Kubernetes Advanced Patterns: Building Production-Ready Clusters in 2025
Wang Yinneng
4 min read
kubernetespatternsscalabilityreliabilityautomation
Advanced Kubernetes Patterns: Building Resilient Systems in 2025
Introduction
Kubernetes continues to evolve in 2025, offering sophisticated patterns for building resilient, scalable systems. This comprehensive guide explores advanced Kubernetes patterns and their practical applications in modern cloud-native environments.
Advanced Deployment Patterns
1. Progressive Delivery with Argo Rollouts
# argo-rollout.yaml
apiVersion: argoproj.io/v1alpha1
kind: Rollout
metadata:
name: myapp-rollout
spec:
replicas: 5
strategy:
canary:
steps:
- setWeight: 20
- pause: {duration: 1h}
- setWeight: 40
- pause: {duration: 1h}
- setWeight: 60
- pause: {duration: 1h}
- setWeight: 80
- pause: {duration: 1h}
template:
spec:
containers:
- name: myapp
image: myapp:v2
readinessProbe:
httpGet:
path: /health
port: 8080
2. Multi-Cluster Deployment
# multi-cluster-deployment.yaml
apiVersion: fleet.cattle.io/v1alpha1
kind: ClusterGroup
metadata:
name: production-clusters
spec:
clusters:
- name: cluster-1
region: us-west
- name: cluster-2
region: us-east
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: global-app
annotations:
fleet.cattle.io/cluster-group: production-clusters
spec:
replicas: 3
template:
spec:
containers:
- name: app
image: global-app:v1
Service Mesh Integration
1. Istio Service Mesh Configuration
# istio-service-mesh.yaml
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: myapp-vs
spec:
hosts:
- myapp
http:
- route:
- destination:
host: myapp
subset: v1
weight: 90
- destination:
host: myapp
subset: v2
weight: 10
retries:
attempts: 3
perTryTimeout: 2s
timeout: 5s
2. Traffic Management
# traffic-management.yaml
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: myapp-dr
spec:
host: myapp
trafficPolicy:
loadBalancer:
simple: ROUND_ROBIN
connectionPool:
tcp:
maxConnections: 100
http:
http1MaxPendingRequests: 1000
maxRequestsPerConnection: 10
outlierDetection:
consecutive5xxErrors: 5
interval: 30s
baseEjectionTime: 30s
Advanced Resource Management
1. Vertical Pod Autoscaling
# vpa-config.yaml
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
name: myapp-vpa
spec:
targetRef:
apiVersion: "apps/v1"
kind: Deployment
name: myapp
updatePolicy:
updateMode: "Auto"
resourcePolicy:
containerPolicies:
- containerName: '*'
minAllowed:
cpu: 100m
memory: 50Mi
maxAllowed:
cpu: 1
memory: 500Mi
2. Horizontal Pod Autoscaling with Custom Metrics
# hpa-custom-metrics.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: myapp-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: myapp
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
- type: Pods
pods:
metric:
name: http_requests_per_second
target:
type: AverageValue
averageValue: 1000
Security Patterns
1. Pod Security Policies
# pod-security-policy.yaml
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: restricted
spec:
privileged: false
seLinux:
rule: RunAsAny
runAsUser:
rule: MustRunAsNonRoot
ranges:
- min: 1000
max: 65535
fsGroup:
rule: MustRunAs
ranges:
- min: 1000
max: 65535
volumes:
- 'configMap'
- 'emptyDir'
- 'projected'
- 'secret'
- 'downwardAPI'
- 'persistentVolumeClaim'
2. Network Policies
# network-policy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: myapp-network-policy
spec:
podSelector:
matchLabels:
app: myapp
policyTypes:
- Ingress
- Egress
ingress:
- from:
- podSelector:
matchLabels:
role: frontend
ports:
- protocol: TCP
port: 8080
egress:
- to:
- podSelector:
matchLabels:
role: database
ports:
- protocol: TCP
port: 5432
Observability Patterns
1. Prometheus Monitoring
# prometheus-config.yaml
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: myapp-monitor
spec:
selector:
matchLabels:
app: myapp
endpoints:
- port: metrics
interval: 15s
path: /metrics
scrapeTimeout: 10s
2. Distributed Tracing
# jaeger-config.yaml
apiVersion: jaegertracing.io/v1
kind: Jaeger
metadata:
name: myapp-jaeger
spec:
strategy: production
storage:
type: elasticsearch
options:
es:
server-urls: http://elasticsearch:9200
ingress:
enabled: true
annotations:
kubernetes.io/ingress.class: nginx
Disaster Recovery
1. Backup and Restore
# velero-backup.yaml
apiVersion: velero.io/v1
kind: Schedule
metadata:
name: daily-backup
spec:
schedule: "0 1 * * *"
template:
includedNamespaces:
- default
- kube-system
ttl: 720h
storageLocation: default
volumeSnapshotLocations:
- default
2. Multi-Region Deployment
# multi-region-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-global
annotations:
topology.kubernetes.io/zone: "us-west1-a,us-east1-b"
spec:
replicas: 6
template:
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- myapp
topologyKey: kubernetes.io/hostname
Best Practices
1. Resource Management
- Use resource requests and limits
- Implement proper autoscaling
- Monitor resource usage
- Optimize container images
2. Security
- Implement network policies
- Use pod security policies
- Enable RBAC
- Regular security audits
3. Monitoring and Logging
- Centralized logging
- Distributed tracing
- Metrics collection
- Alert management
Conclusion
Advanced Kubernetes patterns enable building resilient, scalable systems. By understanding and applying these patterns, organizations can create robust cloud-native applications that meet modern requirements.
Resources
WY
Wang Yinneng
Senior Golang Backend & Web3 Developer with 10+ years of experience building scalable systems and blockchain solutions.
View Full Profile →