NOTE: This is an optional bonus section. You do not need to read it, but if you're interested in digging deeper, this is for you.
This section provides advanced troubleshooting techniques, security best practices, and real-world challenges to strengthen your Kubernetes knowledge.
Step 1: Troubleshooting Kubernetes Cluster Issues
When things go wrong, systematic troubleshooting is key. Here’s how you diagnose common Kubernetes issues.
Node Not Ready
Check node status
kubectl get nodes
kubectl describe node <node-name>
Investigate Kubelet logs
journalctl -u k3s -n 50 --no-pager
Verify system resources
free -m # Check available memory
df -h # Check disk space
htop # Monitor CPU usage
Possible Fixes
- Restart K3s on the failing node:
systemctl restart k3s - Ensure network connectivity:
ping <control-plane-ip>
Pods Stuck in "Pending" or "CrashLoopBackOff"
Check pod status
kubectl get pods -A
kubectl describe pod <pod-name>
kubectl logs <pod-name>
Possible Fixes
- If insufficient resources, scale up the cluster.
- If missing images, check container registry authentication.
- If misconfigured storage, inspect volumes:
kubectl get pvc
Step 2: Securing Kubernetes Deployments
Security is crucial in enterprise environments. Here are quick wins for a more secure Kubernetes cluster.
Limit Pod Privileges
Disable privileged containers
securityContext:
privileged: false
Enforce read-only file system
securityContext:
readOnlyRootFilesystem: true
Restrict Network Access
Use Network Policies to restrict pod communication
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
Use Pod Security Admission (PSA)
Enable PSA to enforce security levels:
kubectl label --overwrite ns my-namespace pod-security.kubernetes.io/enforce=restricted
Step 3: Performance Optimization Tips
Enhance Kubernetes efficiency with these quick optimizations:
Optimize Resource Requests & Limits
Set appropriate CPU & Memory limits in deployments:
resources:
requests:
cpu: "250m"
memory: "256Mi"
limits:
cpu: "500m"
memory: "512Mi"
Why? Prevents a single pod from consuming excessive resources.
Enable Horizontal Pod Autoscaling (HPA)
Auto-scale pods based on CPU or memory usage:
kubectl autoscale deployment my-app --cpu-percent=50 --min=2 --max=10
Step 4: Bonus Challenge - Build a Secure, Scalable App
Challenge:
- Create a secure containerized app
- Deploy it in Kubernetes
- Implement Network Policies
- Apply Pod Security Standards
Helpful Resources:
Conclusion
This bonus section strengthens your Kubernetes troubleshooting, security, and performance tuning skills. Apply these principles in real-world deployments!