Deployments: Self-Healing at Scale

Delete the Pod you created in Chapter 4:

Output:

Now check if it came back:

Output:

It didn't come back. That's the problem with bare Pods—they're mortal. Delete one, it's gone forever. Your application is down until you manually recreate it.

Deployments fix this. A Deployment is a manager that continuously monitors your Pods and ensures the desired count always exists. Delete a Pod? The Deployment creates a replacement. Node crashes? Pods get rescheduled elsewhere. This chapter teaches you to declare WHAT you want (3 replicas of your agent), and let Kubernetes handle HOW to maintain it.

---

The Problem with Direct Pod Deployment

Direct Pod deployment is like hiring workers without a manager. You manage each worker individually:

• Worker 1 quits? Hire someone new.
• Need more workers? Interview and hire each one.
• Want to update their uniforms? Replace each worker one at a time.

This manual approach doesn't scale.

Why Pods Are Ephemeral

Recall from Chapter 4 that Pods are the smallest deployable unit in Kubernetes. But Pods have a critical limitation: they are designed to be ephemeral (temporary).

A Pod can be deleted, evicted, or crash at any time:

If you deploy a Pod directly with kubectl run hello --image=nginx, and the Pod crashes, Kubernetes does NOT automatically create a new Pod. That container is gone. Your service is down.

The Analogy: Deployment as Manager

A Deployment is a manager that guarantees a desired state:

The manager runs continuously, observing reality and fixing mismatches. This is Kubernetes' declarative model in action.

---

The Deployment Abstraction: A Hierarchy

Deployments don't directly manage Pods. They use an intermediate abstraction called a ReplicaSet.

Why This Hierarchy?

The hierarchy allows different responsibilities:

• A Deployment owns ReplicaSets
• Each ReplicaSet owns multiple Pods
• When you update a Deployment's image version, it creates a NEW ReplicaSet with new Pods, leaving the old ReplicaSet in place (for rollbacks)

---

Creating Your First Deployment

Let's create a Deployment manifest for a simple nginx service.

Deployment YAML Structure

Output: (This is just the manifest structure; we'll apply it next)

Understanding Each Field

Important: The labels in template.metadata.labels MUST match the selector in selector.matchLabels. If they don't match, Kubernetes can't find the Pods, and the Deployment creates an infinite number of new Pods trying to satisfy the replicas requirement.

---

Deploying and Verifying

Save the manifest above as deployment.yaml and deploy it:

Output:

Check the Deployment status:

Output:

What each column means:

Check the Pods created by this Deployment:

Output:

Notice the Pod names: hello-deployment-[ReplicaSet-hash]-[random-id]. The ReplicaSet is embedded in the name.

Check the ReplicaSet:

Output:

The ReplicaSet hello-deployment-7d4b8c9f5 is responsible for ensuring 3 Pods exist.

---

Self-Healing in Action

Now demonstrate Kubernetes' self-healing. Intentionally delete one Pod:

Output:

Wait a few seconds, then check Pods again:

Output:

What happened:

1. You deleted Pod abc12
2. Kubernetes' ReplicaSet controller detected: "I should have 3 Pods, but I only have 2"
3. It immediately created a new Pod xyzab (timestamp: 5 seconds ago)
4. The Deployment still shows 3/3 ready replicas

This is self-healing: Kubernetes automatically recovers from Pod failures without human intervention.

---

Scaling Deployments

Increase the replica count from 3 to 5:

Output:

Check the result:

Output:

Check Pods:

Output:

Two new Pods (timestamps: 10 seconds ago) were created to reach 5 replicas.

Scale back down:

Output:

Kubernetes will terminate 2 Pods gracefully.

---

Rolling Updates: Upgrading Your Application

Your application needs to upgrade from nginx 1.24 to nginx 1.25. Update the image:

Output:

Watch the rollout:

Output:

What Kubernetes did:

1. Created a new ReplicaSet with image nginx:1.25
2. Started a new Pod with the new image
3. Once the new Pod was ready, terminated an old Pod
4. Repeated until all 3 Pods were running nginx 1.25
5. Left the old ReplicaSet in place (for rollback)

Check the ReplicaSets:

Output:

The old ReplicaSet has 0 desired replicas (no Pods). The new ReplicaSet has 3 Pods running.

---

Rollback: Recovering from Failed Updates

If the update introduced a bug and the new version doesn't work, rollback immediately:

Output:

Kubernetes:

1. Recreates the old ReplicaSet with nginx 1.24
2. Scales down the new ReplicaSet
3. Your Pods are back on the stable version

Check status:

Output:

View the history of updates:

Output:

Each revision is a ReplicaSet. You can even rollback to a specific revision:

---

The Declarative Model at Work

Reflect on what happened:

You never said HOW. You declared WHAT you wanted, and Kubernetes' controllers continuously worked to achieve that state.

This is the power of Kubernetes: declare your desired state, and Kubernetes keeps you there.

---

Key Concepts Summary

---

Try With AI

Open a terminal and work through these scenarios with an AI assistant's help:

Scenario 1: Design a Deployment

Your task: Create a Deployment manifest for a Python Flask application that:

• Runs 2 replicas
• Uses image myregistry.azurecr.io/flask-app:v2.1
• Exposes port 5000
• Requires 256Mi memory and 250m CPU

Ask AI: "Create a Deployment manifest for a Flask app with these requirements: [list your requirements]"

Review AI's response:

• Does the replica count match your requirement (2)?
• Is the port correct (5000)?
• Are resource limits set correctly?
• Are labels and selectors consistent?

Tell AI your constraints: "The image needs to be pulled with a secret called my-registry-secret because it's in a private registry."

Ask AI: "Update the manifest to handle the private registry secret."

Reflection:

• What changed in the manifest?
• Why is imagePullSecrets needed for private registries?
• Could you deploy this immediately, or do other prerequisites exist?

Scenario 2: Troubleshoot a Deployment

Your task: You deployed a Deployment, but kubectl get deployments shows 0/3 READY. The manifest looks correct, but Pods aren't running.

Ask AI: "I deployed a Deployment for my app, but the READY status shows 0/3. What could be wrong?"

AI might suggest checking:

• Pod status with kubectl describe pod
• Container logs with kubectl logs
• Events with kubectl get events

Ask: "Show me the exact commands I should run to diagnose this."

Reflection:

• What troubleshooting steps did AI suggest?
• Which command would tell you if the image pull failed?
• What would you look for in Pod events to diagnose the issue?

Scenario 3: Plan a Zero-Downtime Update

Your task: You need to update your Deployment from version 1.0 to 2.0, but the service cannot have downtime. You're unsure about the rolling update strategy.

Ask AI: "Explain the rolling update process. I have 3 replicas—walk me through exactly what happens when I update the image."

AI should explain:

1. New ReplicaSet created
2. One Pod replaced at a time (default MaxSurge/MaxUnavailable)
3. Health checks before continuing
4. Old ReplicaSet retained for rollback

Ask: "What happens if the new version has a bug and Pods crash? How do I recover?"

Reflection:

• Did AI's explanation match the commands you ran earlier?
• What's the advantage of retaining the old ReplicaSet?
• How quickly can you rollback if needed?

---

Reflect on Your Skill

You built a kubernetes-deployment skill in Chapter 0. Test and improve it based on what you learned.

Test Your Skill

Identify Gaps

Ask yourself:

• Did my skill include the Deployment → ReplicaSet → Pod hierarchy?
• Did it explain rolling updates and how Kubernetes creates new ReplicaSets for version changes?
• Did it cover rollback using kubectl rollout undo?
• Did it explain self-healing (automatic Pod replacement when deleted)?

Improve Your Skill

If you found gaps: