Infrastructure Patterns
When to Use What
| Tool | Use For |
|---|---|
| Raw K8s YAML | Simple deployments, one-off resources |
| Kustomize | Environment variations, overlays without templating |
| Helm | Complex apps, third-party charts, heavy templating |
| Terraform | Cloud resources, infrastructure lifecycle |
| GitHub Actions | CI/CD, automated testing, releases |
| Makefile | Build automation, self-documenting targets |
| Dockerfile | Container builds, multi-stage, multi-arch |
Quick Decisions
Kustomize when: Simple env differences, readable manifests, patching YAML Helm when: Complex templating, third-party charts, release management
K8s Security Defaults
Every workload: non-root user, read-only filesystem, no privilege escalation, dropped capabilities, network policies.
GitHub Actions Patterns
- CI workflow: Lint, test, compile on PRs (run on both x86 + ARM)
- Release workflow: Multi-arch Docker build on tags (native ARM runners)
- Pin actions by SHA, least-privilege permissions
References
- KUBERNETES.md - K8s resource patterns
- TERRAFORM.md - Terraform module patterns
- GITHUB-ACTIONS.md - CI/CD workflow patterns
- MAKEFILE.md - Build automation patterns
- DOCKERFILE.md - Container build patterns
- templates/ - Ready-to-use templates
Commands
kubectl apply -k ./ # Apply kustomize
helm upgrade --install NAME . # Install/upgrade chart
terraform plan && terraform apply