Kubernetes has hundreds of object types, and the documentation introduces them like you're about to operate the cluster. As an application developer, you don't need most of them. You need maybe eight, and once they click, deploying to Kubernetes stops feeling like sorcery.
Here are the eight objects that cover almost everything you'll touch, in the order they build on each other.
1. Pod — the unit that actually runs
A Pod is one or more containers that share a network and lifecycle. It's the smallest thing Kubernetes schedules. You'll rarely create Pods directly — but everything else exists to manage them, so it's the mental foundation.
apiVersion: v1
kind: Pod
metadata: { name: web }
spec:
containers:
- name: web
image: myapp:1.4.0
ports: [{ containerPort: 8080 }]
Key fact: Pods are cattle, not pets. They get killed, rescheduled, and replaced. Never assume one stays alive or keeps its IP.
2. Deployment — how you actually run Pods
A Deployment manages a set of identical Pods: it keeps N replicas running, replaces crashed ones, and rolls out new versions without downtime. This is what you write 90% of the time.
apiVersion: apps/v1
kind: Deployment
metadata: { name: web }
spec:
replicas: 3
selector: { matchLabels: { app: web } }
template:
metadata: { labels: { app: web } }
spec:
containers:
- name: web
image: myapp:1.4.0
Change the image, kubectl apply, and Kubernetes rolls Pods one batch at a time. Bad release? kubectl rollout undo.
3. Service — a stable address for unstable Pods
Pods come and go, so you never talk to them directly. A Service gives a fixed DNS name and load-balances across whichever Pods currently match its selector.
apiVersion: v1
kind: Service
metadata: { name: web }
spec:
selector: { app: web }
ports: [{ port: 80, targetPort: 8080 }]
Now other Pods reach it at http://web. The Service tracks the Pods for you.
4. Ingress — getting traffic in from the outside
A Service is internal by default. An Ingress exposes HTTP routes to the world and handles host/path routing and TLS, so one load balancer can serve many services.
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata: { name: web }
spec:
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend: { service: { name: web, port: { number: 80 } } }
5. ConfigMap — configuration that isn't secret
Keep config out of your image so the same image runs in dev, staging, and prod. A ConfigMap holds non-sensitive key/values you inject as env vars or files.
apiVersion: v1
kind: ConfigMap
metadata: { name: web-config }
data: { LOG_LEVEL: "info", FEATURE_X: "true" }
6. Secret — configuration that is sensitive
Same idea, for credentials and tokens. Reference them as env vars or mounted files and keep them out of your image and your git history. (Enable encryption-at-rest and RBAC — a base64 Secret isn't encrypted by default.)
env:
- name: DB_PASSWORD
valueFrom: { secretKeyRef: { name: db, key: password } }
7. Liveness & readiness probes — let the cluster heal you
These aren't separate objects, but they live in your Deployment and they're the difference between "self-healing" and "silently broken." Readiness decides if a Pod should receive traffic; liveness decides if it should be restarted.
readinessProbe: { httpGet: { path: /healthz, port: 8080 }, initialDelaySeconds: 5 }
livenessProbe: { httpGet: { path: /healthz, port: 8080 }, periodSeconds: 10 }
Skip these and Kubernetes will happily route traffic to a Pod that's still booting or wedged.
8. Resource requests & limits — be a good neighbor
Tell the scheduler what each Pod needs (requests) and the ceiling it can't exceed (limits). Without these, one runaway Pod can starve the node.
resources:
requests: { cpu: "100m", memory: "128Mi" }
limits: { cpu: "500m", memory: "512Mi" }
The mental model
Read top to bottom and it's a pipeline: a Deployment keeps Pods running, a Service gives them a stable address, an Ingress lets the outside reach them, and ConfigMaps/Secrets feed them configuration — while probes and resource limits keep the whole thing healthy. Master these eight and you can deploy and debug the vast majority of real workloads without ever touching the cluster internals.
The remaining friction is writing all that YAML correctly and consistently. If you'd rather start from working, commented manifests than a blank file, the Kubernetes Manifests Pack ships production-ready templates for exactly these objects — Deployment, Service, Ingress, probes, and resource policies — so your first deploy is a fill-in-the-blanks job.
Bottom line
Kubernetes is wide but shallow for developers: a small set of objects does the heavy lifting for application workloads. Learn these eight, wire up probes and limits, and the platform becomes a tool you use instead of a system you fear.
Top comments (0)