Вместо того чтобы копировать чужие манифесты с GitHub, вы настраиваете полноценный production-ready деплоймент через промпт.
Оптимизированный Dockerfile с multi-stage сборкой, Deployment с resource limits и health probes, Service Discovery через Kubernetes DNS, Ingress с TLS терминацией, автоскейлинг через HPA, NetworkPolicy для изоляции, RBAC для безопасности, и observability через Prometheus/Grafana.
📝 Промпт:
Generate a production-ready Spring Boot 3 application deployment to Kubernetes with enterprise-grade configuration:
— Create optimized multi-stage Dockerfile: Eclipse Temurin JDK 21, layered JAR, non-root user, distroless runtime image, minimal attack surface.
— Configure Kubernetes Deployment: resource requests/limits (CPU/memory), pod anti-affinity, PodDisruptionBudget, rolling update strategy with maxSurge/maxUnavailable, replica count.
— Implement health probes: liveness (/health/liveness), readiness (/health/readiness), startup probe for slow apps, custom health indicators, initial delays and timeouts.
— Set up configuration management: ConfigMaps for application.yml, Secrets for credentials, environment-specific overlays, volume mounts, Spring Cloud Kubernetes Config integration.
— Configure Service and Ingress: ClusterIP Service, NGINX Ingress with path/host routing, TLS termination via cert-manager, rate limiting, CORS policies.
— Implement RBAC: ServiceAccount, Role with least-privilege, RoleBinding, pod security context (runAsNonRoot, readOnlyRootFilesystem).
— Set up autoscaling: HorizontalPodAutoscaler based on CPU/memory/custom metrics, VerticalPodAutoscaler, scaling thresholds.
— Add NetworkPolicy: ingress/egress rules, namespace isolation, pod selector-based restrictions, deny-all default.
— Configure observability: Prometheus ServiceMonitor, Grafana dashboards, Spring Boot Actuator metrics, distributed tracing with Jaeger/Tempo, Loki for logs.
— Implement graceful shutdown: SIGTERM handling, preStop hooks, connection draining, termination grace period (30s+).
— Add secrets management: External Secrets Operator, HashiCorp Vault, AWS/GCP Secrets Manager CSI drivers.
— Create Helm chart: values.yaml with environment configs, templates for all resources, chart dependencies, deployment notes.
— Add Kustomize setup: base manifests, environment-specific overlays, ConfigMap generators.
— Configure init containers: database migrations (Flyway), wait-for-dependencies, secret fetching.
— Implement GitOps: ArgoCD Application manifest, sync policies, health checks, automated rollback.
Deliverables:
— Dockerfile with multi-stage build
— kubernetes/*.yaml (deployment, service, ingress, configmap, secret, hpa, networkpolicy)
— helm/ chart with templates and values
— kustomize/ with base and overlays
— prometheus-servicemonitor.yaml
— grafana-dashboard.json
— README with deployment guide and troubleshooting
— настроить service mesh (Istio) с mTLS;
— добавить canary deployments с Argo Rollouts;
— реализовать policy enforcement через Kyverno;
#Enterprise
Please open Telegram to view this post
VIEW IN TELEGRAM
👍7👏2🔥1🌚1