Section 2: Section 3: Deploying to Kubernetes
Overview:
Now that you’ve pulled (or mirrored) the cryptonets-api image, it’s time to deploy it into your Kubernetes cluster. This section walks you through creating a secure and scalable Kubernetes deployment using:
- Secrets or ConfigMaps for environment configuration
- A hardened deployment.yaml with:
- Resource requests and limits
- Health checks (readiness and liveness probes)
- Registry credentials (optional)
- Options for horizontal pod autoscaling for load resilience
The goal: a stateless, repeatable, and robust container deployment ready for staging or production traffic.
Step 3.1: Define Environment Variables with Secrets or ConfigMaps
Your application requires two values to run:
- mongo_uri (connection string to MongoDB Atlas)
- REDIS_HOST (hostname or IP of the Redis service)
If either of these contains credentials or tokens, use a Kubernetes Secret. Otherwise, a ConfigMap will suffic
Option A: Using a Kubernetes Secret (recommended)
kubectl create secret generic app-env \
--from-literal=mongo_uri='mongodb+srv://user:pass@cluster.mongodb.net/db' \
--from-literal=REDIS_HOST='redis-cluster.example.com'
Option B: Using a ConfigMap (for non-sensitive values)
kubectl create configmap app-env \
--from-literal=mongo_uri='mongodb://localhost:27017' \
--from-literal=REDIS_HOST='localhost'
Tip: If you're using GitOps (e.g., ArgoCD or Flux), you can define these as declarative YAML manifests. For production, consider sealed secrets or integrating with a cloud key manager.
Step 3.2: Create the deployment.yaml
Here is a production-ready deployment manifest with:
- Readiness & liveness probes
- Resource constraints
- Secure environment injection
- Optional support for private registries
apiVersion: apps/v1
kind: Deployment
metadata:
name: privateid-api
labels:
app: privateid-api
spec:
replicas: 2 # Run 2 pods for high availability
selector:
matchLabels:
app: privateid-api
template:
metadata:
labels:
app: privateid-api
spec:
containers:
- name: cryptonets-api
image: <your-registry>/<image-name>:<tag>
ports:
- containerPort: 8080
env:
- name: mongo_uri
valueFrom:
secretKeyRef: # Change to configMapRef if using ConfigMap
name: app-env
key: mongo_uri
- name: REDIS_HOST
valueFrom:
secretKeyRef:
name: app-env
key: REDIS_HOST
resources:
limits:
memory: "512Mi"
cpu: "500m"
requests:
memory: "256Mi"
cpu: "250m"
readinessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /health
port: 8080
initialDelaySeconds: 30
periodSeconds: 10
# Optional: imagePullSecrets for private registries
imagePullSecrets:
- name: regcred
Customization Tips:
- Replace "your-registry"/"image-name":"tag" with your actual image path.
- Tune resource limits based on performance testing.
- For production, consider replicas: 3 or more and add affinity/tolerations if needed.
Step 3.3: Apply the Deployment
Use kubectl to deploy the application:
kubectl apply -f deployment.yaml
Verify rollout:
kubectl rollout status deployment/privateid-api
kubectl get pods
Optional: Enable Horizontal Pod Autoscaling (HPA)
To make your deployment responsive to real-time load, configure HPA:
kubectl autoscale deployment privateid-api \
--cpu-percent=60 \
--min=2 \
--max=10
This automatically increases or decreases the number of pods based on CPU usage.
✅ Your PrivateID API is now securely deployed with autoscaling and observability hooks.