Capstone — Deploying a Production-Ready Application
Kubernetes Intermediate/Advanced
Chapter 10 · Capstone — Deploying a Production-Ready Application
Course 1's own capstone (k8s1-12) closed with an honest list of what was deliberately left out. This chapter resolves that list, one item at a time, using everything Course 2 has covered.
Where We Left Off
k8s1-12's shop-app: a namespace, ConfigMap/Secret, three Deployments (frontend, backend, and a simplified database), two ClusterIP Services, an Ingress, resource limits, and probes. Its own closing section named exactly what this chapter now delivers: a proper StatefulSet, RBAC, autoscaling, observability, troubleshooting readiness, Helm packaging, and GitOps deployment.
Step 1 — Packaging as a Helm Chart
k8s2-3: the capstone's raw YAML becomes a proper chart — Chart.yaml, a values.yaml with environment-specific overrides, and a templates/ directory holding every resource from here on.
Step 2 — A Proper StatefulSet for the Database
k8s2-1: the simplified Deployment+PVC database is replaced with a real StatefulSet, using volumeClaimTemplates and a headless Service — directly resolving k8s1-12's own warn-box and its own Exercise 2 about this exact simplification.
Step 3 — Locking Down the Database With a NetworkPolicy
k8s2-5: the exact NetworkPolicy example from that chapter, applied here for real — restricting database access to only backend pods, closing a security gap that existed silently through the entire Course 1 capstone until now.
Step 4 — RBAC for the Monitoring Stack
k8s2-4/k8s2-7: a dedicated ServiceAccount, Role, and RoleBinding for a monitoring tool needing read-only pod access — the exact worked example from Chapter 4, now actually deployed as part of the real app.
Step 5 — Autoscaling the Backend
k8s2-6: an HPA targeting the backend, with a sensible maxReplicas cap — directly applying that chapter's own cost-consciousness warning.
Step 6 — Observability
k8s2-7: Prometheus scraping the backend's /metrics endpoint, node-exporter running as a DaemonSet (k8s2-2's own concrete example, now with full context), Grafana dashboards on top. An honest note, matching Chapter 7's own framing: full observability setup is beyond this capstone's own scope — this integrates the pieces, it doesn't teach Prometheus/Grafana from scratch.
Step 7 — Deploying via GitOps
k8s2-9: the chart lives in git. A PR merges a values change; ArgoCD notices and applies it — no manual kubectl or helm at all. This closes the loop on the entire deployment workflow, not just the application's own configuration.
Step 8 — If Something Breaks
k8s2-8: the troubleshooting decision tree still applies exactly as written — get pods, describe, logs --previous, and reading the specific error/state as the fastest triage signal, regardless of how much additional infrastructure this capstone has layered on top.
The Full Picture — Every Course 2 Chapter's Contribution
| Step | Chapter |
|---|---|
| 1 | Ch.3 — Helm packaging |
| 2 | Ch.1 — StatefulSets |
| 3 | Ch.5 — NetworkPolicy |
| 4 | Ch.4 — RBAC |
| 5 | Ch.6 — Autoscaling |
| 6 | Ch.7 — Observability |
| 7 | Ch.9 — GitOps |
| 8 | Ch.8 — Troubleshooting |
What's Still Out of Scope, Honestly
Matching this course's own recurring convention: even this "production-ready" capstone doesn't cover everything a real production system would need — proper multi-region/disaster-recovery architecture, a full incident response process (cloud2-6's own material from Cloud Platforms), cost optimization at genuine scale (cloud1-9/cloud2-7), and a genuinely mature CI pipeline with automated testing before the GitOps merge ever happens. Named honestly, rather than implying this capstone is "done" in any absolute sense.
Closing the Full Kubernetes Track
From Chapter 1 (Course 1)'s own "why does orchestration even need to exist" all the way to a GitOps-deployed, autoscaled, RBAC-secured, network-policy-restricted, StatefulSet-backed application — the reconciliation loop, named in Chapter 2, has been the throughline the entire way, appearing at every single layer covered across both courses.
Hands-On Exercises
Identify which specific limitation from k8s1-12's own "what's deliberately out of scope" list each of the following Course 2 additions resolves: (a) the StatefulSet, (b) the NetworkPolicy, (c) the HPA.
Explain why deploying this production-ready version via GitOps (Chapter 9) is considered a meaningfully different security posture than simply running helm upgrade manually from a laptop with cluster-admin credentials.
Across the entire Kubernetes track (both courses), name the single concept/pattern that recurs most often, and explain in your own words why understanding it deeply matters more than memorizing any single YAML snippet.
📄 View solutionChapter 10 Quick Reference — Course & Track Complete
- Course 1's capstone limitations, resolved one by one: Helm (Ch.3), StatefulSet (Ch.1), NetworkPolicy (Ch.5), RBAC (Ch.4), HPA (Ch.6), observability (Ch.7), GitOps (Ch.9), troubleshooting readiness (Ch.8)
- Production-readiness remains a spectrum — multi-region, incident response, cost optimization at scale, and mature CI testing are still honestly out of scope
- The reconciliation loop (Ch.2, Course 1) has appeared at every layer, across both courses, right up through this chapter's own GitOps deployment
- Course 2 complete — Kubernetes Intermediate/Advanced, 10 chapters
- Full Kubernetes track complete — Fundamentals + Intermediate/Advanced, 22 chapters across 2 courses