This comprehensive Kubernetes implementation guide covers the deployment of a microservices architecture with:
- 1 Frontend (Svelte)
- 4 Microservices (2 Rust Rocket, 2 Spring Boot)
- 1 API Gateway (Nginx)
- Supporting Infrastructure (PostgreSQL, Redis, ELK Stack, Prometheus, Grafana)
All components are deployed within the rbyapp-svc namespace with proper security, networking, and observability.
This repo created as part of my kubernetes learning & practice, for more comprehensive samples/references please refer to official documentations.
┌─────────────────────────────────────────────────────────────┐
│ Internet / Users │
└────────────────────────┬────────────────────────────────────┘
│
┌────▼────┐
│ Ingress │ (TLS/SSL)
└────┬────┘
│
┌────────────────────▼────────────────────┐
│ Nginx Gateway (rbyapp-gateway) │
│ • Rate Limiting │
│ • DDoS Protection │
│ • Request Routing │
└────┬────┬────┬────┬──────────┬──────────┘
│ │ │ │ │
┌────▼──┐ │ │ │ │
│Frontend││ │ │ │
│(Svelte)││ │ │ │
└────────┘│ │ │ │
│ │ │ │
┌─────────▼────▼────▼────┐ │
│ Microservices │ │
│ │ │
│ ┌────────────────────┐ │ │
│ │ Account (Rust) │ │ │
│ │ :8000 │ │ │
│ └────────────────────┘ │ │
│ │ │
│ ┌────────────────────┐ │ │
│ │ Notification(Rust) │ │ │
│ │ :8001 │ │ │
│ └────────────────────┘ │ │
│ │ │
│ ┌────────────────────┐ │ │
│ │ Core (Spring Boot) │ │ │
│ │ :8002 │ │ │
│ └────────────────────┘ │ │
│ │ │
│ ┌────────────────────┐ │ │
│ │ Extra (SpringBoot) │ │ │
│ │ :8003 │ │ │
│ └────────────────────┘ │ │
└────────┬───────────────┘ │
│ │
┌────────▼──────────────────────▼──────┐
│ Data Layer │
│ │
│ ┌────────┐ ┌────────┐ ┌─────────┐ │
│ │Postgres│ │ Redis │ │ Backups │ │
│ │Database│ │ Cache │ │ Storage │ │
│ └────────┘ └────────┘ └─────────┘ │
└──────────────────────────────────────┘
┌──────────────────────────────────────┐
│ Observability Stack │
│ │
│ ┌──────┐ ┌────────┐ ┌──────────┐ │
│ │Prom │ │Grafana │ │ELK/Kibana│ │
│ │etheus│ │ │ │ │ │
│ └──────┘ └────────┘ └──────────┘ │
└──────────────────────────────────────┘All components are isolated with strict network policies:
- Default deny all ingress/egress
- Gateway can receive external traffic
- Services communicate only with authorized peers
- Database access limited to backend services
# Required
- Kubernetes cluster (v1.24+)
- kubectl CLI
- Helm (optional, for templating)
# Cluster access
kubectl cluster-info
kubectl get nodeskubectl get all -n rbyapp-svc| Document | Purpose | Key Topics |
|---|---|---|
| Namespace & RBAC | Foundation setup | Namespace, RBAC, quotas, service accounts |
| Gateway Deployment | API Gateway | Nginx reverse proxy, rate limiting, routing |
| Microservices Deployment | Core services | 4 microservices, deployments, services, HPA |
| Frontend Deployment | Frontend app | Svelte deployment, web server setup |
| Network Policies | Network security | Ingress/egress rules, service isolation |
| Storage & Database | Data persistence | PostgreSQL, Redis, backups, PVC |
| Monitoring & Logging | Observability | Prometheus, Grafana, ELK, alerting |
| Ingress & API Gateway | External access | Ingress, TLS/SSL, certificate management |
| Deployment Strategies | CI/CD & operations | Rolling updates, blue-green, canary, rollback |
# Minimum node requirements
- CPU: 4 cores per node
- Memory: 8Gi per node
- Storage: 100Gi for databases
- Nodes: 3 (for high availability)
# Required Kubernetes versions
- v1.24 or later
- preferably v1.27+
# Add-ons to install
- metrics-server (for HPA)
- ingress-nginx (for external access)
- cert-manager (for SSL/TLS)
- prometheus-operator (for monitoring)# 1. Check cluster prerequisites
kubectl version --short
kubectl get nodes -o wide
# 2. Install metrics-server (if not present)
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
# 3. Install ingress-nginx
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx \
--namespace ingress-nginx --create-namespace
# 4. Install cert-manager
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml
# 5. Install prometheus-operator (optional, for monitoring)
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack \
--namespace monitoring --create-namespace# Start minikube with sufficient resources
minikube start --cpus 4 --memory 8192 --disk-size 50gb
# Enable required addons
minikube addons enable metrics-server
minikube addons enable ingress
# Get minikube IP
minikube ip#!/bin/bash
NAMESPACE="rbyapp-svc"
echo "=== Health Check ==="
# 1. Namespace
echo "1. Checking namespace..."
kubectl get namespace $NAMESPACE
# 2. Pods
echo "2. Checking pods..."
kubectl get pods -n $NAMESPACE
# 3. Services
echo "3. Checking services..."
kubectl get svc -n $NAMESPACE
# 4. Deployments
echo "4. Checking deployments..."
kubectl get deployments -n $NAMESPACE
# 5. StatefulSets
echo "5. Checking StatefulSets..."
kubectl get statefulsets -n $NAMESPACE
# 6. PVCs
echo "6. Checking storage..."
kubectl get pvc -n $NAMESPACE
# 7. Network Policies
echo "7. Checking network policies..."
kubectl get networkpolicies -n $NAMESPACE
# 8. Ingress
echo "8. Checking ingress..."
kubectl get ingress -n $NAMESPACE
# 9. Pod logs
echo "9. Checking pod logs..."
kubectl logs -n $NAMESPACE -l app=rbyapp-gateway --tail=10
# 10. Pod connectivity
echo "10. Testing pod connectivity..."
POD=$(kubectl get pods -n $NAMESPACE -l app=rbyapp-gateway -o jsonpath='{.items[0].metadata.name}')
kubectl exec -n $NAMESPACE $POD -- curl -s http://rbyapp-svc-account:8000/health
echo "✓ Health check complete!"# Test gateway
kubectl exec -n rbyapp-svc deployment/rbyapp-gateway -- curl -s http://localhost:80/health
# Test account service
kubectl exec -n rbyapp-svc deployment/rbyapp-svc-account -- curl -s http://localhost:8000/health
# Test core service
kubectl exec -n rbyapp-svc deployment/rbyapp-svc-core -- curl -s http://localhost:8002/actuator/health
# Test frontend
kubectl exec -n rbyapp-svc deployment/rbyapp-frontend -- curl -s http://localhost:3000/health# Frontend
kubectl port-forward svc/rbyapp-frontend 3000:3000 -n rbyapp-svc
# Visit http://localhost:3000
# Gateway
kubectl port-forward svc/rbyapp-gateway 80:80 -n rbyapp-svc
# Visit http://localhost/health
# Grafana (if deployed)
kubectl port-forward svc/grafana 3001:3000 -n rbyapp-svc
# Visit http://localhost:3001 (admin/prom-operator)
# Kibana (if deployed)
kubectl port-forward svc/kibana 5601:5601 -n rbyapp-svc
# Visit http://localhost:5601# Check pod status
kubectl describe pod <pod-name> -n rbyapp-svc
# Check events
kubectl get events -n rbyapp-svc --sort-by='.lastTimestamp'
# View logs
kubectl logs <pod-name> -n rbyapp-svc# Ensure Docker image is available
docker pull your-registry/rbyapp-svc-core:latest
# Check image pull secrets
kubectl get secrets -n rbyapp-svc | grep dockercfg# Test DNS
kubectl run -it --rm debug --image=busybox:1.28 -n rbyapp-svc -- sh
# Inside container:
nslookup rbyapp-svc-account
wget -O- http://rbyapp-svc-account:8000/health
# Check network policies
kubectl get networkpolicies -n rbyapp-svc# Check PVC status
kubectl get pvc -n rbyapp-svc
# Describe PVC
kubectl describe pvc postgres-data-pvc -n rbyapp-svc
# Check storage class
kubectl get storageclass# Test database connectivity
kubectl exec -it postgres-0 -n rbyapp-svc -- psql -U postgres -c "SELECT 1"
# Check database logs
kubectl logs postgres-0 -n rbyapp-svc
# Verify secrets
kubectl get secret rbyapp-core-secrets -n rbyapp-svc -o jsonpath='{.data.datasource-url}' | base64 -d# Detailed pod information
kubectl get pods -n rbyapp-svc -o wide
# Pod resource usage
kubectl top pods -n rbyapp-svc
# Node resource usage
kubectl top nodes
# Detailed events
kubectl get events -n rbyapp-svc -o wide
# Check HPA status
kubectl get hpa -n rbyapp-svc
kubectl describe hpa rbyapp-gateway-hpa -n rbyapp-svc
# View API server logs
kubectl logs -n kube-system -l component=kube-apiserver
# Describe namespace
kubectl describe namespace rbyapp-svc- Configure CI/CD: Set up ArgoCD or Flux for GitOps
- Setup monitoring: Configure Prometheus scraping and Grafana dashboards
- Enable backups: Implement regular database backups
- Configure logging: Set up centralized logging with ELK or Loki
- Implement security: Add pod security policies and RBAC fine-tuning
- Load testing: Use k6 or Apache Bench for performance testing
- Multi-region setup: Replicate infrastructure across regions for HA
- kubectl cheat sheet
- k9s - Kubernetes CLI terminal UI
- Lens - Kubernetes IDE
- Kubernetes Version: 1.24+
- Documentation Version: 1.0
- Last Updated: January 2026
This documentation is provided as-is