A comprehensive collection of 50+ Kubernetes YAML manifests covering every core Kubernetes concept — from basic pod creation to production-grade Spring Boot microservice deployments with persistent storage, secrets management, ingress routing, and autoscaling.
| File | Resource | Description |
|---|---|---|
pod.yaml |
Pod | Basic pod definition with nginx |
replicationcontroller.yaml |
ReplicationController | Legacy controller (pre-ReplicaSet) |
replicaset.yaml |
ReplicaSet | Self-healing pod group with label selectors |
replicasetpod.yaml |
ReplicaSet | ReplicaSet with custom pod template |
demonset.yaml |
DaemonSet | One pod per node — log collectors, monitoring agents |
statefullset.yaml |
StatefulSet | Stateful app with stable network identity |
statefullsetDB.yaml |
StatefulSet | Database StatefulSet with persistent volumes |
deploymentrecreate.yaml |
Deployment | Recreate strategy — stop all then start all |
deploymentrollyingupdate.yaml |
Deployment | Rolling update — gradual pod replacement |
multicontainerpod.yaml |
Pod | Sidecar pattern — multiple containers in one pod |
mavenapplication.yaml |
Deployment | Java Maven application deployment |
nodejs.yaml |
Deployment | Node.js application deployment |
Apply any workload:
kubectl apply -f pod.yaml
kubectl apply -f replicaset.yaml
kubectl get pods --watchThese are production-pattern files combining multiple Kubernetes resources in a single YAML:
Complete microservice stack in one file:
Namespace: springboot-ibm-payment
├── ConfigMap → MONGODB_USERNAME env variable
├── Secret → MONGODB_PASSWORD (base64 encoded)
├── PVC → 1Gi storage for MongoDB data
├── Deployment → MongoDB (1 replica, resource limits set)
├── Service → MongoDB ClusterIP service (port 27017)
├── Deployment → Spring Boot (2 replicas, resource limits set)
├── Service → Spring Boot ClusterIP (port 80 → 8080)
└── Ingress → springboot.local → springboot-svc
kubectl apply -f springbootingress.yaml
kubectl get all -n springboot-ibm-paymentLike above but with MongoDB as a StatefulSet for stable network identity and ordered scaling.
Most complete variant — StatefulSet MongoDB with full Ingress routing.
Adds Kubernetes Jobs for database initialization tasks.
| File | Resource | Description |
|---|---|---|
incgresshostbaserouting.yaml |
Ingress | Route traffic by hostname (virtual hosting) |
ingresspathbaserouting.yaml |
Ingress | Route traffic by URL path |
ingresspathpaseroutingallmicroservices.yaml |
Ingress | Single Ingress routing to multiple microservices |
networkpolicy.yaml |
NetworkPolicy | Allow/deny traffic between pods by label |
networkpolicynamespaces.yaml |
NetworkPolicy | Cross-namespace traffic control |
netwrokpolicydefaultdeny.yaml |
NetworkPolicy | Default-deny all — explicit allow required |
Host-based routing example:
# Routes api.example.com → backend-svc
# Routes app.example.com → frontend-svc
kubectl apply -f incgresshostbaserouting.yamlPath-based routing example:
# Routes /api/* → backend-svc
# Routes / → frontend-svc
kubectl apply -f ingresspathbaserouting.yamlDefault-deny network policy (zero-trust):
kubectl apply -f netwrokpolicydefaultdeny.yaml
# Now only pods with explicit NetworkPolicy allow rules can communicate| File | Resource | Description |
|---|---|---|
pv.yaml |
PersistentVolume | Static volume provisioning |
pvc.yaml |
PersistentVolumeClaim | Claim for persistent storage |
storageclass.yaml |
StorageClass | Dynamic volume provisioning definition |
applicationwithpvc.yaml |
Deployment + PVC | App with persistent volume attached |
hostpathvolume.yaml |
Pod | Volume backed by host node directory |
nfsvolume.yaml |
Pod | Volume backed by NFS server |
volumewithconfigmap.yaml |
Pod | Mount ConfigMap data as files in a volume |
Dynamic provisioning flow:
StorageClass (storageclass.yaml)
└── PVC requests storage (pvc.yaml)
└── Kubernetes auto-provisions PV
└── Pod mounts the PVC (applicationwithpvc.yaml)
kubectl apply -f storageclass.yaml
kubectl apply -f pvc.yaml
kubectl apply -f applicationwithpvc.yaml
kubectl get pv,pvc| File | Resource | Description |
|---|---|---|
configmaps.yaml |
ConfigMap | Key-value configuration data |
configmapwithfile.yaml |
ConfigMap | ConfigMap with file content (mounted as volume) |
secrets.yaml |
Secret | Base64-encoded sensitive data (passwords, tokens) |
prviateimageuse.yaml |
Pod + Secret | Pull images from private container registry |
Create and use a ConfigMap:
kubectl apply -f configmaps.yaml
# Reference in pod as env variable or volume mountPrivate registry pull secret:
# Create docker-registry secret
kubectl create secret docker-registry regcred \
--docker-server=us-central1-docker.pkg.dev \
--docker-username=_json_key \
--docker-password="$(cat gcp-key.json)"
kubectl apply -f prviateimageuse.yaml| File | Resource | Description |
|---|---|---|
hpa.yaml |
HorizontalPodAutoscaler | Auto-scale pods based on CPU/memory usage |
resourcerequest.yaml |
Pod | Set CPU/memory requests and limits |
resourcequota.yaml |
ResourceQuota | Namespace-level resource limits |
limitrange.yaml |
LimitRange | Default resource limits for pods in namespace |
Set up HPA:
# Deploy metrics-server first
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
kubectl apply -f hpa.yaml
kubectl get hpa --watchResource quota for a namespace:
kubectl apply -f resourcequota.yaml
# Pods exceeding namespace quota will be rejected
kubectl describe resourcequota -n <namespace>| File | Resource | Description |
|---|---|---|
nodeselecter.yaml |
Pod | Schedule on nodes matching a label |
nodeaffinity.yaml |
Pod | Preferred node scheduling (soft rule) |
nodeaffinityrequirde.yaml |
Pod | Required node scheduling (hard rule) |
podaffinity.yaml |
Pod | Co-locate pods with matching pods |
podantiaffinity.yaml |
Pod | Spread pods away from each other (HA pattern) |
Anti-affinity for High Availability (spread across nodes):
# podantiaffinity.yaml ensures no 2 replicas land on same node
kubectl apply -f podantiaffinity.yaml
kubectl get pods -o wide # verify different nodes| File | Resource | Description |
|---|---|---|
LivenessReadiness.yaml |
Pod | Liveness probe (restart if unhealthy) + Readiness probe (stop traffic if not ready) |
How probes work:
Liveness Probe → if fails → kubelet restarts the container
Readiness Probe → if fails → removes pod from Service endpoints (no traffic sent)
Startup Probe → delays liveness check until app has finished initializing
kubectl apply -f LivenessReadiness.yaml
kubectl describe pod <pod-name> # see probe results under EventsManifests designed to work with Jenkins CI/CD pipelines using image placeholder variables:
| File | Description |
|---|---|
javawebdockerplaceholderjnkins.yaml |
Java web app with IMAGE_TAG placeholder replaced by Jenkins |
manfistfilewithjenkinsplaceholderforspringbbot |
Spring Boot with DOCKER_IMAGE placeholder |
mavenwithplaceholdeforjenkins |
Maven app deployment with Jenkins placeholders |
jenkinsgkemultibranch |
GKE deployment triggered by multi-branch pipeline |
jenkinsspringbootwithoutnexusrepo |
Spring Boot without Nexus (direct Docker push) |
Jenkins pipeline replaces image placeholder before applying:
sh "sed -i 's|image: .*/spring-boot-mongo:.*|image: ${DOCKER_IMAGE}|' deployment-service.yaml"
sh "kubectl apply -f deployment-service.yaml"# 1. Create namespace and all resources
kubectl apply -f springbootingress.yaml
# 2. Verify all pods are running
kubectl get pods -n springboot-ibm-payment
# 3. Check services
kubectl get svc -n springboot-ibm-payment
# 4. Check ingress
kubectl get ingress -n springboot-ibm-payment
# 5. Test (add to /etc/hosts: <ingress-ip> springboot.local)
curl http://springboot.local/# Apply default-deny network policy
kubectl apply -f netwrokpolicydefaultdeny.yaml
# Apply resource quota (limit total CPU/memory in namespace)
kubectl apply -f resourcequota.yaml
# Apply limit range (set default limits per pod)
kubectl apply -f limitrange.yaml
# Verify setup
kubectl describe namespace <your-namespace>kubectl apply -f pod.yaml
kubectl apply -f replicaset.yaml
kubectl apply -f demonset.yaml
kubectl apply -f statefullset.yaml
kubectl get allprometheusvalue.yaml — Custom Prometheus configuration values for the kube-prometheus-stack Helm chart.
# Install Prometheus + Grafana stack
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo update
helm install monitoring prometheus-community/kube-prometheus-stack \
-f prometheusvalue.yaml \
--namespace monitoring \
--create-namespace
# Access Grafana (default: admin/prom-operator)
kubectl port-forward svc/monitoring-grafana 3000:80 -n monitoringResource limits used across manifests (following best practices):
| Component | CPU Request | CPU Limit | Memory Request | Memory Limit |
|---|---|---|---|---|
| Spring Boot | 300m | 500m | 450Mi | 550Mi |
| MongoDB | 300m | 500m | 450Mi | 550Mi |
| Node.js | varies | varies | varies | varies |
Setting both requests and limits is a best practice — requests guarantee minimum resources, limits prevent a single pod from starving the node.
# kubectl configured and pointing to your cluster
kubectl cluster-info
# For Ingress manifests: install NGINX Ingress Controller
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm install ingress-nginx ingress-nginx/ingress-nginx
# For ArgoCD Rollouts (blue-green/canary):
kubectl create namespace argo-rollouts
kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml
# For HPA: install metrics-server
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml