⌂ Home

Deployment → ReplicaSet → Pod Hierarchy

Understanding Kubernetes workload management - Hover over components for details

Level 1: Deployment

nginx-deployment

Deployment

Replicas: 3
Strategy: Rolling Update
Purpose: Declarative updates for Pods and ReplicaSets

Selector: app: nginx

Level 2: ReplicaSet (Managed by Deployment)

nginx-deployment-75675f5897

ReplicaSet

Desired: 3 | Current: 3 | Ready: 3
Purpose: Ensures exact number of Pod replicas
Owner: nginx-deployment

Selector: app: nginx, pod-template-hash: 75675f5897

Level 3: Pods (Managed by ReplicaSet)

nginx-...-7ci7o

Pod

Status: Running
IP: 10.244.1.5
Node: worker-1

app: nginx
pod-template-hash: 75675f5897

nginx-...-a1b2c

Pod

Status: Running
IP: 10.244.2.8
Node: worker-2

app: nginx
pod-template-hash: 75675f5897

nginx-...-d3e4f

Pod

Status: Running
IP: 10.244.1.9
Node: worker-1

app: nginx
pod-template-hash: 75675f5897

                Key Concept: The Deployment owns the ReplicaSet, and the ReplicaSet owns the Pods. This ownership is tracked via metadata.ownerReferences field, enabling cascading deletion and proper lifecycle management.
            

Creation Flow: From kubectl to Running Pods

User Creates Deployment

kubectl apply -f deployment.yaml
You define the desired state: 3 nginx Pods with specific container image and configuration.

API Server Validates and Stores

The API Server validates the Deployment spec, authenticates the request, and stores the desired state in etcd. The Deployment object now exists in the cluster.

Deployment Controller Creates ReplicaSet

The Deployment Controller watches for new Deployment objects. It creates a ReplicaSet with name format: [deployment-name]-[hash]. The hash is derived from the Pod template to enable version tracking.

ReplicaSet Controller Creates Pods

The ReplicaSet Controller sees the new ReplicaSet and creates 3 Pod objects (matching the replicas: 3 spec). Each Pod gets a unique name with the ReplicaSet prefix plus a random suffix.

Scheduler Assigns Pods to Nodes

The Scheduler watches for unscheduled Pods and assigns each to an optimal worker node based on resource availability, affinity rules, taints, and tolerations.

Kubelet Starts Containers

The Kubelet on each node sees Pods assigned to it, pulls the nginx container image, and instructs the container runtime (containerd/CRI-O) to start the containers.

Continuous Reconciliation

All controllers continuously watch the cluster state. If a Pod dies, the ReplicaSet Controller creates a new one. If you update the Deployment, it creates a new ReplicaSet and gradually transitions Pods.

                Important: This entire process is declarative. You declare what you want (3 nginx Pods), and Kubernetes controllers work continuously to make it happen and keep it that way.
            

How Label Selectors Connect the Hierarchy

Deployment Selector

spec.selector.matchLabels:
app: nginx

Deployment uses this to find its ReplicaSets and Pods

⟹

ReplicaSet & Pod Labels

metadata.labels:
app: nginx
pod-template-hash: 75675f5897

ReplicaSets and Pods have these labels

How Label Matching Works

# Deployment specifies what labels to match spec: selector: matchLabels: app: nginx # Must match Pod template labels template: metadata: labels: app: nginx # These labels are applied to Pods

The pod-template-hash Label

Kubernetes automatically adds a pod-template-hash label to distinguish Pods from different versions during rolling updates.

Old ReplicaSet (v1)

app: nginx
pod-template-hash: 75675f5897

New ReplicaSet (v2)

app: nginx
pod-template-hash: 8f9d6c4b21

                Why This Matters: The pod-template-hash ensures that Pods from different ReplicaSets don't conflict during rolling updates. Each ReplicaSet manages only its own version of Pods.
            

Ownership References

Besides labels, Kubernetes uses ownerReferences to track the ownership chain:

Pod's ownerReferences Field

metadata: ownerReferences: - apiVersion: apps/v1 kind: ReplicaSet name: nginx-deployment-75675f5897 uid: e129deca-f864-481b-bb16-b27abfd92292 controller: true # This ReplicaSet is the controller blockOwnerDeletion: true # Prevents deleting owner if dependents exist

Complete YAML Examples

1. Deployment YAML

apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: app: nginx spec: replicas: 3 # Desired number of Pods selector: matchLabels: app: nginx # Must match template.metadata.labels template: # Pod template - used by ReplicaSet to create Pods metadata: labels: app: nginx # Labels applied to each Pod spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80

2. ReplicaSet YAML (Auto-created by Deployment)

apiVersion: apps/v1 kind: ReplicaSet metadata: name: nginx-deployment-75675f5897 # Auto-generated name ownerReferences: # Tracks owner (Deployment) - apiVersion: apps/v1 kind: Deployment name: nginx-deployment controller: true spec: replicas: 3 selector: matchLabels: app: nginx pod-template-hash: 75675f5897 # Auto-added hash template: metadata: labels: app: nginx pod-template-hash: 75675f5897 spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80

3. Pod YAML (Auto-created by ReplicaSet)

apiVersion: v1 kind: Pod metadata: name: nginx-deployment-75675f5897-7ci7o # Auto-generated labels: app: nginx pod-template-hash: 75675f5897 ownerReferences: # Tracks owner (ReplicaSet) - apiVersion: apps/v1 kind: ReplicaSet name: nginx-deployment-75675f5897 controller: true spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 nodeName: worker-1 # Assigned by Scheduler status: phase: Running podIP: 10.244.1.5

                Notice: Only the Deployment YAML is created by users. The ReplicaSet and Pod YAMLs are automatically generated by Kubernetes controllers, with ownership references and template hashes added automatically.
            

What Happens When You Delete?

🔴 Delete Deployment

Command: kubectl delete deployment nginx-deployment

Impact: Cascading deletion removes everything:

Deployment is deleted
All owned ReplicaSets are deleted
All Pods managed by those ReplicaSets are deleted

CRITICAL - Complete Removal

Result: Your entire application is removed from the cluster. All 3 nginx Pods stop running.

🟡 Delete ReplicaSet

Command: kubectl delete replicaset nginx-deployment-75675f5897

Impact: Immediate recreation by Deployment controller:

ReplicaSet is deleted
All Pods are deleted
Deployment controller creates new ReplicaSet
New Pods are created

WARNING - Recreated Automatically

Result: Brief downtime, then application returns to desired state. Not recommended - manage via Deployment instead.

🔵 Delete Pod

Command: kubectl delete pod nginx-deployment-75675f5897-7ci7o

Impact: Single Pod replacement:

Specific Pod is deleted
ReplicaSet detects count is now 2/3
New Pod is created immediately
Other 2 Pods continue running

INFO - Self-Healing

Result: One Pod restarts. This is how Kubernetes provides self-healing - replica count is always maintained.

Cascading Deletion Options

You can control cascade behavior with the --cascade flag:

Cascade Deletion Options

# Default: Foreground cascade (waits for dependents to delete) kubectl delete deployment nginx-deployment # Background cascade (deletes immediately, dependents removed asynchronously) kubectl delete deployment nginx-deployment --cascade=background # Orphan (keeps ReplicaSets and Pods running) kubectl delete deployment nginx-deployment --cascade=orphan

Scaling Impact

When you scale a Deployment, changes propagate down the hierarchy:

Scale Up: replicas: 3 → 5

Command: kubectl scale deployment nginx-deployment --replicas=5

Process:

Deployment updates ReplicaSet spec
ReplicaSet creates 2 new Pods
Scheduler assigns to nodes
Kubelets start containers

SCALE UP - 2 New Pods Added

Scale Down: replicas: 3 → 1

Command: kubectl scale deployment nginx-deployment --replicas=1

Process:

Deployment updates ReplicaSet spec
ReplicaSet marks 2 Pods for deletion
Pods are gracefully terminated
1 Pod remains running

SCALE DOWN - 2 Pods Removed

                Best Practice: Always manage your application through the Deployment. Don't manually edit ReplicaSets or delete individual Pods (except for troubleshooting). The Deployment controller ensures proper rolling updates and rollback capabilities.
            

Rolling Update Behavior

When you update the Deployment (e.g., change container image), a controlled rollout occurs:

Rolling Update Process

# Update the container image kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 # What happens behind the scenes: # 1. New ReplicaSet created: nginx-deployment-8f9d6c4b21 # 2. Old ReplicaSet scaled down gradually: 3 → 2 → 1 → 0 # 3. New ReplicaSet scaled up gradually: 0 → 1 → 2 → 3 # 4. Old ReplicaSet kept (scaled to 0) for rollback capability # During the update: kubectl get replicasets # NAME DESIRED CURRENT READY # nginx-deployment-75675f5897 1 1 1 # Old # nginx-deployment-8f9d6c4b21 2 2 2 # New