i'm going to actually switch to command line so that we can see it better and first we're going to do cube ctl get all which gives you all the components created in the cluster which includes deployments the pods behind the deployment and all the services and as you see we have deployment and web app deployment parts each one with one replica running and we have the services for mongodb and web app and web app service is of node port type which means we can access it externally however we don't see configmap and secret here we can get them using kubectl get config map and cubectl get secret commands so as you see displaying any component is pretty easy using cube ctl you just do kubectl get and the name of the component like pod and you get a list of those components with some additional data and cubesatl is actually a very powerful tool and it has a bunch of sub-commands so as a natural documentation for cubectl to basically have an overview and see what you can do with it you can always use cubectl help as a documentation which lists all the sub-commands you can use with it one of them which we already used get and for each sub-command like cube ctl get you can also get some help and basically see all the examples plus all the available options so you can navigate all the options you have here so cube ctl get is obviously the most common command you're going to use to list all the components if you want to see more details about a certain component you can use cube ctl describe command for it a name of the component like a service for example and the actual instance of that component like web app service and this will give you more detailed output about that specific component same way you can also do cube ctl describe pod and then name of the pod like this one and this will give you details about your pot including the status of how the pod was scheduled the container configuration labels etc and finally of course when you have applications running in your cluster you want to check the logs to troubleshoot debug or just make sure that everything is fine within the pod and you can do that very easily using kubectl locks command and just specifying name of the pot like this this gives you logs of the container inside and you can even stream the logs using minus f option so the final step we want to validate that our application is also accessible from the browser and for that we actually configured the service and we can actually get the service using service or svc comment so how do we access this service from the browser because this is the port we're going to use to access it but which ip address is it accessible at well the node port service is always accessible at the ip address of the cluster node so all the work nodes that the cluster has in our case we just have one which is the mini cube so we need the ip address of the mini cube to get we just do mini cube ip or using kubernetes we can also get get node which gives you mini cube a white output or a longer output than what you see here which will give you the ip address of the node which is the same as this one right here and by the way you can use the all white option for any other get command for services pods etc to get some additional information like this so let's grab the mini cube ip address and access the application at this port which is 30 and there you go this is our web application which is connected to mongodb and we can also validate that by editing something and saving because this request goes to and if we refresh the changes should still be there awesome so we deployed an application with its database in kubernetes which is a blueprint configuration for most common application setups you're gonna have plus you also learn a couple of cubesitl commands as well as how to reference the kubernetes official documentation to help you configure and create all the components i hope i helped you learn a lot about kubernetes with this crash course and you feel much more confident with kubernetes now if you're serious about learning kubernetes in depth i actually have two more resources for you as i mentioned at the beginning if you want to really become an expert in kubernetes and learn how to build and administer a cluster from scratch then my complete kubernetes administrator course will be a perfect resource for you but if your goal is rather to become a devops engineer then our complete devops educational program will be the best fit for you where during a six-month program you learn all the necessary concepts and technologies including kubernetes which you need to get started in devops or cloud engineering if you're interested you can find the links in the video description below and with that thank you for watching and see you in the next video