Kubernetes Pod and Deployment manifests

Ryan Nakamura Feb 2026
2 tabs
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  namespace: production
  labels:
    app: web-app
    version: v1.2.0
    team: platform
  annotations:
    kubernetes.io/change-cause: "Deploy v1.2.0 - added caching"
spec:
  replicas: 3
  revisionHistoryLimit: 5
  selector:
    matchLabels:
      app: web-app
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    metadata:
      labels:
        app: web-app
        version: v1.2.0
    spec:
      serviceAccountName: web-app-sa
      terminationGracePeriodSeconds: 30
      securityContext:
        runAsNonRoot: true
        runAsUser: 1000
        fsGroup: 1000
      containers:
        - name: web-app
          image: registry.example.com/web-app:1.2.0
          ports:
            - name: http
              containerPort: 3000
              protocol: TCP
          env:
            - name: NODE_ENV
              value: "production"
            - name: DATABASE_URL
              valueFrom:
                secretKeyRef:
                  name: web-app-secrets
                  key: database-url
            - name: REDIS_URL
              valueFrom:
                configMapKeyRef:
                  name: web-app-config
                  key: redis-url
          resources:
            requests:
              cpu: 250m
              memory: 256Mi
            limits:
              cpu: 500m
              memory: 512Mi
          readinessProbe:
            httpGet:
              path: /health/ready
              port: http
            initialDelaySeconds: 5
            periodSeconds: 10
            timeoutSeconds: 3
            failureThreshold: 3
          livenessProbe:
            httpGet:
              path: /health/live
              port: http
            initialDelaySeconds: 15
            periodSeconds: 20
            timeoutSeconds: 3
            failureThreshold: 3
          lifecycle:
            preStop:
              exec:
                command: ["/bin/sh", "-c", "sleep 5"]
          volumeMounts:
            - name: config-volume
              mountPath: /app/config
              readOnly: true
            - name: tmp-volume
              mountPath: /tmp
      volumes:
        - name: config-volume
          configMap:
            name: web-app-config
        - name: tmp-volume
          emptyDir: {}
      topologySpreadConstraints:
        - maxSkew: 1
          topologyKey: kubernetes.io/hostname
          whenUnsatisfiable: DoNotSchedule
          labelSelector:
            matchLabels:
              app: web-app
2 files · yaml, bash Explain with highlit

Kubernetes orchestrates containerized workloads at scale. A Pod is the smallest deployable unit, wrapping one or more containers. Deployments manage Pod replicas with declarative updates and rollbacks. The spec.replicas field sets desired Pod count. spec.selector.matchLabels links Deployments to Pods. Container specs define image, ports, resources (requests and limits), and env variables. readinessProbe and livenessProbe ensure healthy routing and automatic restarts. The strategy field controls rolling updates—maxSurge and maxUnavailable tune rollout speed. Resource requests guarantee scheduling, while limits cap usage. Labels and annotations organize and describe resources. Use kubectl apply -f for declarative management.