K8s objects: ship a self-healing, zero-downtime service

Deploy a deliberately slow-warming HTTP service (~20-30s boot) to a local Kubernetes cluster (kind, minikube, or k3d) using only declarative manifests, and prove it self-heals after pod loss and rolls out a new image with zero failed requests under sustained load.

• Build a tiny HTTP service with a /healthz endpoint that returns 503 for the first ~20-30s (simulating config load and pool prime) then 200, plus a /version endpoint that echoes a build tag from an env var. Containerize it and load the image into your local cluster.
• Write a Deployment manifest with replicas: 3 and a correct probe set: a readiness probe on /healthz that gates traffic, a startupProbe to cover the slow boot, and a liveness probe to recover a wedged process. Justify each probe's role in a comment.
• Add a Service (ClusterIP) wired to the pods purely by label selector — no hardcoded IPs. Verify the Endpoints object lists exactly the matching pod IPs.
• Externalize all config: non-sensitive values in a ConfigMap, at least one credential in a Secret. Inject them as env vars and/or mounted files. Hash the ConfigMap content into a pod-template annotation so a config change rolls the pods.
• Set resource requests and limits on the container. Choose values that put the pod in a deliberate QoS class and explain which class and why (Guaranteed vs Burstable).
• Demonstrate self-healing: kubectl delete one pod (or cordon+drain a node in a multi-node kind cluster) and capture the ReplicaSet recreating it back to desired count.
• Demonstrate a zero-downtime rollout: drive steady traffic at the Service (hey, wrk, or a loop of curl) while you kubectl set image to a new build tag, and capture that the error count stays at zero across the rollout.

• All resources are created from declarative YAML applied with kubectl apply -f — no kubectl run, no imperative edits. The manifests are committed.
• A captured rollout under load showing 0 failed requests, plus the same load test run with the readiness probe removed showing non-zero 5xx — proving the probe is what gates traffic.
• kubectl get endpoints output showing the Service tracks exactly the matching pods, and a demonstration that scaling the Deployment updates the endpoint list automatically.
• Evidence of self-healing: a deleted/evicted pod recreated by the ReplicaSet back to the desired replica count, with the controller event or pod-age delta captured.
• A short write-up: which QoS class the pod lands in and why, what happens at the CPU limit vs the memory limit, and how the ConfigMap-hash annotation forces a roll on config change.