kubectl & Your First Deployment

Kubernetes Fundamentals

Chapter 4 · kubectl & Your First Deployment

Chapter 3 covered what a pod is. This chapter covers the actual tool and workflow used to create and manage resources — pods and everything else — in a real cluster.

Getting Connected — kubeconfig

kubectl needs to know which cluster to talk to and how to authenticate — a kubeconfig file (typically ~/.kube/config) holds this connection info. Contexts let you switch between multiple clusters — dev/staging/prod, or different providers entirely, echoing cloud1-2's own cross-provider framing — via kubectl config get-contexts and kubectl config use-context. A genuinely easy-to-overlook, practical detail worth naming early: running a command against the wrong context by mistake is a real, common gotcha.

kubectl Basics

Revisiting cloud2-1's own console/CLI/API point, specifically for Kubernetes: kubectl talks to the API server (Chapter 2's architecture) exactly like any other client. Four commands used constantly:

  • kubectl get pods — list resources.
  • kubectl describe pod <name> — detailed information about one resource.
  • kubectl logs <name> — a container's log output.
  • kubectl delete pod <name> — remove a resource.

kubectl get works across many resource types — pods, deployments, services, nodes, and more, covered as this course goes on.

Imperative vs. Declarative — Two Ways to Work

Imperative commands tell kubectl what to do right now — kubectl run, kubectl create deployment — fast for quick testing, but leaving no reusable record of what was done. The declarative approach instead writes a YAML manifest describing the desired state, then runs kubectl apply -f file.yaml — Kubernetes' own reconciliation loop (Chapter 2) takes it from there.

This is exactly cloud1-11's declarative-vs-imperative IaC distinction, applied here to Kubernetes objects instead of general cloud infrastructure. Practical guidance: imperative commands are fine for quick exploration, but real, reusable, version-controllable work (git1-git3) should be declarative YAML.

Anatomy of a YAML Manifest

apiVersion: v1 kind: Pod metadata: name: my-first-pod labels: app: demo spec: containers: - name: web image: nginx:latest ports: - containerPort: 80
  • apiVersion — which version of the Kubernetes API this resource type belongs to.
  • kind — the resource type (Pod, Deployment, Service, and so on).
  • metadata — identifying information: name, and labels — key-value tags that later chapters use to connect resources together (Chapter 6's Services select pods by label).
  • spec — the actual desired configuration — containers, images, ports, and everything specific to that resource type.

This structure recurs, largely unchanged in shape, across every YAML example the rest of this course uses.

kubectl apply — Your Main Tool Going Forward

kubectl apply creates a resource if it doesn't exist, or updates it if it does, by diffing against the last-applied configuration.

This is what makes YAML manifests safely re-runnable
Applying the same manifest repeatedly is safe and idempotent — running it twice with no changes produces the same result as running it once, with no errors or duplicate resources. This is exactly the property real infrastructure-as-code tooling needs, and it's the opposite of cloud1-11's manual-fix-causes-drift gotcha — apply is specifically designed to reconcile safely, every time.

Namespaces — Organizing a Cluster

A namespace is a logical partition within a single cluster — not a separate cluster. Used to separate teams, environments, or projects sharing one cluster. A default namespace always exists, but real usage typically creates dedicated ones. Resource names must be unique within a namespace, not across the whole cluster. Some resources are cluster-scoped (like Nodes) rather than namespace-scoped — which is why not every kubectl get command needs a namespace flag.

Running a command against the wrong context is a real, serious mistake
Accidentally running a delete or apply command while pointed at production, thinking you're in a dev context, is a genuinely common and potentially serious error. Always confirm the current context (kubectl config current-context) before anything destructive, especially in a cluster where production and non-production environments share tooling.

A Practical First Workflow

kubectl config current-context # confirm where you're pointed kubectl apply -f my-first-pod.yaml # create it kubectl get pods # confirm it's running kubectl describe pod my-first-pod # detail kubectl logs my-first-pod # see its output kubectl delete -f my-first-pod.yaml # clean up, using the same file

A genuinely satisfying full loop for a first real interaction with a cluster.

Hands-On Exercises

Exercise 1

Explain the difference between imperative and declarative approaches to creating a Kubernetes resource, and explain which approach is more appropriate for something you intend to keep and reuse, and why.

📄 View solution
Exercise 2

Given a YAML manifest's basic structure (apiVersion/kind/metadata/spec), explain what each of these four top-level fields is generally responsible for.

📄 View solution
Exercise 3

Explain why running kubectl apply -f manifest.yaml repeatedly, with no changes to the file, is safe and doesn't cause any problems. What specific property of apply makes this true?

📄 View solution

Chapter 4 Quick Reference

  • kubeconfig/contexts — which cluster you're talking to; always confirm before anything destructive
  • Core commands: get, describe, logs, delete
  • Imperative (quick, no record) vs. declarative (YAML + apply, reusable/version-controllable) — same distinction as cloud1-11's IaC material
  • YAML structure: apiVersion, kind, metadata (name/labels), spec (desired config) — recurs throughout the course
  • kubectl apply is idempotent — safe to re-run with no changes, unlike manual console-style drift
  • Namespaces partition one cluster (not separate clusters); names are unique per-namespace, not cluster-wide
  • Next chapter: Deployments & ReplicaSets — declarative desired state, rolling updates, rollback, self-healing