# Kubernetes Expert — Code Examples ## Example 1 ```yaml # Deployment with advanced configuration apiVersion: apps/v1 kind: Deployment metadata: name: web-app labels: app: web-app version: v1.2.0 spec: replicas: 3 strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: web-app template: metadata: labels: app: web-app version: v1.2.0 annotations: prometheus.io/scrape: "true" prometheus.io/port: "8080" prometheus.io/path: "/metrics" spec: serviceAccountName: web-app-sa securityContext: runAsNonRoot: true runAsUser: 1000 fsGroup: 2000 containers: - name: web-app image: myregistry/web-app:v1.2.0 ports: - containerPort: 8080 name: http - containerPort: 9090 name: metrics env: - name: DATABASE_URL valueFrom: secretKeyRef: name: db-credentials key: url resources: requests: memory: "256Mi" cpu: "100m" limits: memory: "512Mi" cpu: "500m" livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 5 periodSeconds: 5 lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 15"] affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - web-app topologyKey: kubernetes.io/hostname ``` ## Example 2 ```yaml # Service with session affinity apiVersion: v1 kind: Service metadata: name: web-app-service labels: app: web-app spec: selector: app: web-app ports: - name: http port: 80 targetPort: 8080 protocol: TCP - name: metrics port: 9090 targetPort: 9090 protocol: TCP sessionAffinity: ClientIP sessionAffinityConfig: clientIP: timeoutSeconds: 3600 --- # Ingress with SSL and rate limiting apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: web-app-ingress annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/rate-limit: "100" nginx.ingress.kubernetes.io/rate-limit-window: "1m" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: tls: - hosts: - app.example.com secretName: web-app-tls rules: - host: app.example.com http: paths: - path: / pathType: Prefix backend: service: name: web-app-service port: number: 80 ``` ## Example 3 ```yaml apiVersion: apps/v1 kind: StatefulSet metadata: name: database spec: serviceName: database-headless replicas: 3 selector: matchLabels: app: database template: metadata: labels: app: database spec: containers: - name: database image: postgres:13 ports: - containerPort: 5432 env: - name: POSTGRES_DB value: myapp - name: POSTGRES_USER valueFrom: secretKeyRef: name: db-credentials key: username - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: db-credentials key: password volumeMounts: - name: data mountPath: /var/lib/postgresql/data - name: config mountPath: /etc/postgresql/postgresql.conf subPath: postgresql.conf volumes: - name: config configMap: name: database-config volumeClaimTemplates: - metadata: name: data spec: accessModes: ["ReadWriteOnce"] storageClassName: "fast-ssd" resources: requests: storage: 100Gi ``` ## Example 4 ```yaml apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: webapps.example.com spec: group: example.com versions: - name: v1 served: true storage: true schema: openAPIV3Schema: type: object properties: spec: type: object properties: image: type: string replicas: type: integer minimum: 1 maximum: 10 resources: type: object properties: cpu: type: string memory: type: string status: type: object properties: conditions: type: array items: type: object properties: type: type: string status: type: string reason: type: string message: type: string scope: Namespaced names: plural: webapps singular: webapp kind: WebApp ``` ## Example 5 ```go // Custom controller for WebApp CRD package controllers import ( "context" "github.com/go-logr/logr" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" webappv1 "example.com/webapp-operator/api/v1" ) type WebAppReconciler struct { client.Client Log logr.Logger Scheme *runtime.Scheme } func (r *WebAppReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := r.Log.WithValues("webapp", req.NamespacedName) // Fetch the WebApp instance var webapp webappv1.WebApp if err := r.Get(ctx, req.NamespacedName, &webapp); err != nil { return ctrl.Result{}, client.IgnoreNotFound(err) } // Create or update Deployment deployment := &appsv1.Deployment{ ObjectMeta: metav1.ObjectMeta{ Name: webapp.Name, Namespace: webapp.Namespace, }, Spec: appsv1.DeploymentSpec{ Replicas: &webapp.Spec.Replicas, Selector: &metav1.LabelSelector{ MatchLabels: map[string]string{ "app": webapp.Name, }, }, Template: corev1.PodTemplateSpec{ ObjectMeta: metav1.ObjectMeta{ Labels: map[string]string{ "app": webapp.Name, }, }, Spec: corev1.PodSpec{ Containers: []corev1.Container{ { Name: "webapp", Image: webapp.Spec.Image, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ corev1.ResourceCPU: resource.MustParse(webapp.Spec.Resources.CPU), corev1.ResourceMemory: resource.MustParse(webapp.Spec.Resources.Memory), }, }, }, }, }, }, }, } // Set WebApp instance as the owner and controller if err := ctrl.SetControllerReference(&webapp, deployment, r.Scheme); err != nil { return ctrl.Result{}, err } // Create or update the deployment if err := r.CreateOrUpdate(ctx, deployment); err != nil { log.Error(err, "Failed to create or update Deployment") return ctrl.Result{}, err } return ctrl.Result{}, nil } ``` ## Example 6 ```yaml # Chart.yaml apiVersion: v2 name: web-app description: A Helm chart for web application type: application version: 0.1.0 appVersion: "1.16.0" dependencies: - name: postgresql version: 10.x.x repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled - name: redis version: 15.x.x repository: https://charts.bitnami.com/bitnami condition: redis.enabled # values.yaml replicaCount: 3 image: repository: nginx pullPolicy: IfNotPresent tag: "" service: type: ClusterIP port: 80 ingress: enabled: true className: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt-prod" hosts: - host: chart-example.local paths: - path: / pathType: ImplementationSpecific tls: - secretName: chart-example-tls hosts: - chart-example.local resources: limits: cpu: 500m memory: 512Mi requests: cpu: 100m memory: 128Mi autoscaling: enabled: true minReplicas: 3 maxReplicas: 10 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 postgresql: enabled: true postgresqlUsername: myapp postgresqlDatabase: myapp persistence: enabled: true size: 8Gi redis: enabled: true auth: enabled: false ``` ## Example 7 ```yaml # Pod Security Policy apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: name: restricted-psp spec: privileged: false allowPrivilegeEscalation: false requiredDropCapabilities: - ALL volumes: - 'configMap' - 'emptyDir' - 'projected' - 'secret' - 'downwardAPI' - 'persistentVolumeClaim' runAsUser: rule: 'MustRunAsNonRoot' seLinux: rule: 'RunAsAny' fsGroup: rule: 'RunAsAny' --- # Network Policy apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: web-app-netpol spec: podSelector: matchLabels: app: web-app policyTypes: - Ingress - Egress ingress: - from: - namespaceSelector: matchLabels: name: ingress-nginx ports: - protocol: TCP port: 8080 egress: - to: - namespaceSelector: matchLabels: name: database ports: - protocol: TCP port: 5432 - to: [] ports: - protocol: TCP port: 53 - protocol: UDP port: 53 ``` ## Example 8 ```yaml # ServiceMonitor for Prometheus apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: web-app-metrics labels: app: web-app spec: selector: matchLabels: app: web-app endpoints: - port: metrics interval: 30s path: /metrics --- # Grafana Dashboard ConfigMap apiVersion: v1 kind: ConfigMap metadata: name: web-app-dashboard labels: grafana_dashboard: "1" data: dashboard.json: | { "dashboard": { "title": "Web App Metrics", "panels": [ { "title": "Request Rate", "type": "graph", "targets": [ { "expr": "rate(http_requests_total[5m])", "legendFormat": "{{method}} {{status}}" } ] } ] } } ```