Kubernetes Deployment: Keeping Your Application Secure in Times of Change

Vijay BelwalVijay Belwal
4 min read

Let’s say your app is running beautifully in production.

✅ Users are happy ✅ Logs are clean ✅ Revenue is climbing

Now... imagine you have to upgrade the app. New version just dropped. Do you just delete pods and redeploy?

Of course not. You're not trying to throw your users off a cliff mid-scroll.

This is where Deployment enters—not as a YAML config, but as your app’s guardian angel during change.


What You Really Want from a Production Setup

Running a production-grade app isn’t just about getting it live. It’s about staying live even when things change.

Here’s what you need to make that happen:

  1. Multiple replicas of your app (because 1 pod is a SPOF—single point of failure).

  2. Smooth upgrades when you release new versions (users shouldn’t even notice).

  3. Ability to undo instantly when something breaks (you shouldn’t panic).

  4. Batching changes together for complex updates (change, test, then resume confidently).

A pod can’t do this. A ReplicaSet can only ensure pod count. But a Deployment? That’s the orchestrator. The captain.


Let’s Talk Deployment (And Why It’s a Level Up)

You know that scene where the lead character enters in slow motion while everything else freezes?

That’s Deployment walking in above ReplicaSet.

  • It doesn’t replace ReplicaSet—it uses it.

  • But it adds intelligence: how to roll out, how to roll back, when to pause, when to resume.

Here’s a sample deployment definition file:

apiVersion: apps/v1              # Use the apps API group—Deployment is part of this group
kind: Deployment                 # This is the type of object you're creating
metadata:
  name: myapp-deployment         # Name of your deployment (can be anything)
  labels:
    env: prod                    # Labels for organizing and filtering (optional but useful)
spec:
  replicas: 3                    # How many pod replicas you want at any time
  selector:                      # How Deployment finds and manages its pods
    matchLabels:
      app: myapp                 # Must match the labels in the pod template below
  strategy:                      # Strategy for updating pods
    type: RollingUpdate          # Default type, can also be Recreate
    rollingUpdate:
      maxSurge: 1                # How many extra pods can be created during update
      maxUnavailable: 1          # How many pods can be unavailable during update
  revisionHistoryLimit: 10       # How many old ReplicaSets to keep for rollback
  minReadySeconds: 5             # Pod must be ready for this many seconds before marked "available"
  progressDeadlineSeconds: 600   # Max time allowed for Deployment to progress
  template:                      # The actual pod spec (template used by RS to create pods)
    metadata:
      labels:
        app: myapp               # Must match the selector
    spec:
      containers:
        - name: myapp-container
          image: myapp:v1        # Your application image
          ports:
            - containerPort: 80  # Expose container port
          resources:             # (Optional) Define resource limits for better control
            requests:
              cpu: "100m"
              memory: "200Mi"
            limits:
              cpu: "500m"
              memory: "500Mi"
          env:                   # (Optional) Set environment variables for your container
            - name: ENV
              value: production

The only real difference from a ReplicaSet YAML? You’re defining kind: Deployment, and Kubernetes will internally create ReplicaSets to match versions. You don’t manage RS anymore—Deployment does that for you.


Rolling Updates: No More "Oops"

When you run kubectl apply -f deployment-definition.yml with a new image version, Kubernetes doesn’t delete all old pods and bring in new ones. That’s a recipe for downtime.

Instead, it gradually shifts traffic:

  1. Spins up a few new pods with the new image.

  2. Waits for them to be healthy.

  3. Shuts down old pods, step by step.

This ensures:

  • Users don’t see outages.

  • Errors in new version can be caught early.

  • You remain cool under pressure.


Something Broke? Rollback.

One command. That’s it:

kubectl rollout undo deployment myapp-deployment

Boom—you’re back to the last working version.

Because Deployment remembers previous ReplicaSets. It’s your app’s version control in the cluster.


⏸️ Pause, Change, Resume

Let’s say you need to:

  • Upgrade server version

  • Increase CPU/memory limits

  • Scale to more replicas

But you want all changes to be rolled out together—not piecemeal.

That’s where pause/resume comes in:

kubectl rollout pause deployment myapp-deployment
# make all your changes (edit YAML, scale, update image etc.)
kubectl apply -f deployment-definition.yml
kubectl rollout resume deployment myapp-deployment

It’s like telling Kubernetes:

“Don’t do anything yet—I’m cooking something. I’ll let you know when I’m done.”


📦 Deployments Use Everything You’ve Learned So Far

  • Pods: to run the actual container

  • ReplicaSet: to manage pod count & health

  • Deployment: to manage time, change, and stability

It’s the hierarchy that makes your cluster not just powerful—but resilient.


🧪 Try It Yourself

# Create deployment
kubectl create -f deployment-definition.yml

# Check deployment
kubectl get deployment

# Check RS created by deployment
kubectl get replicaset

# Check pods
kubectl get pods

# Check everything
kubectl get all

# Rollback if needed
kubectl rollout undo deployment myapp-deployment

# Pause & resume
kubectl rollout pause deployment myapp-deployment
kubectl apply -f deployment-definition.yml
kubectl rollout resume deployment myapp-deployment

TL;DR

Deployment is not just a Kubernetes object. It’s your production deployment strategy. It protects your uptime, manages rollouts, undoes mistakes, and lets you evolve confidently.

You can build an app without it. But if you want to operate one?

Deployment is the way.

0
Subscribe to my newsletter

Read articles from Vijay Belwal directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Vijay Belwal
Vijay Belwal