Advanced Topics

sections in this doc
Note: This page assumes that you’re familiar with core Kubernetes concepts, and are comfortable deploying your own apps. If not, you should review the Intermediate App Developer topics first.

After checking out the current page and its linked sections, you should have a better understanding of the following: * Advanced features that you can leverage in your application * The various ways of extending the Kubernetes API

Deploy an application with advanced features

Now you know the set of API objects that Kubernetes provides. Understanding the difference between a DaemonSetEnsures a copy of a Pod is running across a set of nodes in a cluster. and a DeploymentAn API object that manages a replicated application. is oftentimes sufficient for app deployment. That being said, it’s also worth familiarizing yourself with Kubernetes’s lesser known features. They can be quite powerful when applied to the right use cases.

Container-level features

As you may know, it’s an antipattern to migrate an entire app (e.g. containerized Rails app, MySQL database, and all) into a single Pod. That being said, there are some very useful patterns that go beyond a 1:1 correspondence between a container and its Pod:

Pod configuration

Usually, you use labelsTags objects with identifying attributes that are meaningful and relevant to users. and annotationsA key-value pair that is used to attach arbitrary non-identifying metadata to objects. to attach metadata to your resources. To inject data into your resources, you’d likely create ConfigMapsAn API object used to store non-confidential data in key-value pairs. Can be consumed as environment variables, command-line arguments, or config files in a volume. (for nonconfidential data) or SecretsStores sensitive information, such as passwords, OAuth tokens, and ssh keys. (for confidential data).

Below are some other, lesser-known ways of configuring your resources’ Pods:

  • Taints and Tolerations - These provide a way for nodes to “attract” or “repel” your Pods. They are often used when an application needs to be deployed onto specific hardware, such as GPUs for scientific computing. Read more.
  • Downward API - This allows your containers to consume information about themselves or the cluster, without being overly coupled to the Kubernetes API server. This can be achieved with environment variables or DownwardAPIVolumeFiles.
  • Pod Presets - Normally, to mount runtime requirements (such as environmental variables, ConfigMaps, and Secrets) into a resource, you specify them in the resource’s configuration file. PodPresets allow you to dynamically inject these requirements instead, when the resource is created. For instance, this allows team A to mount any number of new Secrets into the resources created by teams B and C, without requiring action from B and C. See an example.

Additional API Objects

Note: Before setting up the following resources, check to see if they are the responsibility of your organization’s cluster operatorsA person who configures, controls, and monitors clusters. .

Extend the Kubernetes API

Kubernetes is designed with extensibility in mind. If the API resources and features mentioned above are not enough for your needs, there are ways to customize its behavior without having to modify core Kubernetes code.

Understand Kubernetes’s default behavior

Before making any customizations, it’s important that you understand the general abstraction behind Kubernetes API objects. Although Deployments and Secrets may seem quite different, the following concepts are true for any object:

  • Kubernetes objects are a way of storing structured data about your cluster. In the case of Deployments, this data represents desired state (such as “How many replicas should be running?”), but it can also be general metadata (such as database credentials).
  • Kubernetes objects are modified via the Kubernetes APIThe application that serves Kubernetes functionality through a RESTful interface and stores the state of the cluster. . In other words, you can make GET and POST requests to a specific resource path (such as <api-server-url>/api/v1/namespaces/default/deployments) to read and write the corresponding object type.
  • By leveraging the Controller pattern, Kubernetes objects can be used to enforce desired state. For simplicity, you can think of the Controller pattern as the following continuous loop:

1. Check current state (number of replicas, container image, etc) 2. Compare current state to desired state 3. Update if there’s a mismatch

These states are obtained from the Kubernetes API.

Note: Not all Kubernetes objects need to have a Controller. Though Deployments trigger the cluster to make state changes, ConfigMaps act purely as storage.

Create Custom Resources

Based on the ideas above, you can define a new Custom Resource that is just as legitimate as a Deployment. For example, you might want to define a Backup object for periodic backups, if CronJobs don’t provide all the functionality you need.

There are two main ways of setting up custom resources: 1. Custom Resource Definitions (CRDs) - This method requires the least amount of implementation work. See an example. 2. API aggregation - This method requires some pre-configuration before you actually set up a separate, extension API server.

Note that unlike standard Kubernetes objects, which rely on the built-in kube-controller-manager, you’ll need to write and run your own custom controllers.

You may also find the following info helpful: * How to know if custom resources are right for your use case * How to decide between CRDs and API aggregation

Service Catalog

If you want to consume or provide complete services (rather than individual resources), Service CatalogAn extension API that enables applications running in Kubernetes clusters to easily use external managed software offerings, such as a datastore service offered by a cloud provider. provides a specification for doing so. These services are registered using Service BrokersAn endpoint for a set of Managed Services offered and maintained by a third-party. (see some examples).

If you do not have a cluster operatorA person who configures, controls, and monitors clusters. to manage the installation of Service Catalog, you can do so using Helm or an installer binary.

Explore additional resources


The following topics are also useful for building more complex applications:

What’s next

Congrats on completing the Application Developer user journey! You’ve covered the majority of features that Kubernetes has to offer. What now?