Kubernetes is overkill for most early-stage projects. But when you need it — high availability, zero-downtime deploys, horizontal scaling, multi-region — nothing else compares. Here's a production-ready setup without the enterprise complexity.
When You Actually Need Kubernetes
You don't need Kubernetes until you have:
- Multiple services that need independent scaling
- A requirement for zero-downtime deployments
- High availability requirements (multiple replicas)
- A team large enough to justify the operational overhead
If you're solo or a small team with one app: Vercel, Railway, or a single VPS with PM2 is the right answer. Kubernetes is a tool for scaling teams as much as scaling apps.
Minimal Production Deployment
# k8s/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nextjs-app
namespace: production
spec:
replicas: 3
selector:
matchLabels:
app: nextjs-app
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0 # zero-downtime
template:
metadata:
labels:
app: nextjs-app
spec:
containers:
- name: app
image: ghcr.io/yourorg/yourapp:latest
ports:
- containerPort: 3000
env:
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: app-secrets
key: database-url
resources:
requests:
memory: '256Mi'
cpu: '100m'
limits:
memory: '512Mi'
cpu: '500m'
readinessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 10
periodSeconds: 5
livenessProbe:
httpGet:
path: /api/health
port: 3000
initialDelaySeconds: 30
periodSeconds: 10
Service and Ingress
# k8s/service.yaml
apiVersion: v1
kind: Service
metadata:
name: nextjs-app
spec:
selector:
app: nextjs-app
ports:
- port: 80
targetPort: 3000
---
# k8s/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nextjs-app
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/proxy-body-size: '50m'
spec:
tls:
- hosts: [myapp.com]
secretName: myapp-tls
rules:
- host: myapp.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nextjs-app
port:
number: 80
Secrets Management
# Create secrets from .env file
kubectl create secret generic app-secrets \
--from-literal=database-url='postgresql://...' \
--from-literal=stripe-secret='sk_live_...' \
--namespace=production
# Or from a file
kubectl create secret generic app-secrets \
--from-env-file=.env.production \
--namespace=production
Horizontal Pod Autoscaler
# k8s/hpa.yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: nextjs-app
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nextjs-app
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
CI/CD Deploy
# .github/workflows/deploy.yml
- name: Build and push image
uses: docker/build-push-action@v5
with:
push: true
tags: ghcr.io/${{ github.repository }}:${{ github.sha }}
- name: Deploy to Kubernetes
run: |
kubectl set image deployment/nextjs-app \
app=ghcr.io/${{ github.repository }}:${{ github.sha }} \
--namespace=production
kubectl rollout status deployment/nextjs-app --namespace=production
The rollout status command waits for the deployment to complete and fails the CI job if pods don't become ready.
The Ship Fast Skill Pack at whoffagents.com includes a /deploy skill that generates production Kubernetes manifests, HPA configs, and GitHub Actions deploy pipelines. $49 one-time.
Top comments (0)