: Exposes the Service on each Node's IP at a static port. It makes the service accessible from outside the cluster.
Storage volumes that follow the lifecycle of the pod. When a pod is deleted, the ephemeral volume data is deleted with it (e.g., emptyDir ). Security, Access Control, & Isolation 37. Namespaces
Exposes the Service externally using a cloud provider's load balancer. It automatically routes traffic down to NodePorts. 23. Ingress : Exposes the Service on each Node's IP at a static port
A directory accessible to the containers in a pod. A simple volume ceases to exist when its enclosing pod ceases to exist. 34. PersistentVolume (PV)
Similar to a ConfigMap but specifically intended to hold a small amount of sensitive data, such as passwords, tokens, or keys. 33. Volume When a pod is deleted, the ephemeral volume
Before deploying applications, you must understand the underlying control plane and worker node mechanics.
Defines a set of permissions. Roles apply to a specific namespace, while ClusterRoles apply cluster-wide. 40. RoleBinding / ClusterRoleBinding It automatically routes traffic down to NodePorts
The pulse check. Determines if a container needs to be restarted because it has entered a deadlocked state. 47. Readiness Probe
The front door. Everything you do (kubectl, GUI, automation) talks to the API Server. It validates and configures data for the etcd database.
Provides declarative updates for Pods and ReplicaSets (ideal for stateless apps).