The generator produces K8s resources in a layered pattern inspired by Kustomize's
base + overlay model, without requiring Kustomize itself:
{
"app": "api-gateway",
"image": "nginx:1.25",
"replicas": 3,
"ports": [{"name": "http", "port": 80}],
"env": "production",
"resources": {
"requests": {"cpu": "500m", "memory": "512Mi"},
"limits": {"cpu": "1", "memory": "1Gi"}
},
"ingress": {"host": "api.example.com", "tls": true},
"probes": {
"liveness": {"path": "/healthz", "initialDelay": 10},
"readiness": {"path": "/ready", "initialDelay": 5}
}
}Running python src/k8s_generator.py --config examples/app_spec.json --output-dir ./k8s/
produces six files per spec: Deployment, Service, HPA, Ingress, ConfigMap,
and a kustomization.yaml wrapper.
The --env flag selects environment-specific overrides:
| Flag | Replicas | CPU | Memory | Ingress |
|---|---|---|---|---|
dev | 1 | 250m | 256Mi | No TLS |
staging | 2 | 500m | 512Mi | TLS staging cert |
production | 3+ | 1 | 1Gi | TLS + WAF |
Every generated Deployment applies these security contexts automatically:
securityContext:
runAsNonRoot: true
runAsUser: 1001
fsGroup: 1001
seccompProfile:
type: RuntimeDefault
containers:
- securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]The --validate-only flag runs the full validation pipeline without generating
output. It checks for: port conflicts, missing ConfigMap keys, label selector
mismatches, probe path existence, and resource quota compliance.
python src/k8s_generator.py --config examples/app_spec.json --validate-only
# Output: ✅ Validation passed: 6 resources, 0 warningsFor a full project walkthrough including the generated directory structure, see
03_generated-files.md.
Follow this guide to get Kubernetes Manifests up and running in your environment.
| Field | Type | Required | Description |
|---|---|---|---|
app_name | string | Yes | Application name (used in all resource names) |
namespace | string | No | K8s namespace (default: default) |
image | string | Yes | Container image (e.g., ghcr.io/acme/app:latest) |
replicas | int | No | Replica count (default: 2) |
port | int | Yes | Container port |
service_port | int | No | Service port (default: same as port) |
env_vars | object | No | Environment variables as key-value pairs |
resources | object | No | CPU/memory requests and limits |
health_check | object | No | Liveness/readiness probe config |
ingress | object | No | Ingress host, path, and TLS config |
hpa | object | No | Autoscaler min/max replicas and CPU target |
environments | object | No | Per-environment overrides |
labels | object | No | Additional labels for all resources |
| Flag | Description |
|---|---|
--config, -c | Path to the JSON app spec (required) |
--output-dir, -o | Directory to write manifest files |
--resources, -r | Comma-separated list: deployment,service,ingress,configmap,hpa |
--env, -e | Target environment for overrides |
--validate-only | Only validate config, don't generate |
--verbose, -v | Enable debug logging |
Get the full Kubernetes Manifests Toolkit and unlock everything.
Get the complete guide with every chapter unlocked, including code samples, diagrams, and best practices.
Access all interactive tools with complete data, all workload profiles, and the full scenario library.
Downloadable source code, configuration files, and working examples from every chapter.
Free updates for life. Every new chapter, tool, and improvement included.