// the find
HariSekhon/Kubernetes-configs
Advanced Kubernetes YAML configs - Best Practices, Tips & Tricks, Production-Ready Checklist - experience from several production environments. AWS, GCP, Azure, ArgoCD, GKE, EKS, AKS, Nginx, Traefik, Kong, Cert Manager, CI/CD, Jenkins, Artifactory, TeamCity, GitHub Actions, Cloud SQL, FluxCD, Spinnaker, Selenium Grid, Moon, Helm + Kustomize
A collection of production-derived Kubernetes YAML configs covering a wide range of tools — ArgoCD, Jenkins, cert-manager, ingress controllers, CI runners, and more — all structured with Kustomize base/overlay layout. Aimed at engineers who want a starting point for real deployments rather than hello-world examples. The configs come from someone who has actually run these stacks in production across AWS, GCP, and Azure.
The CI pipeline actually validates the configs rather than just linting them — kubevious checks structure, pluto catches deprecated APIs, checkov and trivy scan for security issues. This is more than most 'best practices' repos bother with. The Kustomize base/overlay structure is applied consistently, so you can layer environment-specific patches without forking the base. The top-level template files (deployment.yaml, statefulset.yaml) include inline doc links at the top of each file and capture subtle production gotchas — things like externalTrafficPolicy, PodDisruptionBudgets, and preemptible node tolerations that you'd normally learn the hard way. The .envrc + direnv pattern for per-shell kubeconfig context isolation is a legitimate fix for a real footgun.
It's a personal config dump, not a reusable library — values.yaml files contain hardcoded domain names and cluster-specific references you have to grep-and-replace before anything applies to your environment, and the README doesn't acknowledge this. Several workflow files have a .bankrupt suffix (Datree integrations) left in the repo tree, which is noise and signals that the toolchain isn't fully maintained. The 'Production Ready Checklist' advertised in the README has been moved to a separate repo entirely, so the main value proposition link is a redirect. Version pinning is inconsistent — some app overlays pin Helm chart versions explicitly, others inherit chart defaults, making upgrades unpredictable across the collection.