Kubernetes Resources¶
Understand the essential Kubernetes resources you'll work with to deploy and manage applications on OpenShift.
Introduction¶
Kubernetes resources are API objects that define the desired state of your applications and infrastructure. Each resource serves a specific purpose in managing workloads, networking, storage, and configuration.
For more detailed explanations, refer to the official Kubernetes documentation.
Resource Organization¶
Namespaces/Projects¶
What it is: Provides logical separation and resource isolation within a cluster.
When to use: To separate applications, teams, or environments (dev, staging, prod).
OpenShift uses Projects, which are Kubernetes namespaces with additional features.
# Create a new project (namespace) for your application
oc new-project my-application
oc project my-application
# View all projects
oc get projects
# Switch projects
oc project production
Workload Resources¶
Pods¶
What it is: The smallest deployable unit in Kubernetes. A pod contains one or more containers that share storage and network.
When to use: Rarely created directly. Usually managed by higher-level resources like Deployments.
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: nginxinc/nginx-unprivileged:alpine
ports:
- containerPort: 8080
# View pods
oc get pods
# Get pod details
oc describe pod nginx-pod
# Access pod logs
oc logs nginx-pod
Deployments¶
What it is: Manages pods and provides declarative updates, scaling, and rollback capabilities.
When to use: For stateless applications that need scaling and rolling updates.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginxinc/nginx-unprivileged:alpine
ports:
- containerPort: 8080
# Create deployment
oc apply -f deployment.yaml
# Scale deployment
oc scale deployment nginx-deployment --replicas=5
# View deployment status
oc get deployments
oc rollout status deployment/nginx-deployment
Jobs and CronJobs¶
What it is: Jobs run pods to completion for batch tasks. CronJobs run Jobs on a schedule.
When to use: For data processing, backups, or scheduled maintenance tasks.
apiVersion: batch/v1
kind: Job
metadata:
name: data-processing
spec:
template:
spec:
containers:
- name: processor
image: my-app:latest
command: ["python", "process-data.py"]
restartPolicy: Never
Networking Resources¶
Routes (OpenShift)¶
What it is: OpenShift-specific resource that exposes services externally with custom hostnames.
When to use: To make your applications accessible from outside the cluster.
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: nginx-route
spec:
to:
kind: Service
name: nginx-service
tls:
termination: edge
Services¶
What it is: Provides stable network access to a set of pods, acting as a load balancer.
Types:
- ClusterIP (default): Internal cluster access only
- NodePort: Exposes service on each node's IP
- LoadBalancer: Cloud provider load balancer
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- port: 80
targetPort: 8080
type: ClusterIP
# View services
oc get services
# Get service endpoints
oc get endpoints nginx-service
# Port forward for testing
oc port-forward service/nginx-service 8080:80
Configuration & Storage¶
ConfigMaps¶
What it is: Stores non-sensitive configuration data as key-value pairs.
When to use: For application configuration files, environment variables, or command-line arguments.
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
log_level: "info"
debug_mode: "false"
config.yaml: |
server:
port: 8080
host: 0.0.0.0
# Create ConfigMap from file
oc create configmap app-config --from-file=config.yaml
# View ConfigMaps
oc get configmaps
# Get ConfigMap details
oc describe configmap app-config
# Use in pod
oc set env deployment/nginx-deployment --from=configmap/app-config
Secrets¶
What it is: Stores sensitive data like passwords, tokens, and certificates.
When to use: For any sensitive configuration data that shouldn't be in plain text.
Security Note
Secrets are base64-encoded, not encrypted. Anyone with read access can decode them. For truly sensitive data, consider external secret management solutions.
apiVersion: v1
kind: Secret
metadata:
name: database-credentials
type: Opaque
data:
username: <base64-encoded>
password: <base64-encoded>
# Create Secret
oc create secret generic database-credentials \
--from-literal=username=admin \
--from-literal=password=secretpassword
# View Secrets (values hidden)
oc get secrets
# Use in deployment (creates env vars from all secret keys)
oc set env deployment/nginx-deployment --from=secret/database-credentials
# Or use specific key as env var
oc set env deployment/nginx-deployment DATABASE_USER=database-credentials:username
Persistent Volumes (PV) and Claims (PVC)¶
What it is: PV represents storage in the cluster. PVC is a request for storage by a user.
When to use: For applications that need persistent data storage.
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: database-storage
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
Resource Relationships¶
Understanding how resources work together:
- Deployments create and manage Pods
- Services provide network access to Pods
- Routes expose Services externally
- ConfigMaps and Secrets provide configuration to Pods
- PVCs provide persistent storage to Pods
- Projects (namespaces) contain and isolate all these resources
Common Commands¶
# Describe any resource
oc describe <resource-type> <name>
# View resource YAML
oc get <resource-type> <name> -o yaml
# Edit resource directly
oc edit <resource-type> <name>
# Delete resources
oc delete <resource-type> <name>
Next Steps¶
Now that you understand Kubernetes resources, continue learning:
- Navigate OpenShift Console - Explore your resources in the web console
- Basic Commands - Essential CLI commands for daily use
Ready for advanced topics:
- Deploy with GitOps - Automated deployment workflows
- Secrets - Secure configuration handling