Kubernetes Core
Kubernetes is a distributed control system. Users submit desired state to the API server, controllers continuously reconcile actual state toward desired state, the scheduler decides placement, and kubelet executes work on each node.
Mental model to keep
- API is the contract: objects, policy, and automation should flow through the Kubernetes API or through an abstraction with a clear lifecycle.
- Controllers are loops: failures often come from non-idempotent reconciliation, stuck finalizers, or dependencies without readiness signals.
- Scheduler is the capacity brain: resource requests, taints, affinity, topology spread, and priority decide whether the cluster uses capacity correctly.
- Networking is a policy surface: service discovery, ingress, egress, NetworkPolicy, DNS, and service mesh directly shape blast radius.
- Storage is a state contract: StorageClass, PVCs, backup, restore, and topology need the same review discipline as data architecture.
Production reading order
Boundary diagram
Senior review questions
| Area | Question |
|---|---|
| API | Can any object bypass GitOps or admission policy? |
| Scheduling | Do critical workloads have correct priority, topology spread, PDBs, and resource requests? |
| Network | Is default deny enforced by namespace where isolation matters? |
| Storage | Has the restore path been tested with a real workload? |