What You'll Learn
Everything about Kubernetes Pods — the fundamental building block of Kubernetes. Covers pod lifecycle, multi-container pods, init containers, resource management, and practical kubectl commands.
What is a Pod?
A Pod is the smallest deployable unit in Kubernetes. Unlike Docker, where you deploy individual containers, Kubernetes deploys Pods — which can contain one or more containers that share:
- The same network namespace (same IP, same ports)
- The same storage volumes
- The same lifecycle (start and stop together)
Pod vs Container vs Deployment
| Concept | What It Is | When To Use |
|---|---|---|
| Container | Docker container — your application process | Build stage |
| Pod | One or more containers with shared networking | Rarely created directly |
| ReplicaSet | Ensures N copies of a Pod are always running | Managed by Deployment |
| Deployment | Manages ReplicaSets, handles rolling updates | Stateless applications |
Writing Your First Pod Manifest
pod.yaml — Simple Nginx Pod
apiVersion: v1
kind: Pod
metadata:
name: my-nginx
namespace: default
labels:
app: nginx
version: "1.25"
spec:
containers:
- name: nginx
image: nginx:1.25-alpine
ports:
- containerPort: 80
name: http
resources:
requests: # Minimum resources needed to schedule
memory: "64Mi"
cpu: "50m" # 50 millicores = 0.05 CPU cores
limits: # Maximum allowed
memory: "128Mi"
cpu: "100m"
livenessProbe: # Is the container alive?
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 30
failureThreshold: 3
readinessProbe: # Is the container ready for traffic?
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
env:
- name: NGINX_HOST
value: "example.com"
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: my-secret
key: api-key
restartPolicy: AlwaysPod Lifecycle
Pending
Scheduled but containers not started
Running
All containers running
Succeeded
All containers exited successfully
Failed
At least one container failed
Unknown
State cannot be determined
Multi-Container Pods — Sidecar Pattern
The most common multi-container pattern is the sidecar — a helper container that augments the main application.
sidecar-pod.yaml — App + Log Shipper
apiVersion: v1
kind: Pod
metadata:
name: app-with-sidecar
spec:
volumes:
- name: shared-logs
emptyDir: {} # Temporary volume shared between containers
containers:
# Main application container
- name: app
image: my-app:1.0
volumeMounts:
- name: shared-logs
mountPath: /var/log/app
# Sidecar: ships logs to central logging system
- name: log-shipper
image: fluent/fluent-bit:2.1
volumeMounts:
- name: shared-logs
mountPath: /var/log/app
readOnly: true
env:
- name: FLUENTBIT_OUTPUT
value: "elasticsearch"
# Init container: runs BEFORE main containers start
initContainers:
- name: init-db-check
image: busybox:1.35
command: ['sh', '-c', 'until nslookup postgres; do echo waiting; sleep 2; done']Essential kubectl Pod Commands
bash
# Create / Apply
kubectl apply -f pod.yaml
kubectl run my-pod --image=nginx:alpine # Imperative (quick test)
# View pods
kubectl get pods # All pods in current namespace
kubectl get pods -n kube-system # Pods in kube-system namespace
kubectl get pods -A # All namespaces
kubectl get pods -o wide # Include node, IP info
kubectl get pods -w # Watch for changes
kubectl get pod my-nginx -o yaml # Full YAML output
# Describe / Debug
kubectl describe pod my-nginx # Detailed info + events
kubectl logs my-nginx # Container logs
kubectl logs my-nginx -c log-shipper # Specific container logs
kubectl logs -f my-nginx # Follow logs
kubectl logs my-nginx --previous # Logs from crashed container
# Execute in pod
kubectl exec -it my-nginx -- bash
kubectl exec -it app-with-sidecar -c app -- sh # Specific container
# Port forwarding (testing without a Service)
kubectl port-forward pod/my-nginx 8080:80
# Delete
kubectl delete pod my-nginx
kubectl delete -f pod.yamlDiagnosing Common Pod Issues
CrashLoopBackOff
Container keeps crashing and restarting. Kubernetes uses exponential backoff between restarts.
kubectl logs pod-name --previous # Logs from the CRASHED run
kubectl describe pod pod-name # Check the Events sectionPending Forever
Pod stuck in Pending — usually means no node can satisfy the scheduling requirements.
kubectl describe pod pod-name # Look for: "Insufficient memory" or "0/3 nodes are available"
kubectl get nodes # Check node status
kubectl describe node node-name # Check node conditionsOOMKilled
Container exceeded its memory limit and was killed by the kernel OOM (Out Of Memory) killer.
kubectl describe pod pod-name # State: OOMKilled
# Fix: Increase memory limits or find memory leakNext Steps
Practice Exercises
- 1. Create a Pod running the
redis:7image - 2. Add a liveness probe that checks port 6379
- 3. Create a multi-container pod (nginx + curl sidecar)
- 4. Debug a deliberately broken pod (
image: nginx:broken)
What To Learn Next
- → Deployments (manage multiple pod replicas)
- → Services (expose pods to network traffic)
- → ConfigMaps & Secrets (configuration management)
- → Helm (package manager for Kubernetes)