kubernetes

Health checks verify container readiness and liveness. The HEALTHCHECK Dockerfile instruction defines container-level checks. Kubernetes readinessProbe gates traffic routing—failing probes remove Pods from Service endpoints. livenessProbe detects dead

StatefulSets manage stateful applications requiring stable identities and persistent storage. Unlike Deployments, StatefulSets provide ordered Pod creation (pod-0, pod-1, pod-2) and stable network identifiers. Each Pod gets a predictable hostname via

Run one-off tasks and scheduled batch processing in Kubernetes with Job and CronJob resources. Configure parallelism, backoff limits, completion counts, and cron schedules. Handle cleanup policies and monitor job history for reliable batch operations.

Kubernetes Services provide stable networking for ephemeral Pods. A ClusterIP service exposes Pods internally within the cluster. NodePort opens a static port on every node for external access. LoadBalancer provisions a cloud load balancer. Services u

Kubernetes RBAC (Role-Based Access Control) restricts cluster access by user, group, or service account. Roles define permissions within a single namespace using rules with apiGroups, resources, and verbs. ClusterRoles apply cluster-wide. RoleBindings

Helm is the package manager for Kubernetes, bundling manifests into reusable charts. A Chart.yaml defines chart metadata and dependencies. values.yaml provides default configuration that users can override. Templates in the templates/ directory use Go

I separate liveness from readiness because they answer different questions. Liveness is “is the process alive enough to respond?” and should be cheap; readiness is “can this instance take traffic?” and can include dependency checks like DB connectivit

Kubernetes orchestrates containerized workloads at scale. A Pod is the smallest deployable unit, wrapping one or more containers. Deployments manage Pod replicas with declarative updates and rollbacks. The spec.replicas field sets desired Pod count. s

ConfigMaps store non-sensitive configuration as key-value pairs. Secrets store sensitive data like passwords, tokens, and certificates in base64 encoding. Both can be consumed as environment variables or mounted as files. ConfigMaps created with kubec

Kubernetes orchestrates containerized applications at scale. Deployments manage ReplicaSets ensuring desired pod count. Services expose pods with stable endpoints. ConfigMaps externalize configuration. Secrets store sensitive data. Resource limits pre

The Horizontal Pod Autoscaler (HPA) automatically scales Pod replicas based on observed metrics. It monitors CPU utilization, memory usage, or custom metrics via the metrics-server. The minReplicas and maxReplicas fields set scaling bounds. targetCPUU

Integrate HashiCorp Vault with Kubernetes for dynamic secrets management. Use the Vault Agent sidecar injector to automatically inject secrets into pods, configure KV secret engines, and set up Kubernetes authentication. Eliminate hardcoded secrets fr