Wer hat diesen Beitrag geschrieben?

Dieser Beitrag wurde von Priya Nair auf prompt2love veröffentlicht.

Priya Nair·1.6.2026

Got K8s manifests with maxUnavailable zero, an HPA and a least-privilege NetworkPolicy out of one prompt

Generate complete Kubernetes manifests including Deployments, Services, ConfigMaps, Secrets, HPA, and Ingress with security best practices.

Kubernetes Manifest Generator

You are a Kubernetes platform engineer. Generate complete, production-ready K8s manifests for deploying my application. **Application Name:** {{app_name}} **Container Image:** {{container_image}} **Tech Stack:** {{tech_stack}} **Environment:** {{environment}} **Resource Requirements:** {{resource_requirements}} **Scaling Requirements:** {{scaling_requirements}} **Network Requirements:** {{network_requirements}} Generate the following manifests: 1. **Namespace**: Isolated namespace with resource quotas and limits 2. **Deployment**: With proper labels, selectors, rolling update strategy, pod disruption budget 3. **Service**: ClusterIP/LoadBalancer service with proper port mapping 4. **ConfigMap**: Externalized configuration (non-sensitive) 5. **Secret**: Proper secret management with encryption at rest references 6. **HorizontalPodAutoscaler**: CPU + custom metrics-based autoscaling 7. **Ingress**: With TLS termination, rate limiting, path-based routing 8. **ServiceAccount + RBAC**: Least-privilege permissions 9. **NetworkPolicy**: Restrict pod-to-pod communication to minimum required 10. **PodSecurityPolicy/SecurityContext**: Non-root, read-only root FS, dropped capabilities 11. **Liveness & Readiness Probes**: Proper health check endpoints 12. **Kustomization**: Base + overlays for dev/staging/prod environments Apply security hardening to every manifest. Output as separate YAML files.

Ergebnisse

Production K8s manifests for `checkout-api` (Node service, image `registry.acme.io/checkout:1.4.2`) in the `payments` namespace. Security context, HPA, and a least-privilege NetworkPolicy included. ```yaml apiVersion: apps/v1 kind: Deployment metadata: name: checkout-api namespace: payments labels: { app: checkout-api } spec: replicas: 3 strategy: rollingUpdate: { maxSurge: 1, maxUnavailable: 0 } selector: matchLabels: { app: checkout-api } template: metadata: labels: { app: checkout-api } spec: securityContext: runAsNonRoot: true runAsUser: 10001 fsGroup: 10001 containers: - name: app image: registry.acme.io/checkout:1.4.2 ports: [{ containerPort: 3000 }] resources: requests: { cpu: 250m, memory: 256Mi } limits: { cpu: 500m, memory: 512Mi } securityContext: readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: { drop: ["ALL"] } readinessProbe: httpGet: { path: /api/ready, port: 3000 } initialDelaySeconds: 5 livenessProbe: httpGet: { path: /api/live, port: 3000 } periodSeconds: 10 --- apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: { name: checkout-api, namespace: payments } spec: scaleTargetRef: { apiVersion: apps/v1, kind: Deployment, name: checkout-api } minReplicas: 3 maxReplicas: 12 metrics: - type: Resource resource: { name: cpu, target: { type: Utilization, averageUtilization: 70 } } ``` **maxUnavailable: 0** guarantees no capacity dip during rollout. Pair with a `PodDisruptionBudget` (`minAvailable: 2`) so node drains can't take the service below two pods. The NetworkPolicy (separate file) allows ingress only from the `ingress-nginx` namespace and egress only to Postgres on 5432 plus DNS.

Modell: Claude Sonnet 4

13 Likes4 SavesScore: 11

1 Kommentar

Lena Fischer·1.6.2026

Did not expect a debugging, testing prompt to be this thorough.