JRehkemper.de

Manifest Examples

This is a collection of Kubernetes-Manifest snippets to quickly reference the syntax.

Namespace

apiVersion: v1
kind: Namespace
metadata:
  name: myapp

Service

ClusterIP

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: frontend
  name: frontend-service
  namespace: myapp
spec:
  ports:
    - port: 80
      targetPort: 80
  selector:
    k8s-app: frontend

NodePort

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: frontend
  name: frontend-service
  namespace: myapp
spec:
  ports:
    - port: 80
      targetPort: 80
      nodePort: 30080
  selector:
    k8s-app: frontend
  type: NodePort

Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myapp-ingress
  namespace: myapp
spec:
  rules:
    - host: "myapp.home"
      http:
        paths:
          - pathType: Prefix
            path: "/api/v1"
            backend:
              service:
                name: backend-service
                port:
                  number: 3001
          - pathType: Prefix
            path: "/socket.io/"
            backend:
              service:
                name: backend-service
                port:
                  number: 3001
    - host: "myapp.home"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: frontend-service
                port:
                  number: 80

Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend-deployment
  namespace: myapp
  labels:
    k8s-app: frontend
spec:
  selector:
    matchLabels:
      k8s-app: frontend
  template:
    metadata:
      labels:
        k8s-app: frontend
    spec:
      imagePullSecrets:
        - name: gitea
      containers:
        - name: frontend
          image: frontend:latest
          imagePullPolicy: Always
          ports:
            - containerPort: 80
          env:
            - name: REACT_APP_API_URL
              value: "myapp.home"
          resources:
            limits:
              cpu: 1500m
            requests:
              cpu: 200m
          livenessProbe:
            httpGet:
              path: /
              port: 80
            initialDelaySeconds: 10
            periodSeconds: 30
          volumeMounts:
            - name: nfs
              mountPath: /mnt/nfs
      volumes:
        - name: nfs
          persistentVolumeClaim:
            claimName: nfs

HorizontalPodAutoscaler

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: frontend-autoscaler
  namespace: myapp
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: frontend-deployment
  minReplicas: 1
  maxReplicas: 9
  metrics:
    - type: Resource
      resource:
        name: cpu
        target:
          type: Utilization
          averageUtilization: 40

Secret

apiVersion: v1
kind: Secret
metadata:
  name: runner-secret
data:
  token: WmRuT0JyUWVRRnVlRTdNWURDdHlEak41UnVNQmxKUnUzWjF6SVE3QQo=
type: Opaque

Persistent Volumes

Creates a Ressource to store data persistently.
PVs are not bound to a namespace

NFS

apiVersion: v1
kind: PersistentVolume
metadata:
  name: nfs
spec:
  capacity:
    storage: 500Mi
  accessModes:
    - ReadWriteMany
  storageClassName: nfs
  nfs:
    server: <nfs-server-ip-or-name>
    path: "/<path of nfs-export>"

Persistent Volume Claims

It requests to use a Persistent Volume. A matching PV will be connected to the claim.
It will claim the whole PV. If the PV is bigger than the claim requests, the claim will recieve a bigger volume.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nfs
spec:
  accessModes:
    - ReadWriteMany
  storageClassName: nfs
  resources:
    requests:
      storage: 100Mi

Cronjob

apiVersion: batch/v1
kind: CronJob
metadata:
  name: hello
spec:
  schedule: "* * * * *"
  successfulJobsHistoryLimit: 0 # do not keep successful jobs and pods
  failedJobsHistoryLimit: 5
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: hello
            image: busybox:1.28
            imagePullPolicy: IfNotPresent
            command:
            - /bin/sh
            - -c
            - date; echo Hello from the Kubernetes cluster
          restartPolicy: OnFailure

TLS Configuration

Create Secret

kubectl create secret tls cert-name --key <privatekey-file> --cert <cert-file>

Configure Ingress

apiVersion: traefik.containo.us/v1alpha1
  kind: Middleware
  metadata:
    name: redirect
    namespace: myapp
spec:
  redirectScheme:
    scheme: https
    permanent: true

---

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: myapp-ingress
  namespace: myapp
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    # MUST be <namespace>-<name>@kubernetescrd
    traefik.ingress.kubernetes.io/router.middlewares: myapp-redirect@kubernetescrd
spec:
  rules:
    - host: "myapp.home"
      http:
        paths:
          - pathType: Prefix
            path: "/api/v1"
            backend:
              service:
                name: backend-service
                port:
                  number: 3001
          - pathType: Prefix
            path: "/socket.io/"
            backend:
              service:
                name: backend-service
                port:
                  number: 3001
    - host: "myapp.home"
      http:
        paths:
          - pathType: Prefix
            path: "/"
            backend:
              service:
                name: frontend-service
                port:
                  number: 80
  tls:
    - hosts:
	  - myapp.home
	  secretName: cert-name
  
profile picture of the author

Jannik Rehkemper

I'm an professional Linux Administrator and Hobby Programmer. My training as an IT-Professional started in 2019 and ended in 2022. Since 2023 I'm working as an Linux Administrator.