# Standard resources cheatsheet
## ClusterRole
Basic example
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources:
- configmaps
- endpoints
- namespaces
- nodes
- pods
- pods/logs
- replicationcontrollers
- serviceaccounts
- services
verbs: &readOnly
- get
- watch
- list
- apiGroups: [""]
resources:
- secrets
verbs: &listOnly
- list
- apiGroups: ["apps"]
resources:
- controllerrevisions
- deployments
- daemonsets
- replicasets
- statefulsets
verbs: *readOnly
- apiGroups: ["autoscaling"]
resources:
- autoscaling
verbs: *readOnly
- apiGroups: ["batch"]
resources:
- cronjobs
- jobs
verbs: *readOnly
- apiGroups: ["networking.k8s.io"]
resources:
- ingresses
verbs: *readOnly
- apiGroups: ["policy"]
resources:
- podsecuritypolicies
verbs: *readOnly
```
## ClusterRoleBinding
Basic example for ServiceAccount <> ClusterRole
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Values.serviceAccount.namespace }}
roleRef:
kind: ClusterRole
name: {{ .Values.clusterRole.name }}
apiGroup: rbac.authorization.k8s.io
```
## ConfigMap
Basic example with hardcoded values
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
data:
var1: value1
var2: value2
```
For use with a .Values.config.env hashmap
```yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "template.fullname" . }}-env
labels:
{{- include template.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-install,pre-upgrade
helm.sh/hook-weight: "-10"
helm.sh/resource-policy: keep
data:
{{ toYaml .Values.config.env | nindent 2 }}
```
## CronJob
Basic example
```yaml
apiVersion: batch/v1beta1
kind: CronJob
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 5
template:
spec:
containers:
- name: {{ include "template.name" . }}
image: "{{ .Values.image.repository }}:{{ required "The image.tag must be specified to deploy this" .Values.image.tag }}"
imagePullPolicy: IfNotPresent
args:
- /bin/sh
- -c
- date; echo "Hello!"
restartPolicy: OnFailure
```
## DaemonSet
Basic example
```yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "template.fullname" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "template.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "template.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "template.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
- name: {{ .Chart.Name }}-info-retrieval
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
command:
- sh
- -c
- |
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: node-data
mountPath: /data
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |
while :; do echo "HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: nc
Content-Length: 13
hello world
" | nc -l 12345; done;
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: node-data
mountPath: /data
volumes:
- name: node-data
hostPath:
path: /node-data
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
```
## Deployment
Basic template with Secret, ConfigMap, and PVC resources
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "template.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "template.labels" . | nindent 8 }}
spec:
containers:
- name: {{ include "template.name" . }}
image: "{{ .Values.image.repository }}:{{ required "The image.tag must be specified to deploy this" .Values.image.tag }}"
imagePullPolicy: Never
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
envFrom:
- secretRef:
name: {{ include "template.fullname" . }}-env
optional: false
- configMapRef:
name: {{ include "template.fullname" . }}-env
optional: false
resources:
limits:
memory: 25Mi
cpu: 75m
requests:
memory: 20Mi
cpu: 50m
volumeMounts:
- name: dir-mount
mountPath: /path/to/dir/
- name: file-mount
mountPath: /path/to/file.ext
subPath: file.ext
volumes:
- name: dir-mount
secret:
defaultMode: 440
secretName: {{ include "template.fullname" . }}-dir
- name: file-mount
secret:
defaultMode: 440
secretName: {{ include "template.fullname" . }}-file
```
## Ingress
Basic example
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
pathType: Prefix
backend:
service:
name: {{ .serviceName }}
port:
number: {{ .servicePort }}
{{- end }}
{{- end }}
```
## Secret
Basic example
```yaml
apiVersion: v1
kind: Secret
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
type: Opaque
# either this ...
data:
var1: d293IHlvdSBhY3R1YWxseSBkZWNvZGVkIHRoaXM=
var2: YSBjdXJpb3VzIG9uZSwgeW91IGFyZQ==
# ... or this ...
stringData:
var1: hello world
var2: "12345"
```
## Service
Basic example
```yaml
apiVersion: v1
kind: Service
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
spec:
selector:
{{- include "template.labels" . | nindent 4 }}
ports:
- protocol: TCP
port: {{ .Values.service.port }}
targetPort: {{ .Values.service.port }}
```
## ServiceAccount
Basic example
```yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "template.name" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
```
## StatefulSet
Basic example
```yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "template.fullname" . }}
labels:
{{- include "template.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.statefulSet.replicaCount }}
selector:
matchLabels:
{{- include "test.selectorLabels" . | nindent 6 }}
serviceName: {{ include "template.fullname" . }}-statefulset
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "template.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "template.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- sh
- -c
- |
while :; do echo "HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: nc
Content-Length: 13
hello world
" | nc -l 12345; done;
ports:
- containerPort: 12345
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: test-default
mountPath: /mnt/test-default
- name: test-statefulset
mountPath: /mnt/test-statefulset
volumes:
- name: test-default
emptyDir: {}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
{{- include "template.labels" . | nindent 8 }}
name: test-statefulset
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
volumeMode: Filesystem
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://notes.joeir.net/application-infrastructure/kubernetes/standard-resources-cheatsheet.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.