Official docs
Kubernetes Documentation
The official source on architecture, facilities, networking, storage and operational practices.
Kubernetes — a container orchestration system for automating deployment, scaling and operation of applications. The basic idea of Kubernetes: describe it desired state through API objects, and the control plane brings the cluster to this state through a reconciliation loop.
Current version and context
Docs channel
Latest docs: v1.35
As of February 10, 2026, the official docs lists the current branch as v1.35.
Latest release
Kubernetes v1.35.0
Release 1.35.0 was published on December 17, 2025 on the official releases page.
Rule of thumb
Always check the docs version
API and behavior may differ between minor versions, so check the docs selector.
High-Level Architecture
In Kubernetes, the control plane manages state, the scheduler selects nodes for Pods, the kubelet executes workloads on nodes, and the Service/Ingress (or Gateway API) provides stable network access.
Вертикальная схема показывает путь сверху вниз: API-запросы попадают в control plane, scheduler/controllers размещают и синхронизируют workload, а worker-ноды исполняют Pods и отправляют статус обратно в контур reconciliation.
Basic API objects
Namespace
Logical division of the cluster for teams, environments and quota/policy boundaries.
Pod
Minimum deployable unit: one or more tightly coupled containers.
Deployment
Declarative rollout/rollback of stateless workloads via ReplicaSet.
Service
Stable access point and service discovery over dynamic Pod IP.
ConfigMap & Secret
External configuration and sensitive data outside the container image.
PersistentVolume & PVC
Storage abstraction and declarative volume query for stateful applications.
Workload primitives: what to use when
| Primitive | Best fit | Why |
|---|---|---|
| Deployment | stateless web/API | rolling updates, rollback, auto-healing replicas |
| StatefulSet | stateful systems (DB, brokers) | stable identity, ordered rollout, volume per replica |
| DaemonSet | node-level agents | one Pod per node: logging, metrics, security agents |
| Job / CronJob | batch workloads | run-to-completion tasks and periodic jobs |
Network and traffic
Service as a basic input
Service provides a stable endpoint on top of Pods and provides service discovery. For external traffic, Ingress Controller or Gateway API is usually used.
Ingress status in docs
In the official docs Ingress is marked as frozen: new features are being developed in the Gateway API. For new platforms, this is an important architectural reference.
Storage and stateful loads
- PersistentVolume describes a real volume resource in a cluster or cloud backend.
- PersistentVolumeClaim is a declarative request for storage by an application.
- StorageClass + dynamic provisioning allows you to automatically provision volumes.
- For stateful systems, the combination StatefulSet + PVC per replica is often used.
Security minimum
Access and identity
Basic circuit: authentication + authorization + admission control and RBAC. Namespace boundaries and ServiceAccount provide a working model of rights at the start.
Secrets and supply chain
Secrets don't have to live in images and git; add rotation, external secret manager and scanning of container images to the CI/CD pipeline.
Day 1 / Day 2 checklist
- Day 1: define namespace strategy, resource requests/limits and network policy baseline.
- Day 1: agree on rollout policy (rolling/canary/blue-green) and health probes.
- Day 2: add HPA/VPA (or cluster autoscaling) to link load and capacity.
- Day 2: provide observability using four signals: logs, metrics, traces, events.
- Day 2: RBAC revision, Secrets management and supply-chain scanning of images.