Kubernetes Deployment: Keeping Your Application Secure in Times of Change
Vijay Belwal
Let’s say your app is running beautifully in production.
✅ Users are happy ✅ Logs are clean ✅ Revenue is climbing
Now... imagine you have to upgrade the app. New version just dropped. Do you just delete pods and redeploy?
Of course not. You're not trying to throw your users off a cliff mid-scroll.
This is where Deployment enters—not as a YAML config, but as your app’s guardian angel during change.
What You Really Want from a Production Setup
Running a production-grade app isn’t just about getting it live. It’s about staying live even when things change.
Here’s what you need to make that happen:
Multiple replicas of your app (because 1 pod is a SPOF—single point of failure).
Smooth upgrades when you release new versions (users shouldn’t even notice).
Ability to undo instantly when something breaks (you shouldn’t panic).
Batching changes together for complex updates (change, test, then resume confidently).
A pod can’t do this. A ReplicaSet can only ensure pod count. But a Deployment? That’s the orchestrator. The captain.
Let’s Talk Deployment (And Why It’s a Level Up)
You know that scene where the lead character enters in slow motion while everything else freezes?
That’s Deployment walking in above ReplicaSet.
It doesn’t replace ReplicaSet—it uses it.
But it adds intelligence: how to roll out, how to roll back, when to pause, when to resume.
Here’s a sample deployment definition file:
apiVersion: apps/v1 # Use the apps API group—Deployment is part of this group
kind: Deployment # This is the type of object you're creating
metadata:
name: myapp-deployment # Name of your deployment (can be anything)
labels:
env: prod # Labels for organizing and filtering (optional but useful)
spec:
replicas: 3 # How many pod replicas you want at any time
selector: # How Deployment finds and manages its pods
matchLabels:
app: myapp # Must match the labels in the pod template below
strategy: # Strategy for updating pods
type: RollingUpdate # Default type, can also be Recreate
rollingUpdate:
maxSurge: 1 # How many extra pods can be created during update
maxUnavailable: 1 # How many pods can be unavailable during update
revisionHistoryLimit: 10 # How many old ReplicaSets to keep for rollback
minReadySeconds: 5 # Pod must be ready for this many seconds before marked "available"
progressDeadlineSeconds: 600 # Max time allowed for Deployment to progress
template: # The actual pod spec (template used by RS to create pods)
metadata:
labels:
app: myapp # Must match the selector
spec:
containers:
- name: myapp-container
image: myapp:v1 # Your application image
ports:
- containerPort: 80 # Expose container port
resources: # (Optional) Define resource limits for better control
requests:
cpu: "100m"
memory: "200Mi"
limits:
cpu: "500m"
memory: "500Mi"
env: # (Optional) Set environment variables for your container
- name: ENV
value: production
The only real difference from a ReplicaSet YAML? You’re defining
kind: Deployment, and Kubernetes will internally create ReplicaSets to match versions. You don’t manage RS anymore—Deployment does that for you.
Rolling Updates: No More "Oops"
When you run kubectl apply -f deployment-definition.yml with a new image version, Kubernetes doesn’t delete all old pods and bring in new ones. That’s a recipe for downtime.
Instead, it gradually shifts traffic:
Spins up a few new pods with the new image.
Waits for them to be healthy.
Shuts down old pods, step by step.
This ensures:
Users don’t see outages.
Errors in new version can be caught early.
You remain cool under pressure.
Something Broke? Rollback.
One command. That’s it:
kubectl rollout undo deployment myapp-deployment
Boom—you’re back to the last working version.
Because Deployment remembers previous ReplicaSets. It’s your app’s version control in the cluster.
⏸️ Pause, Change, Resume
Let’s say you need to:
Upgrade server version
Increase CPU/memory limits
Scale to more replicas
But you want all changes to be rolled out together—not piecemeal.
That’s where pause/resume comes in:
kubectl rollout pause deployment myapp-deployment
# make all your changes (edit YAML, scale, update image etc.)
kubectl apply -f deployment-definition.yml
kubectl rollout resume deployment myapp-deployment
It’s like telling Kubernetes:
“Don’t do anything yet—I’m cooking something. I’ll let you know when I’m done.”
📦 Deployments Use Everything You’ve Learned So Far
Pods: to run the actual container
ReplicaSet: to manage pod count & health
Deployment: to manage time, change, and stability
It’s the hierarchy that makes your cluster not just powerful—but resilient.
🧪 Try It Yourself
# Create deployment
kubectl create -f deployment-definition.yml
# Check deployment
kubectl get deployment
# Check RS created by deployment
kubectl get replicaset
# Check pods
kubectl get pods
# Check everything
kubectl get all
# Rollback if needed
kubectl rollout undo deployment myapp-deployment
# Pause & resume
kubectl rollout pause deployment myapp-deployment
kubectl apply -f deployment-definition.yml
kubectl rollout resume deployment myapp-deployment
TL;DR
Deployment is not just a Kubernetes object. It’s your production deployment strategy. It protects your uptime, manages rollouts, undoes mistakes, and lets you evolve confidently.
You can build an app without it. But if you want to operate one?
Deployment is the way.
Subscribe to my newsletter
Read articles from Vijay Belwal directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by