Contents

Chapter 1

Chapter 1: Kubernetes Manifest Generation Patterns

Layered Manifest Architecture

The generator produces K8s resources in a layered pattern inspired by Kustomize's

base + overlay model, without requiring Kustomize itself:

json
{
  "app": "api-gateway",
  "image": "nginx:1.25",
  "replicas": 3,
  "ports": [{"name": "http", "port": 80}],
  "env": "production",
  "resources": {
    "requests": {"cpu": "500m", "memory": "512Mi"},
    "limits": {"cpu": "1", "memory": "1Gi"}
  },
  "ingress": {"host": "api.example.com", "tls": true},
  "probes": {
    "liveness": {"path": "/healthz", "initialDelay": 10},
    "readiness": {"path": "/ready", "initialDelay": 5}
  }
}

Running python src/k8s_generator.py --config examples/app_spec.json --output-dir ./k8s/

produces six files per spec: Deployment, Service, HPA, Ingress, ConfigMap,

and a kustomization.yaml wrapper.

Base Overlays

The --env flag selects environment-specific overrides:

FlagReplicasCPUMemoryIngress
dev1250m256MiNo TLS
staging2500m512MiTLS staging cert
production3+11GiTLS + WAF

Security Hardening (Default On)

Every generated Deployment applies these security contexts automatically:

yaml
securityContext:
  runAsNonRoot: true
  runAsUser: 1001
  fsGroup: 1001
  seccompProfile:
    type: RuntimeDefault
containers:
  - securityContext:
      allowPrivilegeEscalation: false
      readOnlyRootFilesystem: true
      capabilities:
        drop: ["ALL"]

Resource Validation

The --validate-only flag runs the full validation pipeline without generating

output. It checks for: port conflicts, missing ConfigMap keys, label selector

mismatches, probe path existence, and resource quota compliance.

bash
python src/k8s_generator.py --config examples/app_spec.json --validate-only
# Output: ✅ Validation passed: 6 resources, 0 warnings

For a full project walkthrough including the generated directory structure, see

03_generated-files.md.

Chapter 2

Configuration Reference

Follow this guide to get Kubernetes Manifests up and running in your environment.

Configuration Reference

FieldTypeRequiredDescription
app_namestringYesApplication name (used in all resource names)
namespacestringNoK8s namespace (default: default)
imagestringYesContainer image (e.g., ghcr.io/acme/app:latest)
replicasintNoReplica count (default: 2)
portintYesContainer port
service_portintNoService port (default: same as port)
env_varsobjectNoEnvironment variables as key-value pairs
resourcesobjectNoCPU/memory requests and limits
health_checkobjectNoLiveness/readiness probe config
ingressobjectNoIngress host, path, and TLS config
hpaobjectNoAutoscaler min/max replicas and CPU target
environmentsobjectNoPer-environment overrides
labelsobjectNoAdditional labels for all resources

CLI Reference

FlagDescription
--config, -cPath to the JSON app spec (required)
--output-dir, -oDirectory to write manifest files
--resources, -rComma-separated list: deployment,service,ingress,configmap,hpa
--env, -eTarget environment for overrides
--validate-onlyOnly validate config, don't generate
--verbose, -vEnable debug logging
Chapter 3
🔒 Available in full product

Generated Files

You’ve reached the end of the free preview

Get the full Kubernetes Manifests Toolkit and unlock everything.

All Chapters

Get the complete guide with every chapter unlocked, including code samples, diagrams, and best practices.

Full Tool Suite

Access all interactive tools with complete data, all workload profiles, and the full scenario library.

Source Files

Downloadable source code, configuration files, and working examples from every chapter.

Lifetime Updates

Free updates for life. Every new chapter, tool, and improvement included.

Buy Now — $29 →
📦 Free sample included — download another copy for the full product.
Kubernetes Manifests Toolkit v1.0.0 — Free Preview