DevOps

Kubernetes Tutorial: From Zero to Production

A hands-on Kubernetes tutorial that takes you from zero to deploying and managing containerized applications on a local cluster. Learn core concepts, write YAML manifests, use Helm, explore advanced topics, and understand how Kubernetes works in production on AWS EKS, Google GKE, and Azure AKS.

Wayne Cheng

30 min read

Published

Complete Tutorial Code

Follow along with the complete source code for this Kubernetes tutorial. Includes setup, deployments, services, Helm charts, advanced topics, and production guidance across six chapters.

View on GitHub

What is Kubernetes?

Kubernetes (often abbreviated as K8s) is an open-source container orchestration platform originally developed by Google. It automates the deployment, scaling, and management of containerized applications across a cluster of machines.

At its core, Kubernetes answers the question: “I have many containers — how do I run them reliably, at scale, across multiple machines?”

Self-Healing

Automatically restarts failed containers, replaces and reschedules them when nodes die — keeping your application running without manual intervention.

Horizontal Scaling

Scale your application up or down with a single command or automatically based on CPU/memory usage using the Horizontal Pod Autoscaler.

Load Balancing

Distributes network traffic so deployments are stable. Built-in service discovery lets containers find each other by name without hardcoded IPs.

Secret & Config Management

Store and manage sensitive information separately from your container image using ConfigMaps & Secrets — keeping credentials out of your codebase.

When Should You Use Kubernetes?

Kubernetes is a powerful tool, but it's not always the right one. Here's how it compares to other deployment strategies:

✅ Use Kubernetes when:

You have multiple microservices that need to communicate, scale independently, and be deployed separately.
You need fine-grained control over resource allocation (CPU, memory limits per service).
You need multi-cloud or hybrid-cloud portability — your app runs the same way on AWS, GCP, Azure, or on-prem.
You need advanced deployment strategies like canary releases, blue/green deployments, or A/B testing.
You're operating at significant scale (dozens of services, hundreds of instances).

⚡ Use Serverless (e.g., Vercel / Next.js) when:

You're building a frontend-heavy or full-stack web app where the platform handles all infrastructure.
You want zero infrastructure management — just push code and it's live.
Your traffic is unpredictable or low — serverless scales to zero and you only pay for what you use.

🖥️ Use Provisioned Resources (e.g., AWS EC2) when:

You need a specific OS environment or custom kernel configuration.
You're running legacy applications that aren't containerized.
You're doing GPU-intensive workloads (ML training) where you need direct hardware access.

Prerequisites

Before starting, make sure you have:

A computer running macOS, Linux, or Windows (WSL2 recommended on Windows)
Basic familiarity with the command line / terminal
Docker installed and running

Tutorial Chapters

The tutorial is organized into six chapters plus a core concepts reference guide. Work through them in order for the best learning experience.

🛠️ Chapter 01 — Setup

Install the required tools, create your first k3d cluster, and explore it with kubectl. By the end of this chapter you'll have a fully functional local Kubernetes cluster running on your machine.

k3dkubectlDockerLocal Cluster

🚀 Chapter 02 — Deployment

Write YAML manifests, create namespaces, deploy an application, and verify it with BusyBox. Learn the fundamental building blocks of Kubernetes workloads — Pods, ReplicaSets, and Deployments.

YAML ManifestsNamespacesPodsDeploymentsBusyBox

🌐 Chapter 03 — Services and Beyond

Expose your app with a LoadBalancer Service, add resource limits, and learn Kubernetes architecture. Understand how traffic flows from the outside world into your cluster and between services.

ServicesLoadBalancerClusterIPResource LimitsArchitecture

⛵ Chapter 04 — Helm

Use Helm — the Kubernetes package manager — to install, upgrade, and roll back applications on a k3d cluster with podinfo. Learn how Helm charts simplify complex deployments and enable repeatable releases.

HelmHelm ChartspodinfoUpgradesRollbacks

🔬 Chapter 05 — Advanced Topics

Pod controllers (Deployment, DaemonSet, Job), stateful workloads, security contexts, Snyk scanning, Prometheus & Grafana monitoring, and Horizontal Pod Autoscaler. Everything you need to run production-grade workloads.

DaemonSetStatefulSetJobsHPAPrometheusGrafanaSnyk

☁️ Chapter 06 — Kubernetes in Production

How this tutorial compares to on-prem and managed cloud Kubernetes. Deep dive on AWS EKS, Google GKE, and Azure AKS — understand the trade-offs and operational considerations for each managed Kubernetes offering.

AWS EKSGoogle GKEAzure AKSOn-PremProduction

Chapter 01 — Setup

The first chapter gets your local Kubernetes environment up and running using k3d — a lightweight wrapper that runs k3s (a minimal Kubernetes distribution) inside Docker containers. This means you get a real, multi-node Kubernetes cluster without needing a cloud provider or a powerful machine.

1
Install k3d:
brew install k3d
2
Create a cluster:
k3d cluster create my-cluster
3
Verify the cluster is running:
kubectl get nodes
4
Explore the cluster:
kubectl get all --all-namespaces

Chapter 02 — Deployment

In this chapter you write your first Kubernetes YAML manifests and deploy a real application. You'll learn the difference between a Pod (the smallest deployable unit), a ReplicaSet (ensures N copies are always running), and a Deployment (manages rolling updates and rollbacks).

# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-app
  namespace: my-namespace
spec:
  replicas: 3
  selector:
    matchLabels:
      app: my-app
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
        - name: my-app
          image: nginx:latest
          ports:
            - containerPort: 80
          resources:
            requests:
              cpu: "100m"
              memory: "128Mi"
            limits:
              cpu: "250m"
              memory: "256Mi"

After applying the manifest with kubectl apply -f deployment.yaml, you can verify the deployment using a BusyBox pod — a minimal Linux container that lets you run commands inside the cluster to test connectivity and DNS resolution between services.

Chapter 03 — Services and Beyond

A Deployment runs your Pods, but a Service is what makes them accessible — either within the cluster or from the outside world. This chapter covers the three most important Service types and how to add resource limits to your containers.

🔵 ClusterIP (default)

Exposes the service on an internal IP within the cluster. Only reachable from within the cluster. Use this for internal service-to-service communication.

🟢 NodePort

Exposes the service on each node's IP at a static port. Accessible from outside the cluster using NodeIP:NodePort. Useful for development and testing.

🟠 LoadBalancer

Exposes the service externally using a cloud provider's load balancer. On k3d, this is handled by the built-in load balancer. The standard way to expose services in production.

Chapter 04 — Helm

Helm is the package manager for Kubernetes. Instead of managing dozens of raw YAML files, Helm lets you install, upgrade, and roll back applications using charts — pre-packaged collections of Kubernetes resources with configurable values.

1
Add the podinfo Helm repository:
helm repo add podinfo https://stefanprodan.github.io/podinfo
2
Install the chart:
helm install my-podinfo podinfo/podinfo
3
Upgrade with custom values:
helm upgrade my-podinfo podinfo/podinfo --set replicaCount=3
4
Roll back to the previous release:
helm rollback my-podinfo 1

Chapter 05 — Advanced Topics

This chapter covers the advanced Kubernetes features you'll encounter in real production environments.

Pod Controllers

Beyond Deployments, Kubernetes has specialized controllers for different workload types:

DaemonSet — runs one Pod per node (e.g., log collectors, monitoring agents)
StatefulSet — for stateful workloads like databases that need stable network identities and persistent storage
Job / CronJob — run a task to completion once or on a schedule

Horizontal Pod Autoscaler (HPA)

The HPA automatically scales the number of Pod replicas based on observed CPU utilization or custom metrics. Set a target CPU percentage and min/max replica counts — Kubernetes handles the rest, scaling up under load and back down when traffic drops.

Security Contexts & Snyk Scanning

Security contexts let you define privilege and access control settings for Pods and containers — running as non-root, read-only filesystems, dropping Linux capabilities. Snyk scanning integrates into your CI pipeline to catch vulnerabilities in container images before they reach production.

Prometheus & Grafana Monitoring

Install the kube-prometheus-stack Helm chart to get Prometheus (metrics collection) and Grafana (visualization) running in your cluster in minutes. Pre-built dashboards give you instant visibility into cluster health, node resource usage, and application metrics.

Chapter 06 — Kubernetes in Production

The final chapter bridges the gap between your local k3d cluster and real production Kubernetes. It covers the three major managed Kubernetes offerings and what you need to know before going live.

AWS EKS (Elastic Kubernetes Service)

AWS's managed Kubernetes offering. Deep integration with IAM, ALB Ingress Controller, EBS/EFS storage, and CloudWatch. Fargate support lets you run Pods without managing EC2 nodes. The most feature-rich option if you're already in the AWS ecosystem.

IAM IntegrationFargateALB Ingresseksctl

Google GKE (Google Kubernetes Engine)

Google invented Kubernetes, and GKE shows it. Autopilot mode fully manages the node infrastructure for you. Best-in- class auto-upgrade, auto-repair, and Workload Identity for secure GCP service access. Often considered the most “Kubernetes-native” experience.

AutopilotWorkload IdentityAuto-Upgradegcloud

Azure AKS (Azure Kubernetes Service)

Microsoft's managed Kubernetes offering. Strong integration with Azure Active Directory, Azure Container Registry, and Azure Monitor. Virtual Nodes (backed by Azure Container Instances) allow burst scaling without pre- provisioned VMs. The natural choice for Microsoft-centric organizations.

Azure ADVirtual NodesACR Integrationaz cli

Key Concepts Demonstrated

Core Kubernetes Objects

Pods, ReplicaSets, Deployments, Services, ConfigMaps, Secrets, Namespaces — the fundamental building blocks of every Kubernetes application.

Helm Package Management

Installing, upgrading, and rolling back applications using Helm charts — the standard way to distribute and manage Kubernetes applications.

Autoscaling

Horizontal Pod Autoscaler (HPA) for automatic replica scaling based on CPU/memory metrics — keeping your app responsive under variable load without over-provisioning.

Security Best Practices

Security contexts, non-root containers, read-only filesystems, Snyk vulnerability scanning, and RBAC — the security layers that protect production Kubernetes clusters.

Observability

Prometheus metrics collection and Grafana dashboards for real-time visibility into cluster health, resource utilization, and application performance.

Managed Cloud Kubernetes

How AWS EKS, Google GKE, and Azure AKS differ from a local cluster — node management, IAM integration, storage classes, ingress controllers, and production operational considerations.

Reference: Core Concepts

New to containers or Docker? The repository includes a Core Concepts reference guide that explains what a container is, how Docker works, and the fundamental Kubernetes building blocks before you dive into the hands-on chapters.

What is a Container? — How containers differ from VMs and why they're the foundation of modern deployments
Docker Basics — Images, containers, volumes, and the Docker daemon
Kubernetes Building Blocks — Pods, Nodes, the Control Plane, etcd, ConfigMaps & Secrets explained