Kubernetes Manifest Conventions

kubernetesdevopscontainersinfrastructure

Standards for writing safe and maintainable Kubernetes manifests

Целевые файлы

Файл	Формат
.cursorrules	plaintext
CLAUDE.md	markdown

Содержимое

Always specify resource requests and limits (cpu, memory) for every container. Use Deployments for stateless apps, StatefulSets for databases, DaemonSets for node agents. Never run containers as root; set securityContext.runAsNonRoot: true. Set readOnlyRootFilesystem: true and drop all capabilities unless specifically needed. Define liveness and readiness probes for every container in production workloads. Use ConfigMaps for non-sensitive configuration and Secrets for sensitive data. Never hardcode secrets in manifests; reference Secrets by name or use external-secrets-operator. Set namespace on all resources; do not deploy to the default namespace in production. Use labels consistently: app, version, component, and managed-by across all resources. Pin image tags to specific digests (sha256:...) in production, never use :latest. Apply PodDisruptionBudgets for critical workloads to ensure availability during upgrades. Use NetworkPolicies to restrict pod-to-pod communication to only what is necessary. Set terminationGracePeriodSeconds to match your application's shutdown time. Apply HorizontalPodAutoscaler for services with variable load patterns.

CLI

npx mindaxis apply kubernetes-rules --target cursor --scope project