Beginner

apiVersion: v1 # => Core Kubernetes API (stable, production-ready)
kind: Pod # => Smallest deployable unit (groups one or more containers)
metadata:
 name: hello-world # => Pod name (unique within namespace)
 labels:
 app: hello # => Label for Service selection and grouping
spec: # => Pod specification (desired state)
 containers:
 - name: nginx # => Container name (used in logs and exec)
 image:
 nginx:1.24 # => nginx 1.24 from Docker Hub
 # => Pin version to prevent unexpected updates
 ports:
 - containerPort:
 80 # => Documents port 80 (HTTP standard port)
 # => Service will target this port

# Create Pod from manifest
# => kubectl apply -f hello-world-pod.yaml

# Verify Pod is running
# => kubectl get pod hello-world

# Access Pod
# => kubectl port-forward pod/hello-world 8080:80

# Delete Pod
# => kubectl delete pod hello-world

# Check cluster info
# => kubectl cluster-info

# Check node status
# => kubectl get nodes

# Check system Pods
# => kubectl get pods -n kube-system

# Create test Pod
# => kubectl run test-pod --image=nginx:1.24 --restart=Never

# Verify Pod is running
# => kubectl get pods

# Get detailed Pod info
# => kubectl describe pod test-pod

# View Pod logs
# => kubectl logs test-pod

# Cleanup
# => kubectl delete pod test-pod

apiVersion: v1
kind: Pod
metadata:
 name: multi-container-pod # => Pod with two containers (sidecar pattern)
spec:
 containers:
 - name: nginx # => Main application container
 image: nginx:1.24 # => Serves content from shared volume
 ports:
 - containerPort: 80 # => HTTP port (shared network with busybox)
 volumeMounts:
 - name: shared-data # => Links to emptyDir volume below
 mountPath:
 /usr/share/nginx/html # => nginx default document root
 # => Files written by busybox visible here

 - name: busybox # => Sidecar container (generates dynamic content)
 image: busybox:1.36 # => Lightweight Linux for shell scripts
 command:
 - sh
 - -c
 - |
 while true; do # => Infinite loop
 echo "$(date) - Generated by busybox" > /data/index.html
 # => Writes timestamped HTML
 sleep 10 # => Updates every 10 seconds
 done
 volumeMounts:
 - name: shared-data # => Same volume as nginx
 mountPath: /data # => Different path, same underlying storage

 volumes:
 - name: shared-data # => Shared ephemeral storage
 emptyDir: {} # => Created when Pod starts, deleted when Pod terminates


# Apply and observe
# => kubectl apply -f multi-container-pod.yaml

# Access nginx to see generated content
# => kubectl port-forward pod/multi-container-pod 8080:80

# View logs from specific container
# => kubectl logs multi-container-pod -c nginx # nginx access logs

# Execute commands in container
# => kubectl exec -it multi-container-pod -c busybox -- sh

apiVersion: v1
kind: Pod
metadata:
 name: restart-demo # => Demonstrates restart policy behavior
spec:
 restartPolicy:
 OnFailure # => Restarts only if exit code != 0
 # => Options: Always (default), OnFailure, Never
 containers:
 - name: failing-app # => Simulates application failure
 image: busybox:1.36 # => Lightweight shell for testing
 command:
 - sh
 - -c
 - |
 echo "Starting application.." # => Logs startup
 sleep 5 # => Runs for 5 seconds
 echo "Simulating failure" # => Logs crash
 exit 1 # => Non-zero exit triggers restart
 # => Enters CrashLoopBackOff after repeated failures

# Create and observe restart behavior
# => kubectl apply -f restart-demo.yaml

# Check restart count
# => kubectl get pod restart-demo # RESTARTS column increments

# View logs across restarts
# => kubectl logs restart-demo # Current container logs

apiVersion: v1
kind: Pod
metadata:
 name: resource-demo # => Demonstrates CPU and memory management
spec:
 containers:
 - name: nginx
 image: nginx:1.24 # => Stable production image
 resources:
 requests: # => Minimum guaranteed resources (scheduling)
 cpu: 100m # => 0.1 CPU core guaranteed (1000m = 1 core)
 memory: 128Mi # => 128 MiB RAM guaranteed (Mi = mebibyte)
 limits: # => Maximum resource caps (enforcement)
 cpu: 200m # => CPU throttled if exceeds (slowed, not killed)
 memory: 256Mi # => Pod OOMKilled if exceeds memory limit


# Apply and monitor resources
# => kubectl apply -f resource-demo.yaml

# Monitor actual resource usage
# => kubectl top pod resource-demo # Requires metrics-server

# Test CPU throttling
# => kubectl exec -it resource-demo -- sh -c "yes > /dev/null &"

# Test memory limit (OOMKill)
# => kubectl exec -it resource-demo -- sh -c "stress --vm 1 --vm-bytes 300M"

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable Pod specification
kind:
 Pod # => Pod with environment variables
 # => Demonstrates env injection patterns
metadata:
 # => Pod metadata
 name:
 env-demo # => Pod name for environment testing
 # => Demonstrates various env variable patterns
spec:
 # => Pod specification
 containers:
 # => Container list
 - name:
 busybox # => Lightweight shell container
 # => Displays environment variables
 image:
 busybox:1.36 # => Provides shell utilities
 # => Minimal Linux environment
 command:
 # => Override container ENTRYPOINT
 - sh # => Execute shell commands
 # => Bourne shell interpreter
 - -c # => Run inline script
 # => Execute string as command
 - | # => Multi-line script
 # => Prints environment variables
 echo "APP_ENV: $APP_ENV" # => Shows directly assigned value
 # => Prints static env var
 echo "POD_NAME: $POD_NAME" # => Shows Pod name from metadata
 # => Prints dynamically injected value
 echo "POD_IP: $POD_IP" # => Shows Pod IP from status
 # => Prints Pod network address
 sleep 3600 # => Keeps container running for inspection
 # => Allows kubectl exec for testing
 env:
 # => Environment variable definitions
 - name: APP_ENV # => Environment variable name
 # => Static configuration value
 value: "production" # => Direct value assignment
 # => Hardcoded in Pod manifest
 - name: POD_NAME # => Variable from Pod metadata
 # => Dynamically injected value
 valueFrom:
 # => Source is Pod field
 fieldRef:
 # => References metadata field
 fieldPath:
 metadata.name # => References Pod's own name
 # => Useful for logging and identification
 - name: POD_IP # => Variable from Pod status
 # => Pod IP address injection
 valueFrom:
 # => Source is status field
 fieldRef:
 # => References status field
 fieldPath:
 status.podIP # => References Pod's assigned IP address
 # => Available after Pod is scheduled

# Create and verify environment variables:
# => kubectl apply -f env-demo.yaml

# Inspect environment variables interactively:
# => kubectl exec -it env-demo -- sh

# Environment variable patterns:
# => Direct values for non-sensitive config

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable Pod API version
kind:
 Pod # => Pod with init containers
 # => Demonstrates initialization pattern
metadata:
 # => Pod metadata
 name:
 init-demo # => Pod demonstrating initialization pattern
 # => Shows sequential init container execution
spec:
 # => Pod specification
 initContainers:
 # => Init containers run BEFORE app containers
 - name:
 init-setup # => First init container
 # => Prepares initial data
 image:
 busybox:1.36 # => Lightweight shell environment
 # => Provides basic utilities
 command:
 # => Override container ENTRYPOINT
 - sh # => Execute shell script
 # => Bourne shell interpreter
 - -c # => Run inline command
 # => Execute string as script
 - | # => Multi-line script
 # => Data preparation logic
 echo "Initializing data.." # => Log initialization start
 # => Output to stdout
 echo "Initial content" > /work-dir/index.html # => Create HTML file
 # => Writes to shared volume
 sleep 2 # => Simulates setup work
 # => Container exits with code 0 (success)
 volumeMounts:
 # => Volume mount list for init container
 - name: workdir # => Volume name reference
 # => Shared with other containers
 mountPath: /work-dir # => Writes to shared volume
 # => Files persist for Pod lifetime

 - name:
 init-permissions # => Second init container (runs after first)
 # => Sets file permissions
 image:
 busybox:1.36 # => Same image as first init
 # => Reuses downloaded image
 command:
 # => Override container ENTRYPOINT
 - sh # => Execute shell script
 # => Bourne shell interpreter
 - -c # => Run inline command
 # => Execute string as script
 - | # => Multi-line script
 # => Permission setup logic
 echo "Setting permissions.." # => Log permission start
 # => Output to stdout
 chmod 644 /work-dir/index.html # => Make file readable
 # => Sets owner read/write, group read, world read
 echo "Init complete" # => Exit code 0 signals success
 # => App containers start after this succeeds
 volumeMounts:
 # => Volume mount list for init container
 - name: workdir # => Same volume as init-setup
 # => Accesses files created by previous init
 mountPath: /work-dir # => Accesses files from first init container
 # => Shared storage between init containers

 containers:
 # => App containers only start after ALL inits succeed
 - name:
 nginx # => App container starts after both inits succeed
 # => Web server serving prepared content
 image:
 nginx:1.24 # => nginx web server
 # => Production-ready image
 volumeMounts:
 # => Volume mount list for app container
 - name: workdir # => Same volume as init containers
 # => Reads files prepared by inits
 mountPath: /usr/share/nginx/html # => Serves content prepared by init containers
 # => nginx default document root

 volumes:
 # => Volume definitions for Pod
 - name: workdir # => EmptyDir volume definition
 # => Temporary storage for Pod lifetime
 emptyDir: {} # => Shared between init and app containers
 # => Created when Pod starts, deleted when Pod terminates

# Apply and observe init container sequence:
# => kubectl apply -f init-demo.yaml

# Check init container logs:
# => kubectl logs init-demo -c init-setup

# Verify init container work:
# => kubectl exec -it init-demo -- cat /usr/share/nginx/html/index.html

# Init container behavior:
# => Init containers run sequentially

apiVersion:
 apps/v1 # => Uses apps API group for workloads
 # => apps/v1 is stable API for Deployments
kind:
 Deployment # => Deployment resource (manages ReplicaSets)
 # => Higher-level abstraction than Pods
metadata:
 # => Deployment metadata
 name:
 web-app # => Deployment name: "web-app"
 # => Unique identifier in namespace
 labels:
 # => Deployment labels
 app: web # => Label for Deployment identification
 # => Used by kubectl selectors
spec:
 # => Deployment specification
 replicas:
 3 # => Maintains 3 Pod replicas at all times
 # => Deployment creates ReplicaSet to manage Pods
 selector:
 # => Defines which Pods this Deployment manages
 matchLabels:
 # => Equality-based selector
 app:
 web # => Selects Pods with label app=web
 # => Must match template labels below
 template: # => Pod template (blueprint for Pods)
 metadata:
 # => Pod template metadata
 labels:
 # => Labels for created Pods
 app: web # => Applied to all created Pods
 # => MUST match selector.matchLabels above
 spec:
 # => Pod specification
 containers:
 # => Container list for Pods
 - name: nginx # => Container name
 # => Single container per Pod
 image: nginx:1.24 # => nginx image version
 # => Pulled from Docker Hub
 ports:
 # => Port definitions
 - containerPort: 80 # => Container port exposed
 # => Does not create external access

# Apply Deployment:
# => kubectl apply -f web-app-deployment.yaml

# Inspect created resources:
# => kubectl get rs

# Test self-healing:
# => kubectl delete pod web-app-<pod-hash>

# Deployment management commands:
# => kubectl rollout status deployment/web-app

apiVersion:
 apps/v1 # => Apps API group
 # => Stable workload API
kind:
 Deployment # => Deployment for horizontal scaling
 # => Manages Pod replicas
metadata:
 # => Deployment metadata
 name:
 scalable-app # => Deployment identifier
 # => Used in kubectl commands
spec:
 # => Deployment specification
 replicas:
 5 # => Updated from 3 to 5 replicas
 # => Deployment creates 2 additional Pods
 selector:
 # => Pod selector for management
 matchLabels:
 # => Equality-based selector
 app: scalable # => Matches template labels
 # => Immutable after creation
 template:
 # => Pod template for replicas
 metadata:
 # => Pod template metadata
 labels:
 # => Labels for created Pods
 app: scalable # => Labels applied to Pods
 # => MUST match selector
 spec:
 # => Pod specification
 containers:
 # => Container list
 - name: nginx # => Container definition
 # => Single container per Pod
 image: nginx:1.24 # => nginx image
 # => Same image for all replicas
 resources:
 # => Resource constraints per Pod
 requests:
 # => Minimum guaranteed resources
 cpu: 100m # => 100 millicores per Pod
 # => 5 Pods = 500m CPU total requested
 memory: 128Mi # => 128 MiB per Pod
 # => 5 Pods = 640 MiB total requested
 limits:
 # => Maximum resource caps
 cpu: 200m # => 200 millicores max per Pod
 # => Throttled if exceeded
 memory:
 256Mi # => Each Pod gets these resources
 # => Total: 500m CPU, 640Mi memory requested

# Scaling commands:
# => kubectl scale deployment scalable-app --replicas=10

apiVersion:
 apps/v1 # => Apps API group for Deployments
 # => Stable workload API
kind:
 Deployment # => Deployment with rolling update strategy
 # => Manages zero-downtime updates
metadata:
 # => Deployment metadata
 name:
 rolling-app # => Deployment name
 # => Used in rollout commands
spec:
 # => Deployment specification
 replicas:
 4 # => Desired number of Pods
 # => Maintained during and after update
 strategy:
 # => Update strategy configuration
 type:
 RollingUpdate # => Update strategy: RollingUpdate (default)
 # => Alternative: Recreate (all Pods down, then up)
 rollingUpdate:
 # => Rolling update parameters
 maxSurge:
 1 # => Maximum 1 extra Pod during update
 # => Total Pods during update: 4 + 1 = 5
 maxUnavailable:
 1 # => Maximum 1 Pod can be unavailable
 # => Minimum available: 4 - 1 = 3 Pods
 selector:
 # => Pod selector (immutable)
 matchLabels:
 # => Equality-based selector
 app: rolling # => Matches template labels
 # => Selector cannot change after creation
 template:
 # => Pod template (blueprint)
 metadata:
 # => Pod template metadata
 labels:
 # => Labels for created Pods
 app: rolling # => Labels for created Pods
 # => MUST match selector
 spec:
 # => Pod specification
 containers:
 # => Container list
 - name: nginx # => Container name
 # => Referenced in kubectl set image
 image:
 nginx:1.24 # => Update to nginx:1.25 to trigger rolling update
 # => kubectl set image deployment/rolling-app nginx=nginx:1.25
 ports:
 # => Port definitions
 - containerPort: 80 # => HTTP port
 # => Service routes traffic here

# Update and rollback commands:
# => kubectl set image deployment/rolling-app nginx=nginx:1.25

apiVersion:
 apps/v1 # => Apps API group for Deployments
 # => Stable workload API
kind:
 Deployment # => Deployment with rollback capability
 # => Revision history management
metadata:
 # => Deployment metadata
 name:
 versioned-app # => Deployment name
 # => Used in rollback commands
 annotations:
 # => Annotations for deployment metadata
 kubernetes.io/change-cause:
 "Update to v1.25"
 # => Recorded in revision history
spec:
 # => Deployment specification
 replicas:
 3 # => Desired Pod count
 # => Maintained across rollbacks
 revisionHistoryLimit:
 10 # => Keeps 10 old ReplicaSets for rollback
 # => Default: 10 revisions
 selector:
 # => Pod selector (immutable)
 matchLabels:
 # => Equality-based selector
 app: versioned # => Matches template labels
 # => Cannot change after creation
 template:
 # => Pod template for replicas
 metadata:
 # => Pod template metadata
 labels:
 # => Labels for created Pods
 app: versioned # => Required label
 # => Matches selector above
 version: v1.25 # => Version label for tracking
 # => Optional but helpful for debugging
 spec:
 # => Pod specification
 containers:
 # => Container list
 - name: nginx # => Container definition
 # => Single container in this example
 image: nginx:1.25 # => Current image version
 # => Changing this triggers rollout

# Rollback commands:
# => kubectl rollout history deployment/versioned-app

apiVersion:
 apps/v1 # => Apps API group
 # => Stable workload API
kind:
 Deployment # => Deployment with health checks
 # => Manages Pods with liveness probes
metadata:
 # => Deployment metadata
 name:
 probe-app # => Deployment identifier
 # => Demonstrates liveness probes
spec:
 # => Deployment specification
 replicas:
 2 # => Two Pod replicas
 # => Both monitored independently
 selector:
 # => Pod selector
 matchLabels:
 # => Equality-based selector
 app: probe # => Matches template labels
 # => Immutable selector
 template:
 # => Pod template
 metadata:
 # => Pod template metadata
 labels:
 # => Labels for created Pods
 app: probe # => Labels for Pods
 # => MUST match selector
 spec:
 # => Pod specification with probes
 containers:
 # => Container list
 - name: nginx # => nginx container
 # => Serves as health check target
 image: nginx:1.24 # => nginx image
 # => Responds to HTTP health checks
 ports:
 # => Port definitions
 - containerPort: 80 # => HTTP port
 # => Liveness probe target
 livenessProbe: # => Checks if container is alive
 httpGet:
 # => HTTP probe type
 path: / # => Sends HTTP GET to / on port 80
 # => nginx default page responds
 port: 80 # => Target port for probe
 # => Matches containerPort above
 initialDelaySeconds:
 10 # => Wait 10s after container starts before first probe
 # => Allows app initialization time
 periodSeconds:
 5 # => Probe every 5 seconds
 # => Default: 10 seconds
 timeoutSeconds:
 2 # => Probe must respond within 2 seconds
 # => Default: 1 second
 failureThreshold:
 3 # => Restart after 3 consecutive failures
 # => Default: 3 failures
 successThreshold:
 1 # => Consider healthy after 1 success
 # => Default: 1 (cannot be changed for liveness)

# Liveness check behavior:
# => HTTP 200-399: Success (container healthy)

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable Service API
kind:
 Service # => Service resource for networking
 # => Load balancer and service discovery
metadata:
 # => Service metadata
 name:
 web-service # => Service name: "web-service"
 # => DNS: web-service.default.svc.cluster.local
spec:
 # => Service specification
 type:
 ClusterIP # => Internal cluster IP (default type)
 # => Not accessible from outside cluster
 selector:
 # => Pod selector for traffic routing
 app:
 web # => Routes traffic to Pods with app=web label
 # => Service continuously watches for matching Pods
 ports:
 # => Port mapping configuration
 - port: 80 # => Service listens on port 80
 # => Clients connect to ClusterIP:80
 targetPort:
 8080 # => Forwards to container port 8080
 # => Service IP:80 → Pod IP:8080
 protocol:
 TCP # => TCP protocol (default)
 # => Alternative: UDP for DNS, SCTP for telecom

# Service receives cluster IP automatically
# => kubectl get svc web-service

apiVersion:
 v1 # => Core API for Services
 # => Stable Service API
kind:
 Service # => NodePort Service type
 # => External cluster access
metadata:
 # => Service metadata
 name:
 nodeport-service # => Service name
 # => DNS name within cluster
spec:
 # => Service specification
 type:
 NodePort # => Exposes Service on node IPs
 # => Accessible via <NodeIP>:<NodePort>
 selector:
 # => Pod selector
 app: nodeport # => Routes to Pods with app=nodeport
 # => Service watches for matching Pods
 ports:
 # => Port configuration
 - port: 80 # => Service port (cluster-internal)
 # => ClusterIP:80 for internal access
 targetPort: 8080 # => Container port on Pods
 # => Pods must listen on 8080
 nodePort:
 31000 # => External port on all nodes (30000-32767)
 # => Optional: Kubernetes assigns random port if omitted
 protocol: TCP # => TCP protocol
 # => Standard for HTTP traffic

# Access patterns:
# => From outside cluster: http://<node-ip>:31000

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable Service API
kind:
 Service # => LoadBalancer Service type
 # => Cloud provider integration
metadata:
 # => Service metadata
 name:
 loadbalancer-service # => Service identifier
 # => Used in kubectl commands
spec:
 # => Service specification
 type:
 LoadBalancer # => Provisions cloud provider load balancer
 # => Requires cloud provider integration
 selector:
 # => Pod selector for routing
 app: frontend # => Routes to Pods with app=frontend
 # => Service tracks endpoints automatically
 ports:
 # => Port mapping
 - port: 80 # => Load balancer listens on port 80
 # => Public port for external access
 targetPort: 8080 # => Forwards to Pod port 8080
 # => Backend port on containers
 protocol: TCP # => TCP protocol
 # => HTTP/HTTPS traffic

 # Cloud provider specific annotations (AWS example):
 # annotations:
 # service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
 # # => Network Load Balancer (layer 4, faster)
 # # => Alternative: "alb" for Application Load Balancer
 # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
 # # => Distributes traffic across availability zones
 # # => High availability configuration

# LoadBalancer provisions external IP
# => kubectl get svc loadbalancer-service

apiVersion:
 v1 # => Core API for Services
 # => Stable Service API
kind:
 Service # => Headless Service (no ClusterIP)
 # => Direct Pod discovery
metadata:
 # => Service metadata
 name:
 headless-service # => Headless Service name
 # => Used by StatefulSets for DNS
spec:
 # => Service specification
 clusterIP:
 None # => No cluster IP assigned (headless)
 # => DNS returns Pod IPs directly
 selector:
 # => Pod selector
 app: stateful # => Targets Pods with app=stateful
 # => Same selector as StatefulSet below
 ports:
 # => Port configuration (required even for headless)
 - port: 80 # => Service port
 # => Not used for routing (no ClusterIP)
 targetPort: 8080 # => Container port
 # => Direct Pod connections use this port


# DNS behavior:
# => Regular Service: DNS returns single cluster IP

---
apiVersion:
 apps/v1 # => Apps API for StatefulSets
 # => Stable workload API
kind:
 StatefulSet # => StatefulSets commonly use headless Services
 # => Provides stable Pod identities
 # => Ordered deployment and scaling
metadata:
 # => StatefulSet metadata
 name:
 stateful-app # => StatefulSet name
 # => Creates Pods with predictable names
 # => Base name for Pod identities
spec:
 # => StatefulSet specification
 serviceName:
 headless-service # => Associates with headless Service
 # => Creates predictable DNS: pod-0.headless-service
 # => MUST reference existing headless Service
 # => Enables stable network identity
 replicas:
 3 # => Number of stateful Pods
 # => Each gets unique persistent identity
 # => Ordered Pod creation
 selector:
 # => Pod selector (immutable)
 # => Links StatefulSet to Pods
 matchLabels:
 # => Equality-based selector
 app: stateful # => Matches template and Service selector
 # => All three components must align
 template:
 # => Pod template
 # => Blueprint for stateful Pods
 metadata:
 # => Pod template metadata
 labels:
 # => Labels for created Pods
 app: stateful # => Labels for Pods
 # => MUST match selector and Service
 spec:
 # => Pod specification
 containers:
 # => Container list
 - name: nginx # => Container definition
 # => Application container
 image: nginx:1.24 # => nginx image
 # => Version-pinned for stability

# Pod DNS names:
# => stateful-app-0.headless-service.default.svc.cluster.local

apiVersion:
 v1 # => Core API for Services
 # => Stable Service API
kind:
 Service # => Service with session affinity
 # => Sticky session support
metadata:
 # => Service metadata
 name:
 sticky-service # => Service name
 # => Provides sticky sessions
spec:
 # => Service specification
 type:
 ClusterIP # => Internal cluster IP
 # => Session affinity works with all Service types
 sessionAffinity:
 ClientIP # => Enables session affinity
 # => Routes requests from same client IP to same Pod
 sessionAffinityConfig:
 # => Session affinity configuration
 clientIP:
 # => Client IP session config
 timeoutSeconds:
 10800 # => Session timeout: 3 hours (10800 seconds)
 # => After timeout, new Pod may be selected
 selector:
 # => Pod selector
 app: stateful-app # => Routes to Pods with app=stateful-app
 # => Session maintained across these Pods
 ports:
 # => Port configuration
 - port: 80 # => Service port
 # => Client connects here
 targetPort: 8080 # => Pod port
 # => Backend container port

# Session affinity behavior:
# => First request from 192.0.2.10 → routed to Pod A

apiVersion:
 v1 # => Core Kubernetes API
 # => v1 is stable API version for ConfigMaps
kind:
 ConfigMap # => ConfigMap resource for configuration
 # => Stores non-sensitive configuration data
metadata:
 name:
 app-config # => ConfigMap name: "app-config"
 # => Unique identifier within namespace
data:
 # => Key-value configuration data (all strings)
 APP_ENV:
 "production" # => Key-value pair: APP_ENV=production
 # => Environment identifier
 LOG_LEVEL:
 "info" # => Key-value pair: LOG_LEVEL=info
 # => Logging verbosity level
 MAX_CONNECTIONS:
 "100" # => All values stored as strings
 # => Application must parse numeric values

---
apiVersion:
 v1 # => Core API for Pods
 # => Stable v1 API
kind:
 Pod # => Pod resource consuming ConfigMap
 # => Basic unit for running containers
metadata:
 name:
 configmap-env-pod # => Pod name identifier
 # => Unique in namespace
spec:
 # => Pod specification
 containers:
 # => Container list
 - name:
 app # => Container name
 # => Used in kubectl logs/exec
 image:
 busybox:1.36 # => Lightweight shell environment
 # => Minimal Linux container
 command:
 # => Override container entrypoint
 - sh # => Shell interpreter
 # => Bourne shell
 - -c # => Execute following script
 # => Run inline commands
 - | # => Multi-line script
 # => Pipe notation for script
 echo "APP_ENV: $APP_ENV"
 # => Display APP_ENV value from ConfigMap
 echo "LOG_LEVEL: $LOG_LEVEL"
 # => Display LOG_LEVEL value
 echo "MAX_CONNECTIONS: $MAX_CONNECTIONS"
 # => Display MAX_CONNECTIONS value
 sleep 3600
 # => Keep container running for inspection
 envFrom:
 # => Load all ConfigMap keys as env vars
 - configMapRef:
 # => ConfigMap reference
 name:
 app-config # => Loads all ConfigMap keys as environment variables
 # => All data keys become environment variables

# Create ConfigMap imperatively:
# => kubectl create configmap app-config --from-literal=APP_ENV=production --from-literal=LOG_LEVEL=info

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable API for ConfigMaps
kind:
 ConfigMap # => ConfigMap storing configuration file
 # => File-based configuration pattern
metadata:
 name:
 nginx-config # => ConfigMap name: "nginx-config"
 # => Referenced by Pod volume mount
data:
 # => Configuration data (key-value map)
 default.conf: | # => Key becomes filename: default.conf
 # => Pipe preserves multi-line nginx config
 server { # => Value becomes file content
 # => nginx server configuration
 listen 80;
 # => Listen on port 80 (HTTP)
 server_name localhost;
 # => Respond to localhost requests

 location / {
 # => Default location block
 root /usr/share/nginx/html;
 # => Document root path
 index index.html;
 # => Default index file
 }

 location /health {
 # => Health check endpoint
 access_log off;
 # => Disable logging for health checks
 return 200 "healthy\n";
 # => Return 200 OK with "healthy" text
 }
 }
 # => ConfigMap stores entire nginx config

---
apiVersion:
 v1 # => Core API for Pods
 # => Stable v1 Pod API
kind:
 Pod # => Pod consuming ConfigMap as volume
 # => Demonstrates volume mount pattern
metadata:
 name:
 configmap-volume-pod # => Pod name identifier
 # => Unique Pod name
spec:
 # => Pod specification
 containers:
 # => Container list
 - name:
 nginx # => Container name
 # => nginx web server
 image:
 nginx:1.24 # => nginx version 1.24
 # => Production nginx image
 volumeMounts:
 # => Volume mount configuration
 - name:
 config-volume # => References volume defined below
 # => Must match volumes.name
 mountPath:
 /etc/nginx/conf.d # => Mounts ConfigMap at this path
 # => nginx config directory
 volumes:
 # => Volume definitions
 - name:
 config-volume # => Volume name
 # => Referenced by volumeMounts
 configMap:
 # => ConfigMap volume source
 name:
 nginx-config # => References ConfigMap "nginx-config"
 # => ConfigMap must exist before Pod creation

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable v1 API for Secrets
kind:
 Secret # => Secret resource for sensitive data
 # => Stores credentials, tokens, keys
metadata:
 name:
 db-credentials # => Secret name: "db-credentials"
 # => Unique identifier in namespace
type:
 Opaque # => Generic secret type (default)
 # => Most common type for arbitrary data
data:
 # => Base64-encoded key-value pairs
 username:
 YWRtaW4= # => base64-encoded "admin"
 # => echo -n "admin" | base64
 password:
 cGFzc3dvcmQxMjM= # => base64-encoded "password123"
 # => echo -n "password123" | base64

---
apiVersion:
 v1 # => Core API for Pods
 # => Stable Pod API
kind:
 Pod # => Pod consuming Secret as env vars
 # => Demonstrates environment variable injection
metadata:
 name:
 secret-env-pod # => Pod name identifier
 # => Unique Pod name
spec:
 # => Pod specification
 containers:
 # => Container list
 - name:
 app # => Container name
 # => Test container for Secret injection
 image:
 busybox:1.36 # => Lightweight shell environment
 # => Minimal Linux for testing
 command:
 # => Override container entrypoint
 - sh # => Shell interpreter
 # => Bourne shell
 - -c # => Execute inline script
 # => Run following commands
 - | # => Multi-line script
 # => Pipe notation for script block
 echo "DB_USER: $DB_USER"
 # => Display username from Secret
 echo "DB_PASS: $DB_PASS" # => Values decoded from base64 automatically
 # => Display password from Secret
 sleep 3600
 # => Keep container running for inspection
 env:
 # => Environment variable definitions
 - name:
 DB_USER # => Environment variable name
 # => Container sees this as $DB_USER
 valueFrom:
 # => Value sourced from Secret
 secretKeyRef:
 # => Secret key reference
 name:
 db-credentials # => References Secret "db-credentials"
 # => Secret must exist before Pod creation
 key:
 username # => Loads "username" key value
 # => Specific key from Secret data
 - name:
 DB_PASS # => Environment variable name
 # => Container sees this as $DB_PASS
 valueFrom:
 # => Value sourced from Secret
 secretKeyRef:
 # => Secret key reference
 name:
 db-credentials # => References same Secret
 # => Can reference same Secret multiple times
 key:
 password # => Loads "password" key value
 # => Different key from same Secret

# Create Secret imperatively:
# => kubectl create secret generic db-credentials --from-literal=username=admin --from-literal=password=password123

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable v1 Secret API
kind:
 Secret # => Secret for TLS certificates
 # => Stores sensitive TLS credentials
metadata:
 name:
 tls-secret # => Secret name: "tls-secret"
 # => Unique identifier for TLS Secret
type:
 kubernetes.io/tls # => TLS secret type
 # => Specific type for TLS certificates
data:
 # => TLS certificate and private key (base64)
 tls.crt: | # => TLS certificate (base64-encoded)
 # => Public certificate chain
 LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0t..
 # => Base64-encoded PEM certificate
 tls.key: | # => TLS private key (base64-encoded)
 # => Private RSA/ECDSA key
 LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQ..
 # => Base64-encoded PEM private key

---
apiVersion:
 v1 # => Core API for Pods
 # => Stable Pod API
kind:
 Pod # => Pod mounting Secret as volume
 # => Demonstrates volume-based Secret injection
metadata:
 name:
 secret-volume-pod # => Pod name identifier
 # => Unique Pod name
spec:
 # => Pod specification
 containers:
 # => Container list
 - name:
 nginx # => Container name
 # => nginx web server with TLS
 image:
 nginx:1.24 # => nginx version 1.24
 # => Production web server
 volumeMounts:
 # => Volume mount configuration
 - name:
 tls-volume # => References volume below
 # => Must match volumes.name
 mountPath:
 /etc/nginx/ssl # => Mounts Secret at this path
 # => nginx TLS certificate directory
 readOnly:
 true # => Read-only mount for security
 # => Prevents container from modifying certs
 volumes:
 # => Volume definitions
 - name:
 tls-volume # => Volume name
 # => Referenced by volumeMounts
 secret:
 # => Secret volume source
 secretName:
 tls-secret # => References Secret "tls-secret"
 # => Secret must exist before Pod creation
 defaultMode:
 0400 # => File permissions: read-only for owner
 # => Octal notation: owner read-only

# Create TLS Secret from files:
# => kubectl create secret tls tls-secret --cert=tls.crt --key=tls.key

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable v1 ConfigMap API
kind:
 ConfigMap # => Immutable ConfigMap resource
 # => Configuration with immutability guarantee
metadata:
 name:
 immutable-config # => ConfigMap name
 # => Unique identifier
data:
 # => Configuration key-value pairs
 APP_VERSION:
 "v1.0.0" # => Application version string
 # => Cannot be modified after creation
 FEATURE_FLAG:
 "true" # => Feature toggle value
 # => Immutable after creation
immutable:
 true # => Prevents modifications after creation
 # => ConfigMap cannot be edited

---
apiVersion:
 v1 # => Core Kubernetes API
 # => Stable v1 Secret API
kind:
 Secret # => Immutable Secret resource
 # => Sensitive data with immutability
metadata:
 name:
 immutable-secret # => Secret name
 # => Unique identifier
type:
 Opaque # => Generic secret type
 # => Default type for arbitrary data
data:
 # => Base64-encoded secret data
 api-key:
 c2VjcmV0LWtleQ== # => Base64-encoded API key
 # => Decoded value: "secret-key"
immutable:
 true # => Same behavior as immutable ConfigMap
 # => Secret cannot be edited

# Attempting to modify immutable ConfigMap/Secret:
# => kubectl edit configmap immutable-config

# Update pattern for immutable configs:
# 1. Create new ConfigMap with version suffix
# => kubectl create configmap immutable-config-v2 --from-literal=APP_VERSION=v2.0.0
# 2. Update Deployment to reference new ConfigMap
# => Triggers rolling update with new config
# 3. Delete old ConfigMap after successful rollout
# => kubectl delete configmap immutable-config

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable v1 Namespace API
kind:
 Namespace # => Namespace resource for isolation
 # => Virtual cluster partition
metadata:
 name:
 development # => Namespace name: "development"
 # => Unique cluster-wide identifier
 labels:
 # => Labels for namespace organization
 environment:
 dev # => Labels for namespace identification
 # => Used for ResourceQuota selection
 team:
 platform # => Team ownership label
 # => Organizational metadata

---
apiVersion:
 v1 # => Core API for Pods
 # => Stable Pod API
kind:
 Pod # => Pod in custom namespace
 # => Demonstrates namespace isolation
metadata:
 name:
 app-pod # => Pod name (unique within namespace)
 # => Not globally unique (only within development namespace)
 namespace:
 development # => Pod created in "development" namespace
 # => Namespace must exist before Pod creation
spec:
 # => Pod specification
 containers:
 # => Container list
 - name:
 nginx # => Container name
 # => nginx web server
 image:
 nginx:1.24 # => nginx version
 # => Production image

# Namespace commands:
# => kubectl create namespace development

# DNS names include namespace:
# => Service in same namespace: http://web-service

apiVersion:
 v1 # => Core Kubernetes API
 # => Stable v1 Pod API
kind:
 Pod # => Pod with labels for organization
 # => Demonstrates label-based classification
metadata:
 name:
 labeled-pod # => Pod name identifier
 # => Unique within namespace
 labels:
 # => Key-value labels for selection
 app:
 web # => Label key-value: app=web
 # => Application identifier
 environment:
 production # => Label key-value: environment=production
 # => Environment classification
 version:
 v1.0.0 # => Label key-value: version=v1.0.0
 # => Version tracking label
 tier:
 frontend # => Multiple labels for multi-dimensional classification
 # => Architectural layer label
spec:
 # => Pod specification
 containers:
 # => Container list
 - name:
 nginx # => Container name
 # => nginx web server
 image:
 nginx:1.24 # => nginx version
 # => Production image

---
apiVersion:
 v1 # => Core Kubernetes API
 # => Stable v1 Service API
kind:
 Service # => Service using label selectors
 # => Routes traffic to matching Pods
metadata:
 name:
 web-service # => Service name
 # => DNS name for internal access
spec:
 # => Service specification
 selector:
 # => Pod selector (matches labels)
 app:
 web # => Matches Pods with app=web label
 # => First selection criterion
 environment:
 production # => AND environment=production label
 # => Second selection criterion
 ports:
 # => Port configuration
 - port:
 80 # => Service listens on port 80
 # => External port
 targetPort:
 8080 # => Forwards to Pod port 8080
 # => Backend container port

# Label selector queries:
# => kubectl get pods -l app=web