Kubernetes basics are still the foundation that determines whether your team uses K8s as a powerful platform or as an expensive distributed pain generator. Most teams that struggle with Kubernetes never internalized the core mental model: declarative state reconciliation. Once that clicks, the entire ecosystem makes sense. Once it does not, every YAML file feels like cargo culting. Here are the basics that actually matter for teams running production workloads in 2026.
Table of Contents
Pods Are Cattle, Deployments Are Herds
A Pod is the smallest deployable unit, but you almost never create Pods directly. Deployments manage ReplicaSets which manage Pods, giving you rolling updates, rollback, and self-healing. Internalize this hierarchy before anything else.
The mental shift is from imperative (“start this container on this server”) to declarative (“I want N replicas of this container running somewhere; reconcile until that is true”). The control plane handles the rest. The official Kubernetes Deployment documentation is dense but worth reading carefully.
Services Decouple From Pod IPs
Pods are ephemeral. Their IPs change. Services give you a stable virtual IP and DNS name that load-balances across whichever Pods currently match a label selector. Without Services, your microservices cannot find each other reliably.
ClusterIP for internal traffic, NodePort and LoadBalancer for external (mostly superseded by Ingress), and Headless Services when you need direct Pod IPs for stateful sets. Most teams overcomplicate this — start with ClusterIP plus Ingress and only reach for more when you have a specific reason.
Ingress Controllers Handle HTTP
Ingress is the resource definition; the Ingress Controller (nginx, Traefik, HAProxy, or cloud-managed) is the actual proxy implementing the rules. Pick one and stick with it across environments to keep the mental model consistent.
For most teams, ingress-nginx remains the default choice. Cloud-managed alternatives (AWS ALB Controller, GCP Gateway API) tie into your cloud’s load balancer and are worth using when you are already deep in that ecosystem. See our CI/CD pipeline setup guide for deployment automation patterns.
ConfigMaps and Secrets Are Different for a Reason
ConfigMaps hold non-sensitive configuration; Secrets hold sensitive data. Both mount as files or environment variables. The base64 encoding of Secrets is not encryption — it is encoding for safe YAML transport.
Real secret management requires either Sealed Secrets, External Secrets Operator pulling from Vault/AWS Secrets Manager, or KMS-backed encryption at rest enabled in your cluster. The plaintext-Secret-in-Git pattern is the most common security failure in K8s deployments.
Resource Requests and Limits Are Not Optional
Pods without resource requests get scheduled wherever and starve their neighbors. Pods without limits can consume the entire node. Both are mandatory for any production workload.
Set requests close to your steady-state usage and limits at your peak (or 1.5-2x request for headroom). The resource management documentation covers the math. The Vertical Pod Autoscaler in recommendation mode is excellent for finding the right values empirically.
Wrap Up
Kubernetes basics done well make the rest of the platform tractable. Declarative state reconciliation, the Pod-Deployment-Service hierarchy, proper Ingress, real secret management, and resource configuration are the foundation. Skip them and you will fight the platform forever. Get them right and Kubernetes earns its place in your stack. Pair these patterns with serverless architecture pros and cons thinking to choose K8s only when it actually fits.
Frequently Asked Questions
Is Kubernetes overkill for a small team?
Usually yes for fewer than 5 services and modest traffic. Managed PaaS (Render, Fly.io, Railway) gives you most of the benefits without the operational burden. K8s makes sense above roughly 10-15 services or specific compliance needs.
Should I use Helm or plain manifests?
Helm for any nontrivial deployment with multiple environments. Plain manifests work for simple cases. Kustomize is the middle ground when you want overlays without templating.
What’s the difference between Deployment and StatefulSet?
Deployments are for stateless workloads where Pods are interchangeable. StatefulSets give Pods stable identities (names, network IDs, storage) for things like databases that need to know which replica they are.
Should I run my own database in Kubernetes?
Use a managed database service unless you have specific reasons not to. Operators like CloudNativePG have made it more viable, but the operational burden is still nontrivial.
How do I learn Kubernetes effectively?
Run a local cluster (kind, k3d, or minikube), deploy a real app to it, break things deliberately, and read kubectl get events religiously when something fails. The official tutorial plus a real project beats any course.
