MasterLabSystemsMasterLabSystems
Python & FastAPI14 min read·By Liyabona Saki·

Deploy FastAPI Applications to Kubernetes

A complete guide to deploying FastAPI on Kubernetes — Deployment, Service, Ingress, ConfigMaps, Secrets, HPA and zero-downtime rollouts.

Advertisement

Introduction

A FastAPI app running on your laptop is not production. This guide takes the Dockerized image from earlier tutorials and ships it to Kubernetes with proper health checks, config, secrets, autoscaling and a zero-downtime rollout.

For the Java equivalent, see Deploy Spring Boot to Kubernetes.

Key takeaways

  • Always set resource requests + limits, or the scheduler can't reason about you.
  • Wire up /healthz (liveness) and /readyz (readiness) — they have different meanings.
  • Roll out with maxUnavailable: 0 for zero downtime.
  • Use ConfigMap for non-secret config, Secret for credentials.
  • Use HorizontalPodAutoscaler on CPU + custom metrics, not just CPU.

Health endpoints in FastAPI

```python
@app.get("/healthz")
async def healthz(): return {"ok": True}

@app.get("/readyz") async def readyz(): try: await db.execute("SELECT 1") return {"ok": True} except Exception: raise HTTPException(503, "db not ready") ```

Deployment

yaml
apiVersion: apps/v1
kind: Deployment
metadata: { name: api }
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate: { maxSurge: 1, maxUnavailable: 0 }
  selector: { matchLabels: { app: api } }
  template:
    metadata: { labels: { app: api } }
    spec:
      securityContext: { runAsNonRoot: true, runAsUser: 10001 }
      containers:
        - name: api
          image: ghcr.io/org/api:1.4.2
          ports: [{ containerPort: 8000 }]
          envFrom:
            - configMapRef: { name: api-config }
            - secretRef:    { name: api-secrets }
          resources:
            requests: { cpu: "200m", memory: "256Mi" }
            limits:   { cpu: "1",    memory: "512Mi" }
          readinessProbe:
            httpGet: { path: /readyz, port: 8000 }
            initialDelaySeconds: 5
            periodSeconds: 5
          livenessProbe:
            httpGet: { path: /healthz, port: 8000 }
            initialDelaySeconds: 20
            periodSeconds: 10

Service + Ingress

yaml
apiVersion: v1
kind: Service
metadata: { name: api }
spec:
  selector: { app: api }
  ports: [{ port: 80, targetPort: 8000 }]
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: api
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
  tls: [{ hosts: [api.example.com], secretName: api-tls }]
  rules:
    - host: api.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend: { service: { name: api, port: { number: 80 } } }

Config + Secrets

yaml
apiVersion: v1
kind: ConfigMap
metadata: { name: api-config }
data:
  LOG_LEVEL: "INFO"
  WORKERS: "4"
---
apiVersion: v1
kind: Secret
metadata: { name: api-secrets }
type: Opaque
stringData:
  DATABASE_URL: postgresql+asyncpg://app:****@pg/app
  JWT_SECRET: ****

Autoscaling

yaml
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata: { name: api }
spec:
  scaleTargetRef: { apiVersion: apps/v1, kind: Deployment, name: api }
  minReplicas: 3
  maxReplicas: 20
  metrics:
    - type: Resource
      resource: { name: cpu, target: { type: Utilization, averageUtilization: 70 } }

Production best practices

  • Run migrations as a Job with backoffLimit: 0, not inside the app pod.
  • Set PodDisruptionBudget minAvailable: 2 to survive node drains.
  • Add a preStop sleep of ~5s so in-flight requests drain before SIGTERM.
  • Pin images by SHA digest in prod, not floating tags.

Common mistakes

  • Using /healthz for both liveness and readiness — a slow DB causes pod restarts.
  • No resource limits — one pod with a memory leak crashes its node.
  • Deploying :latest — no clean rollback.

Tools used in this tutorial

The setup below uses the following tools. Versions matter less than the role each one plays, so swap freely as long as you keep the responsibilities the same.

  • Python 3.12+
  • FastAPI
  • Uvicorn / Gunicorn
  • Pydantic v2
  • SQLAlchemy 2.x
  • Docker
  • Kubernetes

Real-world production context

In production, a Python backend like this rarely runs as a single uvicorn process on a laptop. Teams build the app into a container image, push it to a registry, and run it behind a managed load balancer with autoscaling, health checks and centralized logging. Async FastAPI services typically use multiple Uvicorn workers managed by Gunicorn, a managed Postgres for state, Redis for cache and rate-limit counters, and an object store for uploads. The reason cloud hosting becomes a hard requirement is operational: zero-downtime rollouts, log aggregation, metrics, and TLS at the edge are not optional once real users depend on the API.

Recommended tools & deployment options

Once the tutorial works on your machine, the next question is *where do I run this for real?* These are the platforms most Python backend teams reach for:

  • DigitalOcean — the simplest path from a working FastAPI container to a public URL. App Platform deploys directly from a Dockerfile, managed Postgres and Redis are one click away, and pricing is predictable. A common way to deploy the setup in this tutorial is using a cloud provider like DigitalOcean when you want to ship quickly without learning a full cloud SDK.
  • AWS — the default for enterprise workloads. ECS Fargate or EKS run containers without you managing servers, RDS handles Postgres, and CloudWatch covers logs and metrics.
  • Docker — the packaging format every modern deploy target understands. Build once, run the same image locally, in CI and in production.
  • Kubernetes (managed: EKS, DOKS, GKE) — the right choice once you have more than a handful of services, need rolling updates, autoscaling and policy-driven networking.

A VPS or managed cloud service is required to run this architecture end-to-end — uvicorn --reload is for development, not for serving traffic.

FAQ

Helm or raw manifests? Raw manifests + Kustomize scale far. Reach for Helm when you publish charts for others.

Next steps & related tutorials

Keep the momentum going with the next tutorial in this learning path:

Architecture

Kubernetes Deployment Architecture

CLIENTINGRESSSERVICEPODSDATAHTTPSUsersIngressNGINX / ALBServiceClusterIPPodReplica 1PodReplica 2PodReplica 3PostgreSQLManagedRedisCache
Ingress routes external traffic to a Service that load-balances across replica Pods. Pods read config from ConfigMaps and persist via managed databases.

TL;DR

Key takeaways

  • Understand the core concepts behind Deploy FastAPI Applications to Kubernetes in a production context.
  • Apply the patterns to real Python & FastAPI systems, not just toy examples.
  • Recognize the trade-offs, failure modes, and operational concerns before adopting them.
  • Get a clear path to the next step — related tutorials, tools, and reference architectures.

Avoid these

Common mistakes

  • 1. Copy-pasting code without understanding the trade-offs

    It's tempting to ship a snippet from a blog post into production, but Python & FastAPI patterns only work when the failure modes are understood. Always reason about timeouts, retries, and consistency.

  • 2. Skipping observability from day one

    Structured logs, metrics, and traces are not optional. Wire them in before you ship — debugging Python & FastAPI systems without them is painful and expensive.

  • 3. Optimizing too early

    Premature caching, sharding, or microservice extraction adds operational cost. Validate the bottleneck with real measurements first.

  • 4. Ignoring security defaults

    Secrets in env files, open management ports, missing RBAC — these are the most common production incidents. Treat security as part of the definition of done.

Ship it safely

Production best practices

Apply these before promoting Deploy FastAPI Applications to Kubernetes to a real production environment.

Scalability

Design Python & FastAPI services to scale horizontally. Keep request handlers stateless, push session and cache state to external stores (Redis, the database), and benchmark p95/p99 latency under realistic load before tuning.

Monitoring & Observability

Emit metrics (RED/USE), structured JSON logs, and distributed traces from day one. Wire dashboards and alerts to SLOs you actually care about — error rate, latency, saturation — not vanity metrics.

Logging

Log with correlation IDs, never log secrets or PII, and centralize logs (ELK, Loki, CloudWatch). Use levels deliberately: INFO for state changes, WARN for recoverable issues, ERROR for incidents.

Security

Apply least-privilege IAM, rotate secrets through a vault, validate every input, and patch dependencies on a schedule. For HTTP services, enable TLS everywhere and set sensible security headers.

Testing

Layer unit, integration, and contract tests. Run them in CI on every PR, and add smoke tests post-deploy. For Python & FastAPI systems, also run chaos and load tests before a major release.

Reliability & Rollouts

Ship with health checks, readiness probes, graceful shutdown, and a rollback strategy. Prefer canary or blue/green deploys over big-bang releases.

Questions

Frequently asked questions

Is this tutorial up to date?

Yes. This tutorial was last reviewed and updated on May 26, 2026. We revisit popular Python & FastAPI tutorials regularly to keep them aligned with current best practices.

What level is this tutorial aimed at?

It is written for working developers with some backend experience. Beginners can still follow along, and senior engineers will find production-grade patterns and trade-off discussions.

Do I need to follow every step in order?

The walkthrough is sequential because each step depends on the previous one. If you only need a specific concept, the table of contents at the top of the article lets you jump straight to that section.

Where can I find the source code?

Code samples are inlined in the tutorial. When a companion repository is published it will be linked at the top of this page.

Go deeper

Further reading

#FastAPI#Kubernetes#Deployment#Docker#DevOps#HPA

More From the Channel

Follow the full tutorial series on YouTube

The MasterLabSystems channel publishes in-depth, project-based tutorials on Java, Spring Boot, microservices, Docker, Kubernetes, AWS and DevOps — the same topics covered on this site, with full code walkthroughs.

Browse all tutorials →Subscribe

Stay in the Loop

Get the next tutorial in your inbox

next tutorial →

FastAPI Testing Strategy — Unit, Integration and API Testing

Related tutorials

Python & FastAPI16 min

Building REST APIs with FastAPI — A Complete Guide

A complete, production-focused walkthrough of building REST APIs with FastAPI — Pydantic models, dependency injection, async endpoints, SQLAlchemy and Docker.

read →
Python & FastAPI15 min

FastAPI Microservices Architecture Explained Step by Step

How to design and build a Python microservices architecture with FastAPI — services, API gateway, async messaging, Redis, Postgres and Docker Compose.

read →
Python & FastAPI11 min

Dockerizing a FastAPI Application the Right Way

Build small, fast, secure Docker images for FastAPI — multi-stage builds, Gunicorn + Uvicorn workers, non-root users, and production-ready Dockerfiles.

read →