Overview
The Deployment construct creates a Kubernetes Deployment with rolling update strategy, volume mounts, and service account support.
Class Definition
export class Deployment extends Construct {
constructor(scope: Construct, appname: string, props: DeploymentProps)
}
Constructor Parameters
Application name for labels and metadata
Deployment configuration properties
DeploymentProps
Extends ContainerProps with deployment-specific options.
Container Properties
Docker image name (without tag)
tag
string
default:"GIT_SHA env var"
Docker image tag. Defaults to GIT_SHA environment variable.
External port for the service
Internal container port. Defaults to the value of port.
Name of Kubernetes secret to mount as environment variables
Container command (entrypoint)cmd: ['gunicorn', 'app.wsgi:application', '--bind', '0.0.0.0:8000']
env
Array<{name: string, value: string}>
Additional environment variablesenv: [
{ name: 'LOG_LEVEL', value: 'INFO' },
{ name: 'ENVIRONMENT', value: 'production' }
]
GIT_SHA is automatically added to all containers. pullPolicy
'IfNotPresent' | 'Always' | 'Never'
default:"IfNotPresent"
Container image pull policy
Deployment-Specific Properties
Number of pod replicas to run
Secret volume mounts for the containersecretMounts: [
{
name: 'app-secrets',
mountPath: '/etc/secrets',
subPath: 'config.json'
}
]
Additional volume mounts (appends to secretMounts)volumeMounts: [
{
name: 'config-volume',
mountPath: '/etc/config'
}
]
Volume definitions for the podvolumes: [
{
name: 'config-volume',
configMap: {
name: 'app-config'
}
}
]
Service account to attach to deployment pods. If not provided, uses default service account.
Deployment Strategy
All deployments use a RollingUpdate strategy with:
- maxSurge: 3 (can create up to 3 extra pods during update)
- maxUnavailable: 0 (always maintain full availability)
This ensures zero-downtime deployments.
Labels
Each deployment automatically applies the label:
app.kubernetes.io/name: <appname>
Usage Examples
Basic Deployment
import { Deployment } from './deployment';
new Deployment(chart, 'api', {
image: 'pennlabs/api',
replicas: 3,
port: 8000
});
With Secrets
new Deployment(chart, 'backend', {
image: 'pennlabs/backend',
replicas: 2,
secret: 'backend-secrets', // Mounted as environment variables
secretMounts: [ // Mounted as files
{
name: 'db-credentials',
mountPath: '/etc/secrets',
subPath: 'credentials.json'
}
]
});
With Custom Command
new Deployment(chart, 'worker', {
image: 'pennlabs/app',
cmd: ['celery', '-A', 'app', 'worker', '--loglevel=info'],
replicas: 4,
secret: 'app-secrets'
});
With Service Account
import { KubeServiceAccount } from './imports/k8s';
const serviceAccount = new KubeServiceAccount(chart, 'my-sa', {
metadata: { name: 'my-app-sa' }
});
new Deployment(chart, 'api', {
image: 'pennlabs/api',
replicas: 2,
serviceAccount: serviceAccount
});
With ConfigMap Volumes
new Deployment(chart, 'app', {
image: 'pennlabs/app',
replicas: 2,
volumeMounts: [
{
name: 'config',
mountPath: '/etc/app/config'
}
],
volumes: [
{
name: 'config',
configMap: {
name: 'app-config'
}
}
]
});
High Availability Setup
new Deployment(chart, 'api', {
image: 'pennlabs/api',
tag: 'v2.1.0',
replicas: 5,
port: 8000,
env: [
{ name: 'LOG_LEVEL', value: 'INFO' },
{ name: 'WORKERS', value: '4' }
],
pullPolicy: 'Always'
});
Container Naming
All containers are named worker by default (see src/container.ts:162).
Environment Variables
Required environment variable:
Git commit SHA. Automatically injected into all containers and used as default image tag.
Source Reference
Defined in src/deployment.ts:48