Container Orchestration
Also Known As
Kubernetes
K8s
Docker Swarm
EKS
GKE
TL;DR
Automating the deployment, scaling, networking, and health management of containers across a cluster of machines — Kubernetes is the dominant solution.
Explanation
Kubernetes (K8s) manages containerised workloads: Pods (one or more containers), Deployments (desired replica count), Services (stable network endpoint), Ingress (HTTP routing), ConfigMaps/Secrets (configuration), and PersistentVolumes (storage). The control plane schedules and monitors; worker nodes run containers. Key operations: rolling updates, health checks, automatic restarts, horizontal pod autoscaling. For PHP: PHP-FPM runs in containers behind an nginx sidecar, scaled by HPA based on CPU or request rate.
Diagram
flowchart TD
subgraph Kubernetes Cluster
API[API Server]
subgraph Node 1
P1[Pod: PHP-FPM]
P2[Pod: Worker]
end
subgraph Node 2
P3[Pod: PHP-FPM]
P4[Pod: Nginx]
end
end
SVC[Service - stable DNS] --> P1 & P3
ING[Ingress - routes traffic] --> SVC
HPA[HPA - auto-scales pods<br/>on CPU or custom metrics] --> P1 & P3
CM[ConfigMap - env config] -.-> P1 & P2 & P3
SEC[Secret - credentials] -.-> P1 & P2 & P3
style ING fill:#d29922,color:#fff
style HPA fill:#238636,color:#fff
style SVC fill:#1f6feb,color:#fff
Common Misconception
✗ Kubernetes is required for production — it adds significant operational complexity; a managed PaaS (Render, Fly.io, Railway) or serverless approach is often better for teams without dedicated DevOps.
Why It Matters
Kubernetes standardises deployment, scaling, and self-healing across any cloud — a workload running on local K8s runs identically on EKS, GKE, or AKS.
Common Mistakes
- Running a database in Kubernetes without understanding persistent storage — container restarts lose data without PVCs.
- Not setting resource requests and limits — containers without limits steal CPU/memory from neighbours.
- Not implementing readiness and liveness probes — Kubernetes cannot route traffic away from broken pods without them.
- Storing secrets in ConfigMaps — use Kubernetes Secrets or an external secrets manager.
Code Examples
✗ Vulnerable
# Deployment without resource limits or health probes:
apiVersion: apps/v1
kind: Deployment
spec:
template:
spec:
containers:
- name: php-fpm
image: myapp:latest
# No resources: limits — can consume all node CPU/memory
# No readinessProbe — traffic sent to broken pods
# No livenessProbe — dead pods never restarted
✓ Fixed
spec:
containers:
- name: php-fpm
image: myapp:1.2.3 # Pinned version, not 'latest'
resources:
requests: { cpu: 250m, memory: 256Mi }
limits: { cpu: 500m, memory: 512Mi }
readinessProbe:
httpGet: { path: /health, port: 80 }
initialDelaySeconds: 5
livenessProbe:
httpGet: { path: /ping, port: 80 }
periodSeconds: 10References
Tags
🤝 Adopt this term
£79/year · your link shown here
Added
15 Mar 2026
Edited
22 Mar 2026
Views
32
🤖 AI Guestbook educational data only
|
|
Last 30 days
Agents 0
No pings yet today
No pings yesterday
Amazonbot 11
Perplexity 7
Google 4
Ahrefs 2
Unknown AI 2
SEMrush 2
Also referenced
How they use it
crawler 26
crawler_json 2
⚡
DEV INTEL
Tools & Severity
🟡 Medium
⚙ Fix effort: High
⚡ Quick Fix
Use managed Kubernetes (EKS, GKE, AKS) rather than self-hosted — the control plane management overhead is significant; focus on deploying your PHP app, not operating Kubernetes
📦 Applies To
PHP 5.0+
web
cli
🔗 Prerequisites
🔍 Detection Hints
Running PHP on self-managed k8s without platform team; missing resource limits on PHP pods; no network policies between services
Auto-detectable:
✗ No
kubectl
k9s
helm
terraform
⚠ Related Problems
🤖 AI Agent
Confidence: Low
False Positives: Medium
✗ Manual fix
Fix: High
Context: File