kubernetes

# Kubernetes Architect Production-grade Kubernetes: deployments, Gateway API, zero-trust networking, service mesh, eBPF observability, and debugging. Follows NSA/CISA hardening guidelines. ## Decision Framework Before deploying to Kubernetes, answer: - Does the app need horizontal scaling (3+ replicas)? → Kubernetes - Is it a single-instance app with simple needs? → Docker Compose or VPS - Is the team already familiar with Kubernetes? → Proceed. If not, consider managed (EKS, GKE, AKS) - Does the app need advanced networking (service mesh, ingress routing)? → Kubernetes + Gateway API - Is the infrastructure budget tight? → Single-node k3s or Docker Compose for dev - Multiple services with different scaling profiles? → Kubernetes (HPA per service) ## Workflow ### Step 1: Determine deployment type | Type | Kind | Use case | |------|------|----------| | Stateless | Deployment | Web APIs, workers | | Stateful | StatefulSet | Databases, queues (use with caution) | | Batch | Job/CronJob | Migrations, periodic tasks | | Daemon | DaemonSet | Logging, monitoring agents | If uncertain, start with a Deployment. See [assets/deployment-template.yaml](assets/deployment-template.yaml) for the full production template. ### Step 2: Generate manifest Use the scaffold script: ```bash scripts/generate-manifest.sh -n api -i myregistry.com/api:1.0.0 -p 3000 -r 3 -o manifests/ ``` This creates: `deployment.yaml`, `service.yaml`, `hpa.yaml`, `pdb.yaml` with all security contexts, probes, r...