☸️ Production-Ready Kubernetes YAML Templates (Ingress, PV, CronJobs) — From Basics to Advanced
Kubernetes is powerful. But without properly crafted YAML manifests, your deployments can be unstable, insecure, or unscalable in production.
In this blog, we’ll walk through battle-tested YAML templates for 3 production-critical resources:
- 🔗 Ingress (for routing HTTP traffic)
- 💾 Persistent Volume Claims (for data persistence)
- ⏰ CronJobs (for scheduled automation)
Each section includes:
- 🔍 Beginner-to-pro-level explanations
- ✅ Templates that follow best practices
- 🧠 Tips to avoid common misconfigurations
🔗 1. Ingress — Route Traffic Like a Pro
✅ What is Ingress?
Ingress manages external HTTP(S) access to services within your cluster. It’s like a traffic cop for your microservices.
Instead of exposing each service separately, you:
- Define a single domain (e.g.,
app.example.com) - Route to the correct service based on path/hostname
📌 Requires an Ingress Controller like NGINX, Traefik, or AWS ALB.
🧾 Basic Ingress YAML
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: app.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
🔐 Production-Ready Ingress Features
- ✅ TLS with HTTPS
- ✅ Host/path routing
- ✅ Annotations for rate limiting, rewrites, auth
- ✅ IngressClass for controller targeting
🧾 Advanced Ingress with TLS and Multiple Routes
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: secure-ingress
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
tls:
- hosts:
- app.example.com
secretName: tls-cert-secret
rules:
- host: app.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
- path: /web
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80
📘 Pro Tip: Always use TLS (HTTPS) in production, and use a tool like cert-manager to auto-renew certificates via Let’s Encrypt.
💾 2. Persistent Volumes (PV & PVC) — Store App Data Safely
✅ Why Persistence Matters
In Kubernetes, Pods are ephemeral — they vanish when recreated. For apps like databases, caches, file stores — you need persistent volumes.
🧾 Production-Grade PVC Template
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: gp2 # Replace with your cloud provider class
🧠 Attach this to a Pod or Deployment using volumeMounts.
🧾 Sample Deployment Using a PVC
apiVersion: apps/v1
kind: Deployment
metadata:
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
template:
metadata:
labels:
app: redis
spec:
containers:
- name: redis
image: redis:7
volumeMounts:
- mountPath: /data
name: redis-storage
volumes:
- name: redis-storage
persistentVolumeClaim:
claimName: data-pvc
🔐 Storage Tips for Production
| Need | Recommendation |
|---|---|
| SSD-backed storage | Use storageClassName: gp2, premium-rwo, etc. |
| Shared read/write | Use ReadWriteMany (e.g., NFS, EFS, Azure Files) |
| Encryption at rest | Use cloud-native encrypted disks |
| Backup | Automate volume snapshotting (Velero, native cloud tools) |
⏰ 3. CronJobs — Automate Everything
✅ What is a CronJob?
CronJobs in K8s allow you to run scheduled tasks (like a Linux cron). Perfect for:
- Database backups
- Sending emails
- Periodic health checks
🧾 Basic CronJob Example
apiVersion: batch/v1
kind: CronJob
metadata:
name: daily-job
spec:
schedule: "0 2 * * *" # Daily at 2 AM
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox
args:
- /bin/sh
- -c
- echo "Hello from Kubernetes"
restartPolicy: OnFailure
🧾 Advanced CronJob With Resource Limits & Logs
apiVersion: batch/v1
kind: CronJob
metadata:
name: db-backup
spec:
schedule: "0 */6 * * *" # Every 6 hours
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 1
concurrencyPolicy: Forbid
jobTemplate:
spec:
template:
spec:
containers:
- name: backup
image: postgres:15
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
cpu: "200m"
env:
- name: PGUSER
valueFrom:
secretKeyRef:
name: pg-secrets
key: username
command: ["pg_dumpall"]
restartPolicy: OnFailure
✅ CronJob Best Practices
| Practice | Why |
|---|---|
Use concurrencyPolicy: Forbid | Avoid overlapping jobs |
| Limit history retention | Prevent clutter & resource waste |
Use restartPolicy: OnFailure | Avoid retry loops |
| Attach CPU/memory limits | Prevent runaway pods |
🧠 Final Pro Tips
| YAML Best Practice | Description |
|---|---|
| Use resource limits | Prevent noisy neighbor problems |
| Use liveness/readiness probes | Ensure health before traffic |
| Split files per resource | Easier debugging and rollbacks |
| Use Helm or Kustomize | Parameterize for multiple environments |
| Validate YAML | Use kubectl apply --dry-run=client -f file.yaml before applying |
🏁 Final Thoughts
These YAML templates aren’t just “hello world” — they’re designed for production:
✅ HTTPS Ingress with multiple services
✅ Persistent Volumes with storage classes
✅ CronJobs with retries, logging, concurrency controls
Treat your YAML like code. Reusable, version-controlled, and audited.
Whether you’re deploying a blog, managing backups, or scaling microservices — mastering these templates gives you superpowers in Kubernetes.
Leave a Reply