Source from repo
Kubernetes Specialist

Deploy and manage Kubernetes workloads: manifests, RBAC, Helm charts, service mesh, GitOps, and troubleshooting.
jeffallanGitHub jeffallanSource repo Original GitHub link Publisher page
Files
Skill
n/a
Size
129.5 KB
Entrypoint
SKILL.md
Format
git-repo
Open file
references/workloads.md

Syntax-highlighted preview of this file as included in the skill package.
Rendered Source
markdown378 linesFree
references/workloads.md
1# Kubernetes Workloads
2 
3## Deployment Pattern
4 
5```yaml
6apiVersion: apps/v1
7kind: Deployment
8metadata:
9  name: web-app
10  namespace: production
11  labels:
12    app: web-app
13    tier: frontend
14spec:
15  replicas: 3
16  revisionHistoryLimit: 10
17  strategy:
18    type: RollingUpdate
19    rollingUpdate:
20      maxSurge: 1
21      maxUnavailable: 0
22  selector:
23    matchLabels:
24      app: web-app
25  template:
26    metadata:
27      labels:
28        app: web-app
29        tier: frontend
30        version: v1.2.0
31      annotations:
32        prometheus.io/scrape: "true"
33        prometheus.io/port: "8080"
34    spec:
35      serviceAccountName: web-app-sa
36      securityContext:
37        runAsNonRoot: true
38        runAsUser: 1000
39        fsGroup: 2000
40      containers:
41      - name: app
42        image: myregistry.io/web-app:v1.2.0
43        imagePullPolicy: IfNotPresent
44        ports:
45        - name: http
46          containerPort: 8080
47          protocol: TCP
48        env:
49        - name: ENVIRONMENT
50          value: production
51        - name: DB_HOST
52          valueFrom:
53            configMapKeyRef:
54              name: app-config
55              key: database.host
56        - name: DB_PASSWORD
57          valueFrom:
58            secretKeyRef:
59              name: app-secrets
60              key: db-password
61        resources:
62          requests:
63            cpu: 100m
64            memory: 128Mi
65          limits:
66            cpu: 500m
67            memory: 512Mi
68        livenessProbe:
69          httpGet:
70            path: /health
71            port: http
72          initialDelaySeconds: 30
73          periodSeconds: 10
74          timeoutSeconds: 5
75          failureThreshold: 3
76        readinessProbe:
77          httpGet:
78            path: /ready
79            port: http
80          initialDelaySeconds: 10
81          periodSeconds: 5
82          timeoutSeconds: 3
83          failureThreshold: 2
84        volumeMounts:
85        - name: config
86          mountPath: /etc/config
87          readOnly: true
88        - name: cache
89          mountPath: /var/cache
90      volumes:
91      - name: config
92        configMap:
93          name: app-config
94      - name: cache
95        emptyDir: {}
96```
97 
98## StatefulSet Pattern
99 
100```yaml
101apiVersion: apps/v1
102kind: StatefulSet
103metadata:
104  name: postgres
105  namespace: database
106spec:
107  serviceName: postgres-headless
108  replicas: 3
109  podManagementPolicy: OrderedReady
110  updateStrategy:
111    type: RollingUpdate
112  selector:
113    matchLabels:
114      app: postgres
115  template:
116    metadata:
117      labels:
118        app: postgres
119    spec:
120      serviceAccountName: postgres-sa
121      securityContext:
122        runAsUser: 999
123        fsGroup: 999
124      containers:
125      - name: postgres
126        image: postgres:15-alpine
127        ports:
128        - name: postgres
129          containerPort: 5432
130        env:
131        - name: POSTGRES_PASSWORD
132          valueFrom:
133            secretKeyRef:
134              name: postgres-secrets
135              key: password
136        - name: PGDATA
137          value: /var/lib/postgresql/data/pgdata
138        resources:
139          requests:
140            cpu: 500m
141            memory: 1Gi
142          limits:
143            cpu: 2000m
144            memory: 4Gi
145        volumeMounts:
146        - name: data
147          mountPath: /var/lib/postgresql/data
148        livenessProbe:
149          exec:
150            command:
151            - pg_isready
152            - -U
153            - postgres
154          initialDelaySeconds: 30
155          periodSeconds: 10
156        readinessProbe:
157          exec:
158            command:
159            - pg_isready
160            - -U
161            - postgres
162          initialDelaySeconds: 10
163          periodSeconds: 5
164  volumeClaimTemplates:
165  - metadata:
166      name: data
167    spec:
168      accessModes: ["ReadWriteOnce"]
169      storageClassName: fast-ssd
170      resources:
171        requests:
172          storage: 50Gi
173```
174 
175## DaemonSet Pattern
176 
177```yaml
178apiVersion: apps/v1
179kind: DaemonSet
180metadata:
181  name: node-exporter
182  namespace: monitoring
183spec:
184  selector:
185    matchLabels:
186      app: node-exporter
187  updateStrategy:
188    type: RollingUpdate
189    rollingUpdate:
190      maxUnavailable: 1
191  template:
192    metadata:
193      labels:
194        app: node-exporter
195    spec:
196      hostNetwork: true
197      hostPID: true
198      serviceAccountName: node-exporter-sa
199      tolerations:
200      - effect: NoSchedule
201        operator: Exists
202      containers:
203      - name: node-exporter
204        image: prom/node-exporter:latest
205        args:
206        - --path.procfs=/host/proc
207        - --path.sysfs=/host/sys
208        - --collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)
209        ports:
210        - name: metrics
211          containerPort: 9100
212          protocol: TCP
213        resources:
214          requests:
215            cpu: 50m
216            memory: 64Mi
217          limits:
218            cpu: 200m
219            memory: 128Mi
220        volumeMounts:
221        - name: proc
222          mountPath: /host/proc
223          readOnly: true
224        - name: sys
225          mountPath: /host/sys
226          readOnly: true
227      volumes:
228      - name: proc
229        hostPath:
230          path: /proc
231      - name: sys
232        hostPath:
233          path: /sys
234```
235 
236## Job Pattern
237 
238```yaml
239apiVersion: batch/v1
240kind: Job
241metadata:
242  name: db-migration-20231214
243  namespace: production
244spec:
245  backoffLimit: 3
246  ttlSecondsAfterFinished: 3600
247  template:
248    metadata:
249      labels:
250        app: db-migration
251    spec:
252      restartPolicy: OnFailure
253      serviceAccountName: migration-sa
254      containers:
255      - name: migrate
256        image: myregistry.io/migrations:v1.2.0
257        command: ["/bin/sh", "-c"]
258        args:
259        - |
260          echo "Starting migration..."
261          /app/migrate up
262          echo "Migration complete"
263        env:
264        - name: DATABASE_URL
265          valueFrom:
266            secretKeyRef:
267              name: db-secrets
268              key: connection-string
269        resources:
270          requests:
271            cpu: 100m
272            memory: 128Mi
273          limits:
274            cpu: 500m
275            memory: 512Mi
276```
277 
278## CronJob Pattern
279 
280```yaml
281apiVersion: batch/v1
282kind: CronJob
283metadata:
284  name: backup-database
285  namespace: production
286spec:
287  schedule: "0 2 * * *"  # Daily at 2 AM
288  timeZone: "America/New_York"
289  successfulJobsHistoryLimit: 3
290  failedJobsHistoryLimit: 1
291  concurrencyPolicy: Forbid
292  jobTemplate:
293    spec:
294      backoffLimit: 2
295      ttlSecondsAfterFinished: 86400
296      template:
297        metadata:
298          labels:
299            app: backup
300        spec:
301          restartPolicy: OnFailure
302          serviceAccountName: backup-sa
303          containers:
304          - name: backup
305            image: myregistry.io/backup-tool:latest
306            command: ["/usr/local/bin/backup.sh"]
307            env:
308            - name: S3_BUCKET
309              valueFrom:
310                configMapKeyRef:
311                  name: backup-config
312                  key: s3-bucket
313            - name: AWS_ACCESS_KEY_ID
314              valueFrom:
315                secretKeyRef:
316                  name: backup-secrets
317                  key: aws-access-key
318            - name: AWS_SECRET_ACCESS_KEY
319              valueFrom:
320                secretKeyRef:
321                  name: backup-secrets
322                  key: aws-secret-key
323            resources:
324              requests:
325                cpu: 200m
326                memory: 256Mi
327              limits:
328                cpu: 1000m
329                memory: 1Gi
330            volumeMounts:
331            - name: backup-volume
332              mountPath: /backup
333          volumes:
334          - name: backup-volume
335            emptyDir:
336              sizeLimit: 10Gi
337```
338 
339## Init Containers
340 
341```yaml
342spec:
343  initContainers:
344  - name: wait-for-db
345    image: busybox:latest
346    command: ['sh', '-c']
347    args:
348    - |
349      until nc -z postgres-service 5432; do
350        echo "Waiting for database..."
351        sleep 2
352      done
353      echo "Database is ready"
354  - name: migrate-schema
355    image: myregistry.io/migrations:latest
356    command: ["/app/migrate", "up"]
357    env:
358    - name: DATABASE_URL
359      valueFrom:
360        secretKeyRef:
361          name: db-secrets
362          key: url
363  containers:
364  - name: app
365    image: myregistry.io/app:latest
366```
367 
368## Best Practices
369 
3701. **Resource Management**: Always set requests and limits
3712. **Health Checks**: Include both liveness and readiness probes
3723. **Security**: Use non-root users, read-only filesystems when possible
3734. **Labels**: Consistent labeling for organization and selection
3745. **Update Strategy**: Choose appropriate strategy (RollingUpdate, Recreate)
3756. **Service Accounts**: Never use default, create specific SAs
3767. **Image Tags**: Use specific versions, not `latest` in production
3778. **Cleanup**: Set TTL for Jobs to auto-cleanup completed pods
378
Preparing the source view

Kubernetes Specialist

references/workloads.md
