Kubernetes · DevOpsadvanced

Kubernetes Deployment (JSON)

A Kubernetes Deployment manifest in JSON with replicas, a rolling-update strategy, resource limits, probes and a security context — production defaults.

kubernetesk8sdeploymentdevopscontainers

Preview

{
  "apiVersion": "apps/v1",
  "kind": "Deployment",
  "metadata": {
    "name": "web",
    "labels": {
      "app": "web"
    }
  },
  "spec": {
    "replicas": 3,
    "selector": {
      "matchLabels": {
        "app": "web"
      }
    },
    "strategy": {
      "type": "RollingUpdate",
      "rollingUpdate": {
        "maxSurge": 1,
        "maxUnavailable": 0
      }
    },
    "template": {
      "metadata": {
        "labels": {
          "app": "web"
        }
      },
      "spec": {
        "securityContext": {
          "runAsNonRoot": true,
          "runAsUser": 1000
        },
        "containers": [
          {
            "name": "web",
            "image": "ghcr.io/example/web:1.4.2",
            "ports": [
              {
                "containerPort": 8080
              }
            ],
            "resources": {
              "requests": {
                "cpu": "100m",
                "memory": "128Mi"
              },
              "limits": {
                "cpu": "500m",
                "memory": "256Mi"
              }
            },
            "readinessProbe": {
              "httpGet": {
                "path": "/ready",
                "port": 8080
              },
              "initialDelaySeconds": 5
            },
            "livenessProbe": {
              "httpGet": {
                "path": "/healthz",
                "port": 8080
              },
              "initialDelaySeconds": 10
            }
          }
        ]
      }
    }
  }
}

AI actions

Documentation

Purpose

Declare a self-healing, horizontally-scalable workload with health checks and resource bounds.

When to use

Deploying a stateless service to a Kubernetes cluster via kubectl apply or a GitOps pipeline.

Required fields

  • apiVersion — apps/v1 for Deployments
  • kind — "Deployment"
  • metadata.name — the Deployment name
  • spec.selector + spec.template — pod selection and template

Optional fields

  • spec.replicas — desired pod count
  • spec.strategy — rolling update parameters
  • resources.requests/limits — scheduling and cgroup bounds
  • livenessProbe / readinessProbe — health checks

Best practices

  • Always set resource requests and limits so the scheduler can bin-pack.
  • Define both liveness and readiness probes.
  • Run as non-root with a restrictive securityContext.

Security considerations

  • Set runAsNonRoot and drop all capabilities unless required.
  • Never bake secrets into the image; mount them from Secrets.
  • Pin image tags by digest in production, not :latest.