Advanced Kubernetes YAML configurations & templates, based on my experiences running Kubernetes in production at different companies.
Contains various Best Practices, Tips & Tricks learned over time in production environments.
Start with deployment.yaml / statefulset.yaml, for advanced users see kustomization.yaml.
The service.yaml contains config for using static public IP and locking down your cloud load balancer's firewall rules eg. to Cloudflare Proxied or VPN IPs only.
Real-world app deployment examples, tuning and patches are found in the more specific <app>-kustomization.yaml and <app>-*.yaml configs.
Advanced auto-scaling production-grade CI/CD on Kubernetes:
- ArgoCD - deployment, configs and optimizations. Start here: argocd-kustomization.yaml
- Jenkins - jenkins server and dynamically scaling agents on kubernetes. Start here: jenkins-kustomization.yaml
- see also: Jenkins repo with advanced Jenkinsfile & Jenkins Shared Library
- TeamCity - teamcity server and dynamically scaling agents on kubernetes. Start here: teamcity-kustomization.yaml
- Selenium Grid - simple and distributed auto-scaling deployments. Start here: selenium-grid-kustomization.yaml / selenium-grid-distributed-kustomization.yaml
See kustomization.yaml for 2 methods provided:
- template the Helm chart using a
values.yamlto Git and serve from there (see DevOps Bash Tools for thehelm_template.shconvenience script) - dynamically load the Helm chart from upstream with a
values.yaml
...then patch override anything the chart doesn't directly support using the standard Kustomize patching examples given in the kustomization.yaml.
- Healthchecks - readiness/liveness probes, see deployment.yaml
- Pod Disruption Budget - pod-disruption-budget.yaml
- Pod Anti-Affinity - stable vs preemptible, HA across AZs, see deployment.yaml
- Horizontal Pod Autoscaler - horizontal-pod-autoscaler.yaml
- Apps Lifecycle Management - ArgoCD -
argocd*.yaml - Resources - see resources section in deployment.yaml
- Right-sizing - Goldilocks -
goldilocks*.yamlto generate VPAs and resource recommendations - Ingress -
ingress*.yaml - SSL - Cert Manager
cert-manager*.yamlfor auto SSL - Governance, Security & Best Practices - Polaris -
polaris*.yamlfor recommendations
The best documentation links are provided at the top of each yaml for fast referencing (my advanced .vimrc can open these URLs from the current file via a hotkey!)
Datree Kubernetes ArgoCD best practices
.envrc - use with direnv to auto-load correct Kubernetes context isolated to current shell to avoid race conditions between shells and scripts caused by naively changing the global ~/.kube/config context
Shortcut symlinks are for faster instantiation from these configs using the standard kubernetes shortcuts such as new pvc.yaml - see the Templates repo for more details on the new command to fast create new files from templates.
Forked from the DevOps Perl tools repo, this is now a submodule of the Templates repo which is a submodule of the DevOps Bash, Perl and Python tools repos.
-
DevOps Bash Tools - 800+ DevOps Bash Scripts, Advanced
.bashrc,.vimrc,.screenrc,.tmux.conf,.gitconfig, CI configs & Utility Code Library - AWS, GCP, Kubernetes, Docker, Kafka, Hadoop, SQL, BigQuery, Hive, Impala, PostgreSQL, MySQL, LDAP, DockerHub, Jenkins, Spotify API & MP3 tools, Git tricks, GitHub API, GitLab API, BitBucket API, Code & build linting, package management for Linux / Mac / Python / Perl / Ruby / NodeJS / Golang, and lots more random goodies -
Jenkins - Advanced Jenkinsfile & Jenkins Shared Library
-
GitHub-Actions - GitHub Actions master template & GitHub Actions Shared Workflows library
-
Terraform - Terraform templates for AWS / GCP / Azure / GitHub management
-
Templates - dozens of Code & Config templates - AWS, GCP, Docker, Jenkins, Terraform, Vagrant, Puppet, Python, Bash, Go, Perl, Java, Scala, Groovy, Maven, SBT, Gradle, Make, GitHub Actions Workflows, CircleCI, Jenkinsfile, Makefile, Dockerfile, docker-compose.yml, M4 etc.
-
SQL Scripts - 100+ SQL Scripts - PostgreSQL, MySQL, AWS Athena, Google BigQuery
-
DevOps Python Tools - 80+ DevOps CLI tools for AWS, GCP, Hadoop, HBase, Spark, Log Anonymizer, Ambari Blueprints, AWS CloudFormation, Linux, Docker, Spark Data Converters & Validators (Avro / Parquet / JSON / CSV / INI / XML / YAML), Elasticsearch, Solr, Travis CI, Pig, IPython
-
DevOps Perl Tools - 25+ DevOps CLI tools for Hadoop, HDFS, Hive, Solr/SolrCloud CLI, Log Anonymizer, Nginx stats & HTTP(S) URL watchers for load balanced web farms, Dockerfiles & SQL ReCaser (MySQL, PostgreSQL, AWS Redshift, Snowflake, Apache Drill, Hive, Impala, Cassandra CQL, Microsoft SQL Server, Oracle, Couchbase N1QL, Dockerfiles, Pig Latin, Neo4j, InfluxDB), Ambari FreeIPA Kerberos, Datameer, Linux...
-
The Advanced Nagios Plugins Collection - 450+ programs for Nagios monitoring your Hadoop & NoSQL clusters. Covers every Hadoop vendor's management API and every major NoSQL technology (HBase, Cassandra, MongoDB, Elasticsearch, Solr, Riak, Redis etc.) as well as message queues (Kafka, RabbitMQ), continuous integration (Jenkins, Travis CI) and traditional infrastructure (SSL, Whois, DNS, Linux)
-
HAProxy Configs - 80+ HAProxy Configs for Hadoop, Big Data, NoSQL, Docker, Elasticsearch, SolrCloud, HBase, Cloudera, Hortonworks, MapR, MySQL, PostgreSQL, Apache Drill, Hive, Presto, Impala, ZooKeeper, OpenTSDB, InfluxDB, Prometheus, Kibana, Graphite, SSH, RabbitMQ, Redis, Riak, Rancher etc.
-
Dockerfiles - 50+ DockerHub public images for Docker & Kubernetes - Hadoop, Kafka, ZooKeeper, HBase, Cassandra, Solr, SolrCloud, Presto, Apache Drill, Nifi, Spark, Mesos, Consul, Riak, OpenTSDB, Jython, Advanced Nagios Plugins & DevOps Tools repos on Alpine, CentOS, Debian, Fedora, Ubuntu, Superset, H2O, Serf, Alluxio / Tachyon, FakeS3
