A comprehensive Kustomize template for deploying a multi-tier web application with environment-specific configurations. This template demonstrates best practices for managing Kubernetes deployments across different environments (test, staging, production) using Kustomize overlays.
This template deploys a web application consisting of:
- Web Frontend: A web server (default port 80)
- API Backend: A REST API service (default port 8000) with horizontal pod autoscaling
- Database Jobs: CronJob for database maintenance tasks
- External Secrets: Integration with Google Secret Manager
- Service Mesh: Istio VirtualService for traffic routing
.
├── base/ # Base Kubernetes manifests
│ ├── kustomization.yaml # Main base kustomization
│ ├── api/ # API service components
│ │ ├── deployment.yaml # API deployment manifest
│ │ ├── service.yaml # API service manifest
│ │ ├── hpa.yaml # Horizontal Pod Autoscaler
│ │ └── kustomization.yaml # API-specific kustomization
│ ├── web/ # Web frontend components
│ │ ├── deployment.yaml # Web deployment manifest
│ │ ├── service.yaml # Web service manifest
│ │ └── kustomization.yaml # Web-specific kustomization
│ └── cronjobs/ # Scheduled jobs
│ └── sample.yaml # Sample CronJob for DB tasks
└── overlays/ # Environment-specific overlays
├── test/ # Test environment
│ ├── kustomization.yaml # Test environment customizations
│ ├── externalsecret.yaml # External secret configuration
│ ├── secretstore.yaml # Secret store configuration
│ └── vs.yaml # Virtual service for routing
├── staging/ # Staging environment
│ ├── kustomization.yaml # Staging environment customizations
│ ├── externalsecret.yaml # External secret configuration
│ ├── secretstore.yaml # Secret store configuration
│ └── vs.yaml # Virtual service for routing
└── prod/ # Production environment
├── kustomization.yaml # Production environment customizations
├── externalsecret.yaml # External secret configuration
├── secretstore.yaml # Secret store configuration
└── vs.yaml # Virtual service for routing
- Deployment: Backend API service with configurable image
- Service: ClusterIP service exposing port 8000
- HPA: Horizontal Pod Autoscaler (1-4 replicas, 60% CPU threshold)
- Deployment: Frontend web server with configurable image
- Service: ClusterIP service exposing port 80
- Sample Job: Database maintenance task running daily at 3 AM
- Connects to PostgreSQL database using external secrets
Each environment (test, staging, prod) includes:
- Namespace: Environment-specific namespace (
demo-test,demo-staging,demo-prod) - Images: Environment-specific container images from Google Artifact Registry
- Resource Limits: CPU and memory allocations per environment
- SecretStore: Google Secret Manager integration
- ExternalSecret: Automatic secret synchronization for database credentials
- VirtualService: Traffic routing configuration
- Gateway: Ingress traffic management
- Host Mapping: Environment-specific domain routing
Before using this template, ensure you have:
- Kustomize installed (
kubectlincludes Kustomize) - External Secrets Operator deployed in your cluster
- Istio Service Mesh installed (for traffic management)
- Google Cloud project with Secret Manager enabled
- Artifact Registry repositories for container images
kubectl apply -k overlays/test/kubectl apply -k overlays/staging/kubectl apply -k overlays/prod/kubectl diff -k overlays/test/kubectl kustomize overlays/test/