Kubernetes Deployment Strategies Guide 🚀

Recreate and Rolling Update Deployments in Kubernetes

Recreate Strategy 🔄

• Old containers are all deleted first.
• New containers get up after the previous ones are deleted.
• Will face downtime.

Rolling Update Strategy (Default) 🔄

• One by one, an old container is deleted and a new one is created at the same time.
• Ensures zero downtime.

Deployment and Rollback Commands

To deploy:

kubectl apply -f deployment.yaml

To rollback:

kubectl rollout undo deployment/<deployment-name>

To view the history of deployments:

kubectl rollout history deployment/<deployment-name>

CMD & Entrypoint / Command & Args

Environment Variables / Config Maps / Secrets

Config Maps 🌐

Used to store environment variables using a definition file.

• To get or describe a ConfigMap:

kubectl get configmap/cm
kubectl describe configmap/cm

• To attach a ConfigMap to a pod (using its name):

envFrom:
  - configMapRef:
      name: <config-map-name>

Secrets 🔒

Used to store sensitive information (user/password).

• In Secrets, variables can be stored in an encoded format.

To encode secrets data in base64:

echo -n 'my-secret-data' | base64

• To get or describe a Secret:

kubectl get secrets
kubectl describe secrets my-secret
kubectl get secrets -o yaml

To decode base64 encoded values for a secret:

echo 'encoded-secret' | base64 --decode

• To attach Secrets to a pod YAML file (using its name):

envFrom:
  - secretRef:
      name: <secret-name>

Other Ways to Handle Secrets

• Secret Manager in AWS/Azure/GCP or any vault (encrypted).
• Helm Secrets and HashiCorp Vault for handling sensitive data.

ETCD Encryption (Data at Rest) 🔐

Multi-Container Pods 🐙

Init Containers ⏳

• When a pod is first created, the init container runs.

• The process in the init container must complete before the main container starts.

• Multiple init containers can be configured to run sequentially.

• If an init container fails, Kubernetes restarts the pod repeatedly until the init container succeeds.

• Note: Init containers don't show in the output of kubectl get pods.

To get logs of an init container:

kubectl logs <podname> -c <initContainer-name>

Liveness and Readiness Probes

• Liveness and readiness probes are not required for the CKA exam, but are crucial for production environments.

References 📚

• Kubernetes Deployment Strategies (opens in a new tab)
• Managing Secrets (opens in a new tab)
• Init Containers (opens in a new tab)