Spectral now part of Check Point’s CloudGuard to provide the industry’s most comprehensive security platform from code to cloud Read now

The Developer’s Guide to a Seamless Kubernetes Deployment

By Eyal Katz August 2, 2022

To grasp the concept of a Kubernetes Deployment and Kubernetes Deployment strategy, let’s begin by explaining the two different meanings of the term “deployment” in a Kubernetes environment:

  • A Kubernetes deployment (with a lowercase d) is the process of installing a new version of an application or workload onto Kubernetes pods.
  • A Kubernetes Deployment (with a capital D) is a Kubernetes object that has its own YAML configuration and allows you to define how a deployment should take place, what specifically should be deployed, and how requests should be routed to the newly installed application.

Kubernetes Deployment allows you to make declarative updates for pods and ReplicaSets. You can define a desired state and the Deployment Controller will continuously deploy new pod instances to change the current state to the desired state at a controlled rate. 

Running Kubernetes Deployment has the benefit of automating the procedures necessary for scaling, deploying, and updating your applications. This simplifies the process of rolling out new microservices, applications, or updates to existing apps.

By eliminating manual and repetitive tasks, this automation frees up resources within your IT management. The Deployment Controller continuously monitors to make sure the pods and nodes are functioning properly. It replaces or bypasses failing pods and nodes, resulting in quicker deployments and fewer mistakes.

The most typical use cases for Kubernetes Deployments include:

  • Create: You can create a Deployment to roll out new ReplicaSets and pods. You can check the status of the rollout to see if it succeeds or not.
  • Update: By updating the PodTemplateSpec of the Deployment, you can declare a new state for the pods. The Deployment manages the transfer of the pods from the old ReplicaSet to the new ReplicaSet at its creation. The revision of the Deployment is updated with each new ReplicaSet.
  • Rollback: You can revert the Kubernetes Deployment to a previous revision, which is helpful if the current state is unstable. Each rollback updates the revision of the Deployment.
  • Scale: You can increase the number of pods and ReplicaSets in the Kubernetes Deployment without changing them.
  • Pause: You can pause the rollout of a Deployment to apply multiple fixes to its PodTemplateSpec, and then resume to begin a new rollout.

How Kubernetes Deployments Work

The elements of a Kubernetes Deployment include: 

  • YAML file: This is the desired state for your Kubernetes cluster that you define. It serves as the basis for your Kubernetes Deployment.
How Kubernetes Deployments work
  • Pods: These are the wrappers for containers. Pods are useful because containers in the same pod share their lifecycle and storage resources.
Kubernetes pods
  • ReplicaSet:  ReplicaSets are groups of identically configured pods. If a pod fails, a new pod is created. ReplicaSets ensure that the type and number of pods described in the YAML file for a Kubernetes deployment are running at all times. 
  • Kube-controller/manager: The controller changes the current state of the cluster to match the desired state described in the YAML. The controller creates new pods and ReplicaSets, while also updating or removing existing ones.
  • Kube-scheduler: The scheduler determines how the pods and ReplicaSets are deployed within your worker nodes. The scheduler also distributes traffic to those nodes.
  • Roll-out: This is the process of reconfiguring the cluster from its current state to the desired state.

The elements function together for the Kubernetes Deployment in this order:

Step 1: Create a YAML file describing the desired state configuration of the cluster.

Step 2: Use kubectl (Kubernetes command-line interface) to apply the YAML file to the cluster.

Step 3: Kubectl then submits the request to the kube-apiserver, which authenticates and authorizes the request before recording the change in a database.

Step 4: The kube-controller/manager continuously monitors the system for new requests and then strives toward reconciling the current state to the desired state by creating deployments, pods, and ReplicaSets in the process.

Step 5: Once all of the controllers have run, the kube-scheduler will see that there are pods in the pending state because they haven’t yet been scheduled to run on a node. The scheduler finds suitable nodes for these pods, then communicates with the kubelet in each node to take control and begin the deployment.

To summarize, the user sets the definitions using a Kubernetes Deployment, and Kubernetes takes over to ensure that the pods meet these new requirements, implementing any necessary changes.

Kubernetes node structure

Deployment Outcomes to Aim For

The ideal outcomes you’ll want to achieve from Kubernetes Deployments include: 

  1. Observability: Strive to make the Deployment process observable so that you can know exactly what’s happening at any location and at any point in time.
  1. YAML: Strive to reduce the amount of YAML you need to write for your Deployments to take place.
  1. Git: Strive to define everything within Git. You can use Github and define all of your resources declaratively.
  2.  Automation: Strive to automate everything so that you can really be sure that your deployment is processing the way it’s supposed to while reducing errors and fix-time. 
  3. Frequent deployment: Strive to deploy often in order to respond to external factors as fast as possible. This helps to avoid vendor lock-in or dependency on tools. 

Kubernetes Deployment Strategies for Zero Downtime

A Kubernetes Deployment strategy defines the creation, upgrading, and downgrading procedures for different versions of Kubernetes applications. In a traditional software environment, application deployments or upgrades often result in service disruption and downtime. Kubernetes helps to avoid downtime by providing a variety of deployment strategies that allow you to make rolling updates on multiple application instances.

Kubernetes Deployment strategies support a wide range of application development and deployment requirements. Because each Kubernetes deployment strategy has its own advantages, choosing what strategy is right for you simply depends on your needs and goals. So here is a roundup of seven Kubernetes Deployment strategies that you might want to consider with this in mind. 

It is important to realize that only the Rolling and Recreate deployments are default deployments built into the Kubernetes system. It is possible to perform the other types of deployments in Kubernetes, but it will require some customization or specialized tooling.

Kubernetes Deployment strategies:

  1. Rolling: The rolling update strategy enables seamless, incremental migration from an older application version to a newer one. When a new ReplicaSet containing the new version is launched, the replicas of the old version are terminated. Eventually, all of the old version pods are terminated and replaced by the new version pods. Pros: Minimizes downtime and provides security guarantees.
  1. Recreate: The recreate strategy terminates the currently running pod instances and refreshes them with a new version. This strategy is commonly used in a development environment where user activity is not an issue. There will be some downtime during the recreate process, occurring during the span of time when old containers are stopped and the new containers are not yet ready to handle incoming requests. Pros: Fast and consistent.
  1. Ramped slow rollout: This deployment strategy distributes new replicas while shutting down old replicas. To prevent downtime, this deployment methodically replaces each pod, one at a time. When new pods are ready, old pods are scaled down. You can pause or cancel a Kubernetes deployment if there are issues, without taking the entire cluster offline.
  1. Best-effort controlled rollout: This deployment strategy includes a “max unavailability” parameter that determines how many existing pods can be unavailable during an upgrade, allowing for a faster rollout.
  1. Canary: This deployment strategy allows you to release a new version to a small group of users in order to test functionality or gauge how new code will impact the overall operation of a system. Once tested, replicas of the new version can be scaled up, replacing the old version in an orderly manner. Pros: Seamless to users, makes it possible to evaluate a new version and get user inputs with low risk.
Kubernetes Canary
  1. Blue/Green: This deployment strategy allows you to release a new version (blue) of your application or workflow while your current version (green) is still running. You can, therefore, test the blue version in production while only exposing users to the green, stable version. Once tested, the blue version gradually replaces the green version.  Although this provides a rapid rollout that avoids versioning issues, this strategy requires twice the resource utilization since both versions are running simultaneously until cutover. Pros: No downtime and low risk, easy to switch traffic back to the current working version in case of issues.
Kubernetes Blue/Green
  1. A/B testing: The A/B testing strategy targets a specific group of customers. It’s used to test how effective the new version is at achieving business goals and is distributed to users based on factors such as cookies, geolocation, operating system, and device type. In this strategy, the new version normally runs alongside the current version and scales up gradually as it proves its worth. Pros: Makes it possible to test multiple versions of a new deployment.

Start off on the right foot by building security into the development phase

Regardless of whether your goals are to decrease time to market, operate with greater flexibility, create deployments with zero downtime, or release apps and features more quickly or frequently, determining the best Kubernetes Deployment strategy is certainly essential to creating resilient infrastructure and applications. 

But what’s it all worth if it’s not protected from the start? It’s important to adopt a DevSecOps approach that incorporates security as a fundamental aspect of all stages in the application development life cycle. Finding security issues as early as possible is the ideal approach. Security issues can undermine the success of your efforts. To strengthen your Kubernetes configurations and ship software quickly and without worry, you can leverage an automated security scanner to find harmful security errors in code, exposed secrets, and other artifacts in real-time. Try it out with a free account today.

Related articles

3 Weeks into the GitHub CoPilot secrets leak – What have we learned

Artificial intelligence has long been heralded as the solution to all our problems: “Don’t worry about it – let the computers do the worrying for you”.

how does infrastructre as code on aws work

How Does Infrastructure as Code on AWS work? 

Imagine having to manually provision and configure every device in a large corporation. Then visualize the upgrade process. How about patching? Then, picture ensuring conformity on

top 12 cloud security solutions

Top 12 Cloud Security Tools for 2021

A recent survey of nearly 2,000 IT professionals found that while most (85%) enterprises believe cloud technologies are critical to innovation, only 40% actually have a security policy

Stop leaks at the source!