Kubernetes Resource Manifest Structure and Field Reference
Pod Manifest Specification
apiVersion: v1
kind: Pod
metadata:
name: web-pod
namespace: production
labels:
app: web-server
version: stable
annotations:
description: "Production web application instance"
spec:
restartPolicy: Always
nodeSelector:
environment: production
hostNetwork: false
imagePullSecrets:
- name: registry-secret
containers:
- name: nginx
image: nginx:1.21
imagePullPolicy: IfNotPresent
command: ["nginx"]
args: ["-g", "daemon off;"]
workingDir: /usr/share/nginx/html
ports:
- name: http
containerPort: 80
protocol: TCP
env:
- name: APP_ENV
value: "production"
- name: LOG_LEVEL
value: "info"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
livenessProbe:
httpGet:
path: /healthz
port: 80
scheme: HTTP
initialDelaySeconds: 30
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /ready
port: 80
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
volumeMounts:
- name: config-volume
mountPath: /etc/nginx/conf.d
readOnly: true
- name: cache-volume
mountPath: /var/cache/nginx
volumes:
- name: config-volume
configMap:
name: nginx-config
items:
- key: default.conf
path: default.conf
- name: cache-volume
emptyDir:
medium: Memory
sizeLimit: 256Mi
Deployment Manifest Specification
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-deployment
namespace: production
labels:
app: web-server
spec:
replicas: 3
selector:
matchLabels:
app: web-server
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
progressDeadlineSeconds: 300
revisionHistoryLimit: 5
template:
metadata:
labels:
app: web-server
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- web-server
topologyKey: kubernetes.io/hostname
containers:
- name: web-app
image: myregistry.io/webapp:v2.1
imagePullPolicy: Always
command: ["/app/start.sh"]
args:
- "--config"
- "/etc/config/app.yaml"
ports:
- name: http
containerPort: 8080
protocol: TCP
- name: admin
containerPort: 9090
protocol: TCP
envFrom:
- configMapRef:
name: app-config
- secretRef:
name: app-secrets
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources:
requests:
cpu: 250m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
livenessProbe:
httpGet:
path: /api/health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
timeoutSeconds: 10
periodSeconds: 15
failureThreshold: 3
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 10
timeoutSeconds: 5
periodSeconds: 5
failureThreshold: 3
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "sleep 10"]
volumeMounts:
- name: app-data
mountPath: /var/lib/app
- name: nginx-config
mountPath: /etc/nginx/conf.d
readOnly: true
volumes:
- name: app-data
persistentVolumeClaim:
claimName: app-storage
readOnly: false
- name: nginx-config
configMap:
name: nginx-configmap
serviceAccountName: web-app-sa
Service Manifest Specification
apiVersion: v1
kind: Service
metadata:
name: web-service
namespace: production
labels:
component: backend
annotations:
description: "Primary web application service"
spec:
type: ClusterIP
selector:
app: web-server
sessionAffinity: ClientIP
sessionAffinityConfig:
clientIP:
timeoutSeconds: 10800
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8080
nodePort: 30080
- name: https
protocol: TCP
port: 443
targetPort: 8443
healthCheckNodePort: 0
externalTrafficPolicy: Cluster
externalName: ""
Key Field Categories
Metadata Section
The metadata block defines resource identity and organizational ifnormation. Labels enable flexible filtering and selection, while annotations store non-identifying metadata for external tools and automation systems.
Spec Section
The specification block contains the actual resource configuration. For Pods, this defines container runtime parameters, resource constraints, and health check mechanisms. For Deployments, it controls replica management, update strategies, and pod template definitions.
Container Configuration
Container specifications include image references, startup commands, environment variables, port mappings, and resource quotas. The imagePullPolicy determines when images are fetched from the registry, affecting deployment speed and reliability in air-gapped environments.
Probe Configuration
Health probes monitor container status and trigger appropriate actions based on failures. HTTP probes check endpoint responses, exec probes run diagnostic commands, and tcpSocket probes verify port connectivity. Initial delays prevent premature failures during startup, while timeout and period settings balance responsiveness against system load.
Volume Mounts
Storage volumes attach to containers at specified paths. emptyDir volumes provide ephemeral storage tied to pod lifecycle. hostPath volumes expose host directories. configMap volumes inject configuration data as files. persistentVolumeClaim volumes attach pre-provisioned persistent storage.
Resource Management
Resource requests define minimum guaranteed allocation, while limits cap maximum consumption. CPU resources use millicore notation, and memory uses binary units. Properly configured resources prevent resource starvation and enable effective pod scheduling.
Common Configuration Patterns
Multi-Container Pods
Sidecar patterns attach helper containers for logging, monitoring, or proxy functionality. Shared volumes enable communication between containers through the filesystem.
Init Containers
Init containers execute before main application containers start, performing setup tasks like database migrations, configuration validation, or dependency waiting.
Security Contexts
Security context settings control container privileges, file system permissions, and capability assignments. Running containers with minimal privileges reduces attack surface.
Node Affinity Rules
Node affinity rules control pod placement based on node labels. Required rules enforce hard constraints, while preferred rules provide soft guidance for optimal distribution.
