Advanced Topics

Custom Resource Definitions

CRDs extend the Kubernetes API with custom resource types. Define a CRD, then create instances of your custom resource. Controllers watch custom resources and reconcile desired state.

CRDs enable domain-specific abstractions — instead of raw Deployments and Services, users interact with Database or Application custom resources.

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  name: databases.example.com
spec:
  group: example.com
  scope: Namespaced
  names:
    plural: databases
    singular: database
    kind: Database
  versions:
    - name: v1
      served: true
      storage: true
      schema:
        openAPIV3Schema:
          type: object
          properties:
            spec:
              type: object
              properties:
                engine:
                  type: string
                version:
                  type: string

Operators

Operators are controllers that encode operational knowledge for complex applications. They watch custom resources and automate deployment, scaling, backup, and recovery.

Popular operators: Prometheus Operator, PostgreSQL Operator (CrunchyData/Zalando), Kafka Operator (Strimzi), and cert-manager. Build custom operators with Operator SDK (Go), Kubebuilder, or Kopf (Python).

# Using PostgreSQL Operator
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
  name: postgres-cluster
spec:
  instances: 3
  storage:
    size: 50Gi
  postgresql:
    parameters:
      max_connections: "200"

Helm Package Manager

Helm packages Kubernetes manifests into charts — reusable, versioned, and configurable application templates. Install charts from repositories (Artifact Hub) or create custom charts.

Helm values.yaml customizes chart installation without editing templates. Use helm upgrade --install for idempotent deployments and helm rollback for quick recovery.

• Helm 3 stores release state in Secrets (not Tiller)
• Use helm template to preview rendered manifests
• Chart dependencies manage sub-chart versions

# Add repo and install
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-db bitnami/postgresql \
  --set auth.password=secret,primary.persistence.size=20Gi

# Upgrade
helm upgrade my-db bitnami/postgresql -f values.yaml

# Rollback
helm rollback my-db 1

Service Mesh

Service mesh adds observability, traffic management, and security to service-to-service communication. Istio and Linkerd are the leading options. They deploy sidecar proxies alongside application containers.

Service mesh provides: mTLS encryption, traffic splitting (canary), circuit breaking, retry policies, and distributed tracing without application code changes.

# Istio traffic splitting (canary)
apiVersion: networking.istio.io/v1
kind: VirtualService
metadata:
  name: web-app
spec:
  http:
    - route:
        - destination:
            host: web-app
            subset: v1
          weight: 90
        - destination:
            host: web-app
            subset: v2
          weight: 10

Multi-Cluster and Federation

Multi-cluster architectures provide geographic distribution, disaster recovery, and environment isolation. Tools like Submariner, Cilium Cluster Mesh, and Istio multi-cluster connect networks across clusters.

Start with a single well-managed cluster. Add multi-cluster complexity only when single-cluster limits are reached — operational overhead increases significantly.

# Cluster federation concepts
# - DNS-based global load balancing
# - Cross-cluster service discovery
# - GitOps-managed configuration across clusters
# - Active-active or active-passive failover