creating-kubernetes-deployments

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Creating Kubernetes Deployments

使用Kubernetes创建Deployment

Generate production-ready Kubernetes manifests with health checks, resource limits, and security best practices.

生成包含健康检查、资源限制和安全最佳实践的生产就绪Kubernetes清单。

Quick Start

快速开始

Basic Deployment + Service

基础Deployment + Service

yaml

undefined

yaml

undefined

deployment.yaml

apiVersion: apps/v1 kind: Deployment metadata: name: my-api labels: app: my-api spec: replicas: 3 selector: matchLabels: app: my-api strategy: type: RollingUpdate rollingUpdate: maxSurge: 25% maxUnavailable: 25% template: metadata: labels: app: my-api spec: containers: - name: my-api image: my-registry/my-api:v1.0.0 ports: - containerPort: 8080 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /readyz port: 8080 initialDelaySeconds: 5 periodSeconds: 5

apiVersion: v1 kind: Service metadata: name: my-api spec: type: ClusterIP selector: app: my-api ports:

port: 80 targetPort: 8080

undefined

apiVersion: apps/v1 kind: Deployment metadata: name: my-api labels: app: my-api spec: replicas: 3 selector: matchLabels: app: my-api strategy: type: RollingUpdate rollingUpdate: maxSurge: 25% maxUnavailable: 25% template: metadata: labels: app: my-api spec: containers: - name: my-api image: my-registry/my-api:v1.0.0 ports: - containerPort: 8080 resources: requests: cpu: 100m memory: 256Mi limits: cpu: 500m memory: 512Mi livenessProbe: httpGet: path: /healthz port: 8080 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /readyz port: 8080 initialDelaySeconds: 5 periodSeconds: 5

apiVersion: v1 kind: Service metadata: name: my-api spec: type: ClusterIP selector: app: my-api ports:

port: 80 targetPort: 8080

undefined

Deployment Strategies

Deployment策略

Strategy	Use Case	Configuration
RollingUpdate	Zero-downtime updates	`maxSurge: 25%` , `maxUnavailable: 25%`
Recreate	Stateful apps, incompatible versions	`type: Recreate`
Blue-Green	Instant rollback	Two deployments, switch Service selector
Canary	Gradual rollout	Multiple deployments with weighted traffic

策略	适用场景	配置
RollingUpdate	零停机更新	`maxSurge: 25%` , `maxUnavailable: 25%`
Recreate	有状态应用、不兼容版本	`type: Recreate`
Blue-Green	即时回滚	两个Deployment，切换Service选择器
Canary	逐步发布	多个Deployment，流量加权分配

Blue-Green Deployment

蓝绿部署

yaml

undefined

yaml

undefined

Blue deployment (current production)

Blue deployment (当前生产环境)

apiVersion: apps/v1 kind: Deployment metadata: name: my-api-blue labels: app: my-api version: blue spec: replicas: 3 selector: matchLabels: app: my-api version: blue template: metadata: labels: app: my-api version: blue spec: containers: - name: my-api image: my-registry/my-api:v1.0.0

Service points to blue

Service指向blue版本

apiVersion: v1 kind: Service metadata: name: my-api spec: selector: app: my-api version: blue # Switch to 'green' for deployment ports:

port: 80 targetPort: 8080

undefined

apiVersion: v1 kind: Service metadata: name: my-api spec: selector: app: my-api version: blue # 切换为'green'完成部署 ports:

port: 80 targetPort: 8080

undefined

Service Types

Service类型

Type	Use Case	Access
ClusterIP	Internal services	`my-api.namespace.svc.cluster.local`
NodePort	Development, debugging	`<NodeIP>:<NodePort>`
LoadBalancer	External traffic (cloud)	Cloud provider LB IP
ExternalName	External service proxy	DNS CNAME

类型	适用场景	访问方式
ClusterIP	内部服务	`my-api.namespace.svc.cluster.local`
NodePort	开发、调试	`<NodeIP>:<NodePort>`
LoadBalancer	外部流量（云环境）	云服务商负载均衡IP
ExternalName	外部服务代理	DNS CNAME

Ingress with TLS

带TLS的Ingress

yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-api-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - api.example.com
    secretName: api-tls-secret
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-api
            port:
              number: 80

yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-api-ingress
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - api.example.com
    secretName: api-tls-secret
  rules:
  - host: api.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-api
            port:
              number: 80

Resource Limits

资源限制

Always set resource requests and limits:

yaml

resources:
  requests:    # Guaranteed resources
    cpu: 100m  # 0.1 CPU core
    memory: 256Mi
  limits:      # Maximum allowed
    cpu: 500m  # 0.5 CPU core
    memory: 512Mi

Workload Type	CPU Request	Memory Request	CPU Limit	Memory Limit
Web API	100m-500m	256Mi-512Mi	500m-1000m	512Mi-1Gi
Worker	250m-1000m	512Mi-1Gi	1000m-2000m	1Gi-2Gi
Database	500m-2000m	1Gi-4Gi	2000m-4000m	4Gi-8Gi

务必设置资源请求和限制：

yaml

resources:
  requests:    # 预留资源
    cpu: 100m  # 0.1核CPU
    memory: 256Mi
  limits:      # 最大允许资源
    cpu: 500m  # 0.5核CPU
    memory: 512Mi

工作负载类型	CPU请求	内存请求	CPU限制	内存限制
Web API	100m-500m	256Mi-512Mi	500m-1000m	512Mi-1Gi
工作节点	250m-1000m	512Mi-1Gi	1000m-2000m	1Gi-2Gi
数据库	500m-2000m	1Gi-4Gi	2000m-4000m	4Gi-8Gi

Health Checks

健康检查

Liveness Probe (Is container running?)

存活探针（容器是否运行？）

yaml

livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
  initialDelaySeconds: 30  # Wait for app startup
  periodSeconds: 10         # Check every 10s
  timeoutSeconds: 5         # Timeout per check
  failureThreshold: 3       # Restart after 3 failures

yaml

livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
  initialDelaySeconds: 30  # 等待应用启动
  periodSeconds: 10         # 每10秒检查一次
  timeoutSeconds: 5         # 单次检查超时时间
  failureThreshold: 3       # 3次失败后重启容器

Readiness Probe (Ready for traffic?)

就绪探针（是否准备好接收流量？）

yaml

readinessProbe:
  httpGet:
    path: /readyz
    port: 8080
  initialDelaySeconds: 5    # Quick check after start
  periodSeconds: 5          # Check every 5s
  successThreshold: 1       # 1 success = ready
  failureThreshold: 3       # Remove from LB after 3 failures

yaml

readinessProbe:
  httpGet:
    path: /readyz
    port: 8080
  initialDelaySeconds: 5    # 启动后快速检查
  periodSeconds: 5          # 每5秒检查一次
  successThreshold: 1       # 1次成功即视为就绪
  failureThreshold: 3       # 3次失败后从负载均衡中移除

Startup Probe (Slow-starting apps)

启动探针（启动缓慢的应用）

yaml

startupProbe:
  httpGet:
    path: /healthz
    port: 8080
  initialDelaySeconds: 0
  periodSeconds: 10
  failureThreshold: 30      # Allow 5 minutes to start (30 * 10s)

yaml

startupProbe:
  httpGet:
    path: /healthz
    port: 8080
  initialDelaySeconds: 0
  periodSeconds: 10
  failureThreshold: 30      # 允许5分钟启动时间（30 * 10秒）

Horizontal Pod Autoscaler

水平Pod自动扩缩容（HPA）

yaml

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: my-api-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: my-api
  minReplicas: 2
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80
  behavior:
    scaleDown:
      stabilizationWindowSeconds: 300  # Wait 5min before scale down

yaml

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: my-api-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: my-api
  minReplicas: 2
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80
  behavior:
    scaleDown:
      stabilizationWindowSeconds: 300  # 缩容前等待5分钟

ConfigMaps and Secrets

ConfigMap与Secret

ConfigMap (Non-sensitive config)

ConfigMap（非敏感配置）

yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-api-config
data:
  LOG_LEVEL: "info"
  API_ENDPOINT: "https://api.example.com"
  config.yaml: |
    server:
      port: 8080
    features:
      enabled: true

yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: my-api-config
data:
  LOG_LEVEL: "info"
  API_ENDPOINT: "https://api.example.com"
  config.yaml: |
    server:
      port: 8080
    features:
      enabled: true

Secret (Sensitive data - base64 encoded)

Secret（敏感数据 - base64编码）

yaml

apiVersion: v1
kind: Secret
metadata:
  name: my-api-secrets
type: Opaque
data:
  API_KEY: YXBpLWtleS1oZXJl          # echo -n "api-key-here" | base64
  DATABASE_URL: cG9zdGdyZXM6Ly8uLi4=  # echo -n "postgres://..." | base64

yaml

apiVersion: v1
kind: Secret
metadata:
  name: my-api-secrets
type: Opaque
data:
  API_KEY: YXBpLWtleS1oZXJl          # echo -n "api-key-here" | base64
  DATABASE_URL: cG9zdGdyZXM6Ly8uLi4=  # echo -n "postgres://..." | base64

Using in Deployment

在Deployment中使用

yaml

spec:
  containers:
  - name: my-api
    envFrom:
    - configMapRef:
        name: my-api-config
    - secretRef:
        name: my-api-secrets
    volumeMounts:
    - name: config-volume
      mountPath: /app/config
  volumes:
  - name: config-volume
    configMap:
      name: my-api-config

yaml

spec:
  containers:
  - name: my-api
    envFrom:
    - configMapRef:
        name: my-api-config
    - secretRef:
        name: my-api-secrets
    volumeMounts:
    - name: config-volume
      mountPath: /app/config
  volumes:
  - name: config-volume
    configMap:
      name: my-api-config

Instructions

操作步骤

Gather Requirements
- Application name, container image, port
- Replica count and resource requirements
- Health check endpoints
- External access requirements (Ingress/LoadBalancer)
Generate Base Manifests
- Create Deployment with resource limits and probes
- Create Service (ClusterIP for internal, LoadBalancer for external)
- Add ConfigMap for configuration
- Add Secret for sensitive data
Add Production Features
- Configure Ingress with TLS if external access needed
- Add HPA for auto-scaling
- Add NetworkPolicy for security
- Add PodDisruptionBudget for availability

Validate and Apply

bash

# Validate manifests
kubectl apply -f manifests/ --dry-run=server

# Apply to cluster
kubectl apply -f manifests/

# Watch rollout
kubectl rollout status deployment/my-api

收集需求
- 应用名称、容器镜像、端口
- 副本数量和资源需求
- 健康检查端点
- 外部访问需求（Ingress/LoadBalancer）
生成基础清单
- 创建包含资源限制和探针的Deployment
- 创建Service（ClusterIP用于内部，LoadBalancer用于外部）
- 添加ConfigMap存储配置
- 添加Secret存储敏感数据
添加生产环境特性
- 如需外部访问，配置带TLS的Ingress
- 添加HPA实现自动扩缩容
- 添加NetworkPolicy增强安全性
- 添加PodDisruptionBudget保障可用性

验证并应用

bash

# 验证清单
kubectl apply -f manifests/ --dry-run=server

# 应用到集群
kubectl apply -f manifests/

# 查看发布状态
kubectl rollout status deployment/my-api

Error Handling

错误处理

See

{baseDir}/references/errors.md

for comprehensive troubleshooting.

Error	Quick Fix
ImagePullBackOff	Check image name, tag, registry credentials
CrashLoopBackOff	Check logs: `kubectl logs <pod>`
OOMKilled	Increase memory limits
Pending	Check resources: `kubectl describe pod <pod>`

查看

{baseDir}/references/errors.md

获取完整故障排除指南。

错误	快速修复
ImagePullBackOff	检查镜像名称、标签、仓库凭证
CrashLoopBackOff	查看日志： `kubectl logs <pod>`
OOMKilled	增加内存限制
Pending	检查资源： `kubectl describe pod <pod>`

Examples

示例

See

{baseDir}/references/examples.md

for detailed walkthroughs.

查看

{baseDir}/references/examples.md

获取详细操作指南。

Resources

资源

Kubernetes documentation: https://kubernetes.io/docs/
kubectl reference: https://kubernetes.io/docs/reference/kubectl/
Templates in
```
{baseDir}/assets/
```
Scripts in
```
{baseDir}/scripts/
```

Kubernetes官方文档: https://kubernetes.io/docs/
kubectl参考文档: https://kubernetes.io/docs/reference/kubectl/
模板位于
```
{baseDir}/assets/
```
脚本位于
```
{baseDir}/scripts/
```