Deployment Basics
Deploying Go services means building static binaries, containerizing, and running on Kubernetes, AWS ECS, Google Cloud Run, or VM systemd services.
Introduction
Deploying Go services means building static binaries, containerizing, and running on Kubernetes, AWS ECS, Google Cloud Run, or VM systemd services. Go's single binary simplifies deployment — copy one file and run.
Kubernetes Deployment + Service + Ingress is the cloud-native standard. Configure liveness/readiness probes, resource limits, horizontal pod autoscaling, and rolling updates. CI/CD pipelines automate test → build → push → deploy.
This lesson covers K8s manifest essentials, GitHub Actions CI, and zero-downtime rolling deployments — the deployment story interviewers expect from Go backend candidates.
The story
A Go payments service deploys to GKE via GitHub Actions: build and test, push a container to Artifact Registry, apply Kubernetes manifests with rolling updates (maxUnavailable: 0), and verify Prometheus alerts stay green. readinessProbe waits for database connectivity; preStop hook sleeps 5 seconds so the load balancer drains connections before the pod terminates.
Blue-green or canary deploys route 5% traffic to a new version first — Go's fast startup makes rolling back a bad deploy a one-command kubectl rollout undo.
Understanding the topic
Key concepts
- Kubernetes Deployment manages pod replicas.
- Service exposes pods internally; Ingress externally.
- Liveness probe restarts unhealthy pods.
- Readiness probe removes pod from load balancer until ready.
- ConfigMap/Secret inject env configuration.
- HPA scales pods on CPU/memory/custom metrics.
flowchart LRSource[Go Source] --> Build[go build]Build --> Image[Docker Image]Image --> Registry[ECR / GCR]Registry --> K8s[Kubernetes Pod]
Step-by-step explanation
- CI: go test -race → docker build → push to registry.
- CD: kubectl apply or Helm upgrade.
- Rolling update replaces pods incrementally.
- Readiness waits for DB migration and Ping success.
- Ingress routes HTTPS with cert-manager TLS.
- Monitor with Prometheus metrics and alerting.
Practical code example
Kubernetes Deployment manifest and GitHub Actions CI snippet:
# k8s/deployment.yamlapiVersion: apps/v1kind: Deploymentmetadata:name: go-apispec:replicas: 3selector:matchLabels:app: go-apitemplate:metadata:labels:app: go-apispec:containers:- name: apiimage: ghcr.io/techlearningpro/go-api:1.0.0ports:- containerPort: 8080envFrom:- secretRef:name: go-api-secretsresources:requests:memory: "64Mi"cpu: "100m"limits:memory: "256Mi"cpu: "500m"livenessProbe:httpGet:path: /healthport: 8080initialDelaySeconds: 5readinessProbe:httpGet:path: /healthport: 8080initialDelaySeconds: 3# .github/workflows/ci.yaml snippet# - run: go test -race ./...# - run: docker build -t ghcr.io/org/go-api:$GITHUB_SHA .# - run: docker push ghcr.io/org/go-api:$GITHUB_SHA
Line-by-line code explanation
Deployment spec with replicas: 3maintains desired pod count across node failures.readinessProbe httpGet path: /readyzgates traffic until the app is fully initialized.livenessProberestarts pods that deadlock — separate from readiness to avoid flapping.resources.requests and limits— CPU/memory guarantees prevent noisy neighbor issues.rollingUpdate.maxSurge / maxUnavailablecontrols deploy speed vs capacity.ConfigMap and Secret volumesinject config without baking secrets into images.HPA on CPU or custom metricsscales replicas during traffic spikes automatically.graceful shutdown— handle SIGTERM, callserver.Shutdown, then exit.
Key takeaway: Readiness prevents traffic before DB ready. Resource limits prevent noisy neighbor. Pin image digest in production.
Real-world use
Where you'll use this in production
- Production API on AWS EKS or GKE.
- Serverless Go on Cloud Run with auto-scaling.
- Edge deployment of static Go binary on VM systemd.
- Blue-green or canary releases with Argo Rollouts.
Best practices
- Immutable deployments — new image per release, never patch running container.
- Readiness probe on DB connectivity.
- Set resource requests and limits.
- Use semantic versioning tags plus git SHA.
- Automate rollback on failed health checks.
- Separate staging and production clusters/namespaces.
Common mistakes
- No readiness probe — traffic hits starting pods.
- Latest tag in production — unpredictable deploys.
- Missing resource limits — pod OOM or node exhaustion.
- Secrets baked into image instead of K8s Secret.
- No rollback plan when deployment fails.
Advanced interview questions
Q1BeginnerLiveness vs readiness?
Q2BeginnerWhy Go good for containers?
Q3IntermediateZero-downtime deploy?
Q4IntermediateCI pipeline for Go service?
Q5AdvancedDesign deployment for 99.9% availability.
Summary
Deploy Go as container on K8s with probes and resource limits. CI runs tests and builds; CD applies manifests or Helm. Readiness gates traffic; liveness restarts failed pods. Secrets via K8s Secret — never in image layers. Next lesson: interview preparation and final project.