Sacred Systems
The Shrine Archive: Kubernetes Fundamentals for New Followers
Fundamentals are not beginner trivia. They are the vocabulary you need to read incidents, reason about tradeoffs, and govern change safely.
Text
Authored as doctrine; evaluated as systems craft.
A foundational warning
Kubernetes fundamentals are often taught as nouns. The Order teaches them as behaviors. A pod is not an icon. A deployment is not a promise. A service is not a network cable.
Your early competence comes from understanding which part of the system is authoritative, which parts are eventually consistent, and which failures are expected rather than exceptional.
Cluster, node, pod: the physical layer and the fiction layer
A cluster is a set of machines under a shared control plane. Nodes execute; the control plane governs. Pods are the smallest scheduling unit, not a durability boundary.
Kubelet behavior matters: image pulls, eviction under pressure, probe execution, and graceful termination are where workloads either tell the truth or lie.
- Pods are disposable by design; durability lives above them.
- Nodes are failure domains; treat node pressure as a first-class signal.
- Readiness is a contract with traffic; liveness is a contract with restarts.
Deployment and reconciliation
A Deployment is a controller-driven desired state. It expresses how many replicas you want, how updates proceed, and how history is retained.
The operator’s discipline is to understand why reconciliation can stall: admission failures, image pull errors, scheduling constraints, or probes that never become ready.
kubectl
shell
kubectl get deploy,rs,pods -n <ns>
kubectl describe deploy/<name> -n <ns>
kubectl get events -n <ns> --sort-by=.lastTimestamp | tail -n 30Service, ingress, and trust boundaries
Services provide stable identity and load balancing over ephemeral pods. Ingress and gateways define border policy: routing, TLS termination, and exposure.
The Order’s framing: networking is governance. If you cannot explain who can talk to whom, you cannot bound blast radius.
- Service selectors are a form of policy: label hygiene matters.
- Ingress is exposure; treat it like a risk decision with audit trails.
- NetworkPolicy enforcement is CNI-dependent; test, don’t assume.
Suggested path through the shrine
Fundamentals are a map. The archive is the territory. Begin with the Primer, then read the Tenets, then enter deeper discipline pages as your questions sharpen.
- Start: Kubernetes Primer → Five Tenets.
- Then: Control planes → Reconciliation → Scheduling → Network boundaries → Observability.
- Return: Operations Handbook when you can name your failure modes.
Canonical Link
Canonical URL: /library/the-shrine-archive-kubernetes-fundamentals-for-new-followers
Related Readings
Sacred Systems
LibraryKubelet and the Discipline of Obedience
The kubelet is where the platform’s abstract intent becomes real processes. It obeys—but it also refuses when the node is dying.
Doctrine / Theology
LibraryThe Doctrine of Reconciliation
Reconciliation is not a feature; it is the constitutional law of Kubernetes. The cluster stays honest by continuously closing the gap between intent and reality.
Advanced Disciplines
LibraryThe Scheduler and the Ethics of Placement
Placement is policy made physical. When you schedule, you are allocating failure domains, cost, and contention.
Governance & Power
LibraryService Accounts and Delegated Identity
Identity is how the cluster knows who is acting. Delegation is how it limits what they can do.
Advanced Disciplines
LibraryObservability as Revelation
Observability is the discipline of evidence. Without it, incident response becomes storytelling.