Forem: Harsh Mishra The latest articles on Forem by Harsh Mishra (@harshm03). https://forem.com/harshm03 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1533047%2Feadaeba6-7437-4992-971a-dd261ebd87c9.jpg Forem: Harsh Mishra https://forem.com/harshm03 en Kubernetes Networking Finally Explained (From User Pod User) Harsh Mishra Sun, 04 Jan 2026 12:34:19 +0000 https://forem.com/harshm03/kubernetes-networking-finally-explained-from-user-pod-user-5c8e https://forem.com/harshm03/kubernetes-networking-finally-explained-from-user-pod-user-5c8e <h1> Kubernetes Networking Finally Explained (From User → Pod → User) </h1> <h3> A Complete Real-World Mental Model for Microservices on EKS </h3> <blockquote> <p><em>This article exists because most Kubernetes tutorials explain components — but never explain the **flow</em><em>.</em></p> </blockquote> <p>If you’ve ever thought:</p> <ul> <li>“Why do we need a Load Balancer if Kubernetes already balances?”</li> <li>“Where does NodePort actually fit?”</li> <li>“What does Ingress really do?”</li> <li>“How does one URL reach the correct microservice?”</li> <li>“Why does this feel overcomplicated?”</li> </ul> <p>Then this article is for you.</p> <p>This is <strong>not</strong> a YAML guide.<br> This is <strong>not</strong> a beginner glossary.</p> <p>This is the <strong>complete real-world picture</strong>, explained the way senior engineers actually reason about it.</p> <h2> The Promise of This Article </h2> <p>By the end, you will be able to <strong>mentally trace a single HTTP request</strong> from:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User → Internet → AWS → Kubernetes → Pod → back to User </code></pre> </div> <p>…and explain <strong>every hop</strong> without confusion.</p> <h2> Assumptions (Important) </h2> <p>We will keep things intentionally simple and realistic:</p> <ul> <li>One AWS region</li> <li>One Availability Zone</li> <li>One EKS cluster</li> <li>Multiple microservices</li> <li>One Ingress Controller</li> <li>One AWS Load Balancer</li> <li>No service mesh</li> <li>No multi-region complexity</li> </ul> <p>This is <strong>how most real systems actually start</strong>.</p> <h2> The Core Idea (Read This First) </h2> <blockquote> <p><strong>Kubernetes does not expose your applications.<br> Kubernetes exposes a <em>single entry point</em>, and everything else is internal.</strong></p> </blockquote> <p>Once you understand that, everything else becomes obvious.</p> <h2> The Components (High-Level) </h2> <p>Let’s list the main actors before connecting them:</p> <ol> <li>User (browser / mobile app)</li> <li>DNS</li> <li>AWS Load Balancer (ALB)</li> <li>NodePort</li> <li>Ingress Controller (NGINX / Envoy)</li> <li>Kubernetes Services (ClusterIP)</li> <li>Application Pods</li> </ol> <p>Each of these exists for a <strong>very specific reason</strong>.</p> <h2> Step 1: Your Microservices (The Inside of the Cluster) </h2> <p>Let’s say you have three microservices:</p> <ul> <li><code>user-service</code></li> <li><code>order-service</code></li> <li><code>payment-service</code></li> </ul> <p>Each microservice has:</p> <ul> <li>a Deployment</li> <li><strong>its own Service of type <code>ClusterIP</code></strong></li> </ul> <h3> Why ClusterIP? </h3> <p>Because:</p> <ul> <li>These services are <strong>internal</strong> </li> <li>They should never be accessed directly by users</li> <li>They need stable DNS names</li> </ul> <p>Example (conceptually):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>user-service.default.svc.cluster.local order-service.default.svc.cluster.local payment-service.default.svc.cluster.local </code></pre> </div> <p>Important rule:</p> <blockquote> <p><strong>Microservices NEVER use NodePort. EVER.</strong></p> </blockquote> <p>If you remember only one rule from this article, make it that.</p> <h2> Step 2: The Ingress Controller (The Only Public Door) </h2> <p>Ingress is where most confusion happens, so let’s be precise.</p> <h3> What Ingress Is NOT </h3> <ul> <li>Not a Service</li> <li>Not a Load Balancer</li> <li>Not magic</li> </ul> <h3> What Ingress Actually Is </h3> <blockquote> <p><strong>Ingress Controller = a Pod running a reverse proxy</strong></p> </blockquote> <p>Usually:</p> <ul> <li>NGINX</li> <li>Envoy</li> <li>HAProxy</li> </ul> <p>This pod:</p> <ul> <li>receives HTTP requests</li> <li>looks at hostname + path</li> <li>forwards requests to the correct <strong>ClusterIP Service</strong> </li> </ul> <p>Ingress <strong>does routing</strong>, not exposure.</p> <h2> Step 3: The Ingress Needs to Be Exposed (NodePort’s Job) </h2> <p>Ingress is just a Pod.<br> Pods are not reachable from outside Kubernetes.</p> <p>So how does traffic reach it?</p> <p>👉 <strong>This is where NodePort comes in.</strong></p> <h3> Critical Clarification </h3> <blockquote> <p><strong>NodePort exists ONLY to expose the Ingress Controller — not your apps.</strong></p> </blockquote> <p>You create <strong>one Service</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ingress-controller-service type: NodePort </code></pre> </div> <p>This does the following:</p> <ul> <li>Opens a high port (30000–32767)</li> <li>On <strong>every worker node</strong> </li> <li>Forwards traffic to Ingress Controller pods</li> </ul> <p>That’s it.</p> <p>NodePort is:</p> <ul> <li>a door</li> <li>a bridge</li> <li>not smart</li> <li>not user-facing</li> </ul> <h2> Step 4: AWS Load Balancer (The Front Door) </h2> <p>Now comes the AWS Load Balancer (ALB).</p> <h3> What ALB Does </h3> <ul> <li>Accepts traffic from the internet</li> <li>Terminates TLS (HTTPS)</li> <li>Performs health checks</li> <li>Chooses a healthy target</li> </ul> <h3> What ALB Does NOT Do </h3> <ul> <li>It does not know about Kubernetes Services</li> <li>It does not know about Pods</li> <li>It does not do <code>/x → service-x</code> </li> </ul> <h3> What Does ALB Target? </h3> <p>In a simple EKS setup:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ALB → EC2 Node IP : NodePort </code></pre> </div> <p>This means:</p> <ul> <li>ALB balances across <strong>nodes</strong> </li> <li>Each node forwards traffic to Ingress pods</li> </ul> <p>👉 <strong>THIS is what the Load Balancer is balancing.</strong></p> <p>Even in one AZ.</p> <h2> Step 5: The Complete Request Flow (End to End) </h2> <p>Let’s trace a real request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>GET https://api.myapp.com/orders </code></pre> </div> <h3> Step-by-Step Flow </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>1. User sends HTTPS request 2. DNS resolves api.myapp.com → ALB 3. ALB accepts request, terminates TLS 4. ALB selects a healthy node 5. ALB forwards request to NodeIP:NodePort 6. Node forwards request to Ingress Controller pod 7. Ingress inspects: - Host: api.myapp.com - Path: /orders 8. Ingress matches rule: /orders → order-service 9. Ingress forwards request to order-service (ClusterIP) 10. Service load-balances to an order-service pod 11. Application processes request 12. Response flows back the same path </code></pre> </div> <p>Reverse path:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Pod → Service → Ingress → Node → ALB → User </code></pre> </div> <h2> Where Does <code>/x → x-service</code> Actually Happen? </h2> <p>This is extremely important:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Does URL routing?</th> </tr> </thead> <tbody> <tr> <td>AWS ALB</td> <td>❌ No</td> </tr> <tr> <td>NodePort</td> <td>❌ No</td> </tr> <tr> <td>Service</td> <td>❌ No</td> </tr> <tr> <td><strong>Ingress Controller</strong></td> <td>✅ YES</td> </tr> </tbody> </table></div> <p>Ingress is <strong>the only place</strong> that understands:</p> <ul> <li>paths</li> <li>hostnames</li> <li>routing rules</li> </ul> <h2> So Why Not Expose Each Service with NodePort? </h2> <p>Because that would be terrible.</p> <p>Problems:</p> <ul> <li>Multiple open ports</li> <li>Harder DNS</li> <li>No centralized routing</li> <li>No TLS management</li> <li>Security nightmare</li> </ul> <p>Ingress exists to give you:</p> <ul> <li>one public entry point</li> <li>one port (443)</li> <li>many internal services</li> </ul> <h2> Final Correct Mental Model (Lock This In) </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User ↓ DNS ↓ AWS Load Balancer ↓ NodePort (Ingress Service) ↓ Ingress Controller Pod (reverse proxy) ↓ ClusterIP Service (specific microservice) ↓ Application Pod </code></pre> </div> <h2> One Sentence That Explains Everything </h2> <blockquote> <p><strong>Microservices use ClusterIP, Ingress does routing, NodePort exposes Ingress, and the Load Balancer balances entry points.</strong></p> </blockquote> <p>If you can say that confidently, you understand Kubernetes networking.</p> <h2> Common Myths (Debunked) </h2> <h3> ❌ “Services create NodePorts by default” </h3> <p>No. Only <code>NodePort</code> and <code>LoadBalancer</code> services do.</p> <h3> ❌ “Ingress replaces Services” </h3> <p>No. Ingress routes <em>to</em> Services.</p> <h3> ❌ “Load Balancer balances pods” </h3> <p>No. Services balance pods. ALB balances nodes or ingress pods.</p> <h3> ❌ “Ingress is between two Services” </h3> <p>No. Ingress is a Pod.</p> <h2> Why This Architecture Scales Naturally </h2> <p>What changes as traffic grows?</p> <ul> <li>More nodes</li> <li>More ingress pods</li> <li>More app pods</li> </ul> <p>What does NOT change?</p> <ul> <li>URLs</li> <li>architecture</li> <li>flow</li> <li>mental model</li> </ul> <p>That’s good design.</p> <h2> Why Kubernetes Feels Hard (But Isn’t) </h2> <p>Kubernetes is not complex — it is <strong>layered</strong>.</p> <p>Each layer solves exactly one problem:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Layer</th> <th>Problem</th> </tr> </thead> <tbody> <tr> <td>Load Balancer</td> <td>Internet entry</td> </tr> <tr> <td>NodePort</td> <td>Cluster bridge</td> </tr> <tr> <td>Ingress</td> <td>Routing</td> </tr> <tr> <td>Service</td> <td>Pod balancing</td> </tr> <tr> <td>Pod</td> <td>Execution</td> </tr> </tbody> </table></div> <p>Once you see the layers, the confusion disappears.</p> <h2> Final Takeaway </h2> <p>If you ever forget the details, remember this:</p> <blockquote> <p><strong>Users never talk to pods.<br> Pods never talk to the internet.<br> Ingress is the translator.</strong></p> </blockquote> <h2> Closing </h2> <p>This article exists so you never have to rewatch a dozen half-explanations again.</p> <p>Bookmark it.<br> Share it.<br> Come back to it when Kubernetes starts feeling “magical” again.</p> <p>Because now — it isn’t.</p> <p>Happy shipping 🚀</p> kubernetes microservices containers networking Mastering RabbitMQ in Microservices: A JavaScript Guide to Async Magic Harsh Mishra Wed, 31 Dec 2025 19:10:25 +0000 https://forem.com/harshm03/mastering-rabbitmq-in-microservices-a-javascript-guide-to-async-magic-1a7c https://forem.com/harshm03/mastering-rabbitmq-in-microservices-a-javascript-guide-to-async-magic-1a7c <h1> Mastering RabbitMQ in Microservices: A JavaScript Guide to Async Magic </h1> <p>Hey devs! Ever felt like your microservices are playing a chaotic game of telephone, where messages get lost in translation? Enter RabbitMQ – the message broker that turns your app into a well-oiled orchestra. In this article, we'll cut through the noise: no fluff, just the essentials. We'll define core components, dive into concepts like bindings and routing, explore JavaScript client libraries, and build a real-world e-commerce microservices project using <em>all</em> major exchange types (fanout, direct, topic, and headers). You'll see exactly why RabbitMQ shines for decoupling, reliability, and scale – with code snippets focused purely on the RabbitMQ integration (no full app boilerplate). By the end, you'll have a flowchart tracing a user's journey from cart to confirmation.</p> <p>Ready to level up your async game? Let's hop in.</p> <h2> Introduction: Why Async Messaging Matters </h2> <p>In modern microservices, synchronous HTTP calls can bottleneck your system – one slow service, and everything grinds. Async messaging flips the script: services communicate via events, processing independently. RabbitMQ, an open-source AMQP broker, excels here by queuing messages reliably, routing them smartly, and scaling effortlessly. Whether you're handling e-commerce orders or IoT streams, it prevents the "spaghetti of dependencies" that kills apps.</p> <h2> What is RabbitMQ? </h2> <p>RabbitMQ is a lightweight, battle-tested message broker that implements the Advanced Message Queuing Protocol (AMQP). Written in Erlang for rock-solid distribution, it acts as a middleman: producers send messages, RabbitMQ routes and stores them, and consumers pick them up. No direct handshakes – just fire-and-forget events that survive crashes (with config).</p> <p>Think of it as a postal service for your code: letters (messages) get sorted (routed) and delivered to mailboxes (queues), even if recipients are offline.</p> <h2> Quick: Why Use RabbitMQ? </h2> <ul> <li> <strong>Decoupling</strong>: Services evolve independently – change one without breaking others.</li> <li> <strong>Reliability</strong>: At-least-once delivery, persistence, and acknowledgments mean no lost data.</li> <li> <strong>Scalability</strong>: Handle millions of messages/sec via clustering; add consumers for load balancing.</li> <li> <strong>Flexibility</strong>: Supports pub/sub, RPC, and more; multi-protocol (AMQP, MQTT).</li> <li> <strong>Ecosystem</strong>: Plugs into Kubernetes, Spring, or Node.js seamlessly.</li> </ul> <p>Vs. alternatives? Kafka for high-volume streams, Redis for simple pub/sub – but RabbitMQ wins for complex routing and guarantees.</p> <h2> Core Components of RabbitMQ </h2> <p>RabbitMQ's power lies in its modular parts. Here's a breakdown with real-world analogies (no code yet – we'll get there):</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Definition</th> <th>Example in Action</th> </tr> </thead> <tbody> <tr> <td><strong>Message</strong></td> <td>The payload (data) plus metadata (headers, properties like priority or expiration).</td> <td>An order JSON: <code>{ id: '123', items: [...] }</code> with a "high-priority" header for VIP customers.</td> </tr> <tr> <td><strong>Producer (Publisher)</strong></td> <td>The sender app/service that generates and dispatches messages.</td> <td>Your Order Service firing off an "order.created" event after checkout.</td> </tr> <tr> <td><strong>Exchange</strong></td> <td>The routing engine that receives messages and decides where they go based on rules.</td> <td>A traffic cop directing mail to specific mailboxes – fanout for broadcasts, topic for patterns.</td> </tr> <tr> <td><strong>Queue</strong></td> <td>A buffer storing messages until consumers grab them; FIFO by default.</td> <td>A holding pen for emails: durable ones survive server restarts.</td> </tr> <tr> <td><strong>Binding</strong></td> <td>The "wire" linking an exchange to a queue, often with a routing key for filtering.</td> <td>Gluing a "notifications" queue to an exchange so only relevant events land there.</td> </tr> <tr> <td><strong>Consumer</strong></td> <td>The receiver app/service that pulls and processes messages from a queue.</td> <td>Email Service dequeuing orders to send confirmations.</td> </tr> <tr> <td><strong>Connection &amp; Channel</strong></td> <td>TCP link (connection) for the session; channels multiplex ops over it for efficiency.</td> <td>Connection: Your phone line; channel: Multiple calls on one line without hanging up.</td> </tr> <tr> <td><strong>Virtual Host (vhost)</strong></td> <td>A namespace for isolation, like tenants in a multi-app setup.</td> <td> <code>/ecommerce</code> vhost separates prod from staging resources.</td> </tr> </tbody> </table></div> <p>These pieces form a decoupled flow: Producer → Exchange → (Bindings) → Queue → Consumer.</p> <h2> Basic Concepts in Depth </h2> <p>RabbitMQ's basics revolve around <strong>messaging patterns</strong> and <strong>durability</strong> – the glue for reliable systems.</p> <ul> <li> <p><strong>Patterns</strong>:</p> <ul> <li> <strong>Point-to-Point</strong>: One message, one consumer (e.g., task queues for jobs).</li> <li> <strong>Publish/Subscribe (Pub/Sub)</strong>: Broadcast to many (e.g., real-time updates).</li> <li> <strong>Request/Reply (RPC)</strong>: Sync-like calls over async (e.g., query a service).</li> <li> <strong>Work Queues</strong>: Distribute load across workers (e.g., image resizing).</li> </ul> </li> <li> <p><strong>Durability &amp; Reliability</strong>:</p> <ul> <li> <strong>Durable Exchanges/Queues</strong>: Survive broker restarts.</li> <li> <strong>Persistent Messages</strong>: Written to disk, not just memory.</li> <li> <strong>Acknowledgements (Acks)</strong>: Consumers confirm processing; unacked messages redeliver.</li> <li> <strong>Publisher Confirms</strong>: Producers get broker receipts for "delivered safely."</li> </ul> </li> </ul> <p>Pro tip: Start with "at-least-once" delivery (acks + persists) – handle duplicates idempotently.</p> <h2> Bindings and Routing Keys: The Routing Magic </h2> <p>Bindings and routing keys are RabbitMQ's secret sauce for smart delivery. Let's define and differentiate with examples.</p> <ul> <li><p><strong>Binding</strong>: A rule linking an exchange to a queue. It's like subscribing a mailbox to a mail category – without it, messages ignore the queue.</p></li> <li><p><strong>Routing Key</strong>: A string label on the message (set by producer) that bindings use to filter. Exchanges interpret it differently by type.</p></li> </ul> <p><strong>Key Difference</strong>: Bindings are <em>static</em> (consumer sets them up once); routing keys are <em>dynamic</em> (producer attaches per message). Bindings say "what I want"; routing keys say "what this is."</p> <p><strong>Examples (No Code)</strong>:</p> <ul> <li> <strong>Direct Exchange</strong>: Exact match. Binding: Queue bound to key "urgent". Message with routing key "urgent" → Delivered. "normal" → Ignored. Use: Route high-priority orders to fast lane.</li> <li> <strong>Fanout Exchange</strong>: No routing key needed – broadcasts to <em>all</em> bound queues. Binding: Just link the queue. Every message → All queues. Use: Announce site-wide sales to logging, metrics, and alerts.</li> <li> <strong>Topic Exchange</strong>: Pattern matching with wildcards (<code>*</code> = one word, <code>#</code> = many). Binding: Queue bound to "order.*.error". Message key "order.created.error" → Match! "order.shipped.success" → No. Use: Route logs by severity (e.g., "logs.error.#").</li> <li> <strong>Headers Exchange</strong>: Matches message headers (key-value pairs), not strings. Binding: Queue bound with headers {x-match: "all", type: "order"}. Message with header type="order" → Delivered. Use: Filter by metadata like payment method (credit vs. PayPal).</li> </ul> <p>Bindings prevent spam: Consumers only get what they bind to. Routing keys add precision without code changes.</p> <h2> Client Libraries: JavaScript Focus </h2> <p>RabbitMQ speaks AMQP, but clients abstract it. For Node.js, <strong>amqplib</strong> is the gold standard – lightweight, battle-tested, and official. Install via <code>npm i amqplib</code>.</p> <p>Others: Puka (simpler), Rascal (with config wrappers). We'll use amqplib for its raw power and control.</p> <p>Connect: <code>amqp.connect('amqp://localhost')</code>. Then channels for ops. Pro tip: Reuse connections; channels are cheap.</p> <h2> Building a Real-World Microservices App: E-Commerce with All Exchange Types </h2> <p>Time for the fun part: Code! We'll architect a full e-commerce backend where RabbitMQ decouples services, enabling async processing at scale. Why RabbitMQ here? Imagine Black Friday: 10k orders/sec. Sync calls would crash your monolith; RabbitMQ queues them, routes selectively, and lets services (Inventory, Shipping, Email, Audit) scale independently. Events flow reliably – no lost confirmations, even if a service flakes.</p> <h3> Project Overview (No Full Code – Just the Setup) </h3> <ul> <li> <p><strong>Services</strong>:</p> <ul> <li> <strong>Order Service</strong> (Producer): Handles checkout, publishes events.</li> <li> <strong>Inventory Service</strong> (Consumer): Checks/reserves stock.</li> <li> <strong>Shipping Service</strong> (Consumer): Calculates and books shipments.</li> <li> <strong>Email Service</strong> (Consumer): Sends notifications.</li> <li> <strong>Audit Service</strong> (Consumer): Logs everything for compliance.</li> </ul> </li> <li> <p><strong>Why This Project?</strong> Demonstrates all exchanges:</p> <ul> <li> <strong>Fanout</strong>: Broadcast "order.created" to all auditors (Audit Service gets everything).</li> <li> <strong>Direct</strong>: Exact-match "order.priority.high" to fast-shipping queue.</li> <li> <strong>Topic</strong>: Pattern-based "order.{status}.{severity}" (e.g., errors to specific handlers).</li> <li> <strong>Headers</strong>: Filter by {payment: "credit", region: "EU"} for compliant services.</li> </ul> </li> <li> <p><strong>Integration Best Practices</strong>:</p> <ul> <li>Modularize: Create a <code>rabbitmq-client.js</code> module per service for init/connect.</li> <li>Startup Flow: Assert exchange/bind on boot; keep channels alive.</li> <li>Error Handling: Reconnect on failure; nack for retries.</li> <li>Scaling: Named durable queues for load balancing across instances.</li> <li>Usage: Trigger publishes from business logic (e.g., after DB save); consume in background workers.</li> </ul> </li> </ul> <p>We'll provide <strong>only RabbitMQ code</strong> – imagine wrapping it in Express/Koa handlers or event emitters. Run with <code>node service.js</code>; assume RabbitMQ at localhost.</p> <h3> 1. Shared Config (All Services) </h3> <p>Create <code>config/rabbitmq.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">amqp://localhost</span><span class="dl">'</span><span class="p">,</span> <span class="na">vhost</span><span class="p">:</span> <span class="dl">'</span><span class="s1">/</span><span class="dl">'</span><span class="p">,</span> <span class="na">prefetch</span><span class="p">:</span> <span class="mi">10</span><span class="p">,</span> <span class="c1">// QoS for consumers</span> <span class="p">};</span> </code></pre> </div> <h3> 2. Order Service: The Multi-Exchange Producer </h3> <p>In <code>order-service/rabbitmq-client.js</code> – init once, publish from handlers.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">amqp</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">amqplib</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">../config/rabbitmq</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">connection</span><span class="p">,</span> <span class="nx">channel</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">initProducer</span><span class="p">()</span> <span class="p">{</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">amqp</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="nx">channel</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">createChannel</span><span class="p">();</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Connection error:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">));</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">close</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Connection closed – reconnecting...</span><span class="dl">'</span><span class="p">));</span> <span class="c1">// Assert all exchanges at startup (idempotent)</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_broadcast</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">fanout</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// Fanout</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_direct</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">direct</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// Direct</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_topic</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">topic</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// Topic</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_headers</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">headers</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// Headers</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Order Service: Exchanges ready</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Publish fanout: Broadcast to all (e.g., audit logs)</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">publishFanout</span><span class="p">(</span><span class="nx">eventType</span><span class="p">,</span> <span class="nx">orderData</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">message</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">event</span><span class="p">:</span> <span class="nx">eventType</span><span class="p">,</span> <span class="p">...</span><span class="nx">orderData</span> <span class="p">}));</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_broadcast</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">message</span><span class="p">,</span> <span class="p">{</span> <span class="na">persistent</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Broadcast </span><span class="p">${</span><span class="nx">eventType</span><span class="p">}</span><span class="s2"> for order </span><span class="p">${</span><span class="nx">orderData</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Publish direct: Exact key match (e.g., high-priority)</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">publishDirect</span><span class="p">(</span><span class="nx">routingKey</span><span class="p">,</span> <span class="nx">orderData</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">message</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">orderData</span><span class="p">));</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_direct</span><span class="dl">'</span><span class="p">,</span> <span class="nx">routingKey</span><span class="p">,</span> <span class="nx">message</span><span class="p">,</span> <span class="p">{</span> <span class="na">persistent</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Direct publish </span><span class="p">${</span><span class="nx">routingKey</span><span class="p">}</span><span class="s2"> for </span><span class="p">${</span><span class="nx">orderData</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Publish topic: Pattern key (e.g., order.created.low)</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">publishTopic</span><span class="p">(</span><span class="nx">routingKey</span><span class="p">,</span> <span class="nx">orderData</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">message</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">orderData</span><span class="p">));</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_topic</span><span class="dl">'</span><span class="p">,</span> <span class="nx">routingKey</span><span class="p">,</span> <span class="nx">message</span><span class="p">,</span> <span class="p">{</span> <span class="na">persistent</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Topic publish </span><span class="p">${</span><span class="nx">routingKey</span><span class="p">}</span><span class="s2"> for </span><span class="p">${</span><span class="nx">orderData</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Publish headers: Metadata match (e.g., {payment: 'credit'})</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">publishHeaders</span><span class="p">(</span><span class="nx">headers</span><span class="p">,</span> <span class="nx">orderData</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">message</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">orderData</span><span class="p">));</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">publish</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_headers</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">,</span> <span class="nx">message</span><span class="p">,</span> <span class="p">{</span> <span class="nx">headers</span><span class="p">,</span> <span class="na">persistent</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Headers publish with </span><span class="p">${</span><span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">headers</span><span class="p">)}</span><span class="s2"> for </span><span class="p">${</span><span class="nx">orderData</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// Usage in handler: e.g., after order creation</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">handleOrderCreated</span><span class="p">(</span><span class="nx">order</span><span class="p">)</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">initProducer</span><span class="p">();</span> <span class="c1">// Call once on app start</span> <span class="nf">publishFanout</span><span class="p">(</span><span class="dl">'</span><span class="s1">order.created</span><span class="dl">'</span><span class="p">,</span> <span class="nx">order</span><span class="p">);</span> <span class="c1">// Broadcast</span> <span class="nf">publishDirect</span><span class="p">(</span><span class="dl">'</span><span class="s1">order.priority.high</span><span class="dl">'</span><span class="p">,</span> <span class="nx">order</span><span class="p">);</span> <span class="c1">// If VIP</span> <span class="nf">publishTopic</span><span class="p">(</span><span class="dl">'</span><span class="s1">order.created.low</span><span class="dl">'</span><span class="p">,</span> <span class="nx">order</span><span class="p">);</span> <span class="c1">// Topic</span> <span class="nf">publishHeaders</span><span class="p">({</span> <span class="na">payment</span><span class="p">:</span> <span class="dl">'</span><span class="s1">credit</span><span class="dl">'</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="dl">'</span><span class="s1">EU</span><span class="dl">'</span> <span class="p">},</span> <span class="nx">order</span><span class="p">);</span> <span class="c1">// Headers</span> <span class="p">}</span> <span class="c1">// Export for use in Express routes</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">initProducer</span><span class="p">,</span> <span class="nx">handleOrderCreated</span> <span class="p">};</span> </code></pre> </div> <p>In your main app: <code>require('./rabbitmq-client').initProducer();</code> on startup.</p> <h3> 3. Inventory Service: Topic + Direct Consumer </h3> <p>Consumes stock-related events. <code>inventory-service/rabbitmq-client.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">amqp</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">amqplib</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">../config/rabbitmq</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">channel</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">initInventoryConsumer</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">amqp</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="nx">channel</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">createChannel</span><span class="p">();</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">on</span><span class="p">(</span><span class="dl">'</span><span class="s1">close</span><span class="dl">'</span><span class="p">,</span> <span class="p">()</span> <span class="o">=&gt;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Reconnecting...</span><span class="dl">'</span><span class="p">));</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_topic</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">topic</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_direct</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">direct</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">queue</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">inventory_queue</span><span class="dl">'</span><span class="p">;</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// Bindings: Consumer decides!</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">bindQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order_topic</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order.created.*</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Patterns</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">bindQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order_direct</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order.stock.check</span><span class="dl">'</span><span class="p">);</span> <span class="c1">// Exact</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">prefetch</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">prefetch</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Inventory ready for stock events</span><span class="dl">'</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">consume</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">msg</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">content</span><span class="p">.</span><span class="nf">toString</span><span class="p">());</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Inventory: Processing </span><span class="p">${</span><span class="nx">msg</span><span class="p">.</span><span class="nx">fields</span><span class="p">.</span><span class="nx">routingKey</span><span class="p">}</span><span class="s2"> for </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">orderId</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Simulate stock check/reserve</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">items</span><span class="p">)</span> <span class="k">await</span> <span class="nf">reserveStock</span><span class="p">(</span><span class="nx">event</span><span class="p">.</span><span class="nx">items</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">ack</span><span class="p">(</span><span class="nx">msg</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Stock fail:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">nack</span><span class="p">(</span><span class="nx">msg</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="c1">// Requeue</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">noAck</span><span class="p">:</span> <span class="kc">false</span> <span class="p">});</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">reserveStock</span><span class="p">(</span><span class="nx">items</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Your DB/logic here</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">(</span><span class="nx">resolve</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">100</span><span class="p">));</span> <span class="p">}</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">initInventoryConsumer</span> <span class="p">};</span> </code></pre> </div> <p>App start: <code>initInventoryConsumer();</code> – runs as background worker.</p> <h3> 4. Shipping Service: Headers + Direct Consumer </h3> <p>For region/payment-specific shipping. <code>shipping-service/rabbitmq-client.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">amqp</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">amqplib</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">../config/rabbitmq</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">channel</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">initShippingConsumer</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">amqp</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="nx">channel</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">createChannel</span><span class="p">();</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_headers</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">headers</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_direct</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">direct</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">queue</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">shipping_queue</span><span class="dl">'</span><span class="p">;</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="c1">// Headers binding: Match ALL {payment: 'credit', region: 'EU'}</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">bindQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order_headers</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">x-match</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">all</span><span class="dl">'</span><span class="p">,</span> <span class="na">payment</span><span class="p">:</span> <span class="dl">'</span><span class="s1">credit</span><span class="dl">'</span><span class="p">,</span> <span class="na">region</span><span class="p">:</span> <span class="dl">'</span><span class="s1">EU</span><span class="dl">'</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">bindQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order_direct</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order.shipment.request</span><span class="dl">'</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">prefetch</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">prefetch</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Shipping ready for compliant orders</span><span class="dl">'</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">consume</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">msg</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">order</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">content</span><span class="p">.</span><span class="nf">toString</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">headers</span> <span class="o">=</span> <span class="nx">msg</span><span class="p">.</span><span class="nx">properties</span><span class="p">.</span><span class="nx">headers</span> <span class="o">||</span> <span class="p">{};</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Shipping: </span><span class="p">${</span><span class="nx">msg</span><span class="p">.</span><span class="nx">fields</span><span class="p">.</span><span class="nx">routingKey</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">headers</span><span class="dl">'</span><span class="p">}</span><span class="s2"> for </span><span class="p">${</span><span class="nx">order</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">, payment: </span><span class="p">${</span><span class="nx">headers</span><span class="p">.</span><span class="nx">payment</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">calculateShipping</span><span class="p">(</span><span class="nx">order</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">ack</span><span class="p">(</span><span class="nx">msg</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">nack</span><span class="p">(</span><span class="nx">msg</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="kc">false</span><span class="p">);</span> <span class="c1">// Dead-letter on fail</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">noAck</span><span class="p">:</span> <span class="kc">false</span> <span class="p">});</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">calculateShipping</span><span class="p">(</span><span class="nx">order</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Integrate with carrier API</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">(</span><span class="nx">resolve</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">150</span><span class="p">));</span> <span class="p">}</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">initShippingConsumer</span> <span class="p">};</span> </code></pre> </div> <h3> 5. Email Service: Fanout Consumer </h3> <p>Broadcast receiver for notifications. <code>email-service/rabbitmq-client.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">amqp</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">amqplib</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">../config/rabbitmq</span><span class="dl">'</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">channel</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">initEmailConsumer</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">connection</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">amqp</span><span class="p">.</span><span class="nf">connect</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">url</span><span class="p">);</span> <span class="nx">channel</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">connection</span><span class="p">.</span><span class="nf">createChannel</span><span class="p">();</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertExchange</span><span class="p">(</span><span class="dl">'</span><span class="s1">order_broadcast</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">fanout</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">queue</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">email_queue</span><span class="dl">'</span><span class="p">;</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">assertQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="p">{</span> <span class="na">durable</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">bindQueue</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="dl">'</span><span class="s1">order_broadcast</span><span class="dl">'</span><span class="p">,</span> <span class="dl">''</span><span class="p">);</span> <span class="c1">// Fanout: no key</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">prefetch</span><span class="p">(</span><span class="nx">config</span><span class="p">.</span><span class="nx">prefetch</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">Email ready for broadcasts</span><span class="dl">'</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">consume</span><span class="p">(</span><span class="nx">queue</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">msg</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">msg</span><span class="p">)</span> <span class="k">return</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">msg</span><span class="p">.</span><span class="nx">content</span><span class="p">.</span><span class="nf">toString</span><span class="p">());</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Email: Broadcasting </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">event</span><span class="p">}</span><span class="s2"> to </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">userEmail</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="k">try</span> <span class="p">{</span> <span class="k">await</span> <span class="nf">sendNotification</span><span class="p">(</span><span class="nx">event</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">ack</span><span class="p">(</span><span class="nx">msg</span><span class="p">);</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Email fail:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="nx">channel</span><span class="p">.</span><span class="nf">nack</span><span class="p">(</span><span class="nx">msg</span><span class="p">,</span> <span class="kc">false</span><span class="p">,</span> <span class="kc">true</span><span class="p">);</span> <span class="p">}</span> <span class="p">},</span> <span class="p">{</span> <span class="na">noAck</span><span class="p">:</span> <span class="kc">false</span> <span class="p">});</span> <span class="p">}</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">sendNotification</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Nodemailer or SES here</span> <span class="k">return</span> <span class="k">new</span> <span class="nc">Promise</span><span class="p">(</span><span class="nx">resolve</span> <span class="o">=&gt;</span> <span class="nf">setTimeout</span><span class="p">(</span><span class="nx">resolve</span><span class="p">,</span> <span class="mi">50</span><span class="p">));</span> <span class="p">}</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">initEmailConsumer</span> <span class="p">};</span> </code></pre> </div> <h3> 6. Audit Service: Fanout Consumer (Everything Logger) </h3> <p><code>audit-service/rabbitmq-client.js</code> – similar to Email, but logs all.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// Similar to Email, but queue 'audit_queue' and action: await logEvent(event);</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">logEvent</span><span class="p">(</span><span class="nx">event</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// DB append or ELK stack</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="s2">`Audit: Logged </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">event</span><span class="p">}</span><span class="s2"> for </span><span class="p">${</span><span class="nx">event</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p><strong>How It Integrates</strong>: In each service's <code>app.js</code>: Import and call <code>init*Consumer()</code> on startup. For producers, wrap <code>handle*</code> in API routes. Deploy with PM2/Docker; scale consumers horizontally – queues auto-balance.</p> <p>This setup? Pure decoupling: Add a "Fraud Service" by binding a new queue to <code>order_topic</code> with "order.*.suspicious" – zero producer changes.</p> <h2> Producer vs. Consumer Responsibilities: The Golden Rules </h2> <p>Nail this for clean architecture:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Who Should Declare It?</th> <th>Why?</th> <th>In Our Example</th> </tr> </thead> <tbody> <tr> <td><strong>Exchange</strong></td> <td>Both Producer and Consumers</td> <td>Ensure it exists, decoupling, safety</td> <td>All services</td> </tr> <tr> <td><strong>Queue</strong></td> <td>Consumer only</td> <td>Decoupling, consumer controls its inbox</td> <td>Only Inventory, Shipping, etc.</td> </tr> <tr> <td><strong>Bindings</strong></td> <td>Consumer only</td> <td>Consumer decides what messages it wants</td> <td>Only consumers (bind queue to exchange)</td> </tr> </tbody> </table></div> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Task / Responsibility</th> <th>Producer (e.g., Order Service)</th> <th>Consumer (e.g., Email Service, Inventory Service)</th> <th>Why / Best Practice Reason</th> </tr> </thead> <tbody> <tr> <td><strong>Connect to RabbitMQ</strong></td> <td>Yes</td> <td>Yes</td> <td>Both need a connection</td> </tr> <tr> <td><strong>Create / Assert the Exchange</strong></td> <td>Yes (at startup)</td> <td>Yes (at startup)</td> <td>Ensures exchange exists no matter who starts first. Idempotent and safe.</td> </tr> <tr> <td><strong>Create / Assert Queues</strong></td> <td>No</td> <td>Yes (at startup)</td> <td>Consumer owns its inbox. Producer should not know queue names.</td> </tr> <tr> <td><strong>Bind Queues to Exchange</strong></td> <td>No</td> <td>Yes (at startup)</td> <td>Consumer decides which messages it wants (routing keys / patterns).</td> </tr> <tr> <td><strong>Publish Messages</strong></td> <td>Yes</td> <td>No</td> <td>Only producer sends events</td> </tr> <tr> <td><strong>Consume Messages</strong></td> <td>No</td> <td>Yes</td> <td>Only consumer processes messages</td> </tr> <tr> <td><strong>Acknowledge Messages (ack / nack)</strong></td> <td>No</td> <td>Yes</td> <td>Consumer confirms successful processing</td> </tr> </tbody> </table></div> <h2> Full App Flow: From UI Cart to Confirmation </h2> <p>Here's the end-to-end journey – user clicks "Checkout" to email ping. (ASCII flowchart for clarity.)<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[User UI (Frontend)] | v POST /orders (Order Service API) &lt;-- Sync entry point | +-- Save to DB (local) | v Publish Events (Async via RabbitMQ): - Fanout 'order.created' --&gt; Broadcast to Audit &amp; Email Queues - Direct 'order.priority.high' --&gt; Shipping Queue (if VIP) - Topic 'order.created.low' --&gt; Inventory Queue - Headers {payment: 'credit'} --&gt; Shipping Queue | +-- Exchange Routes (Broker: Matches bindings) | v Queues Hold (Durable: Waits if services offline) | +-- Fanout --&gt; Audit: Logs all; Email: Sends "Order Placed!" +-- Topic/Direct --&gt; Inventory: Reserves stock (acks after DB update) +-- Headers --&gt; Shipping: Calculates rate (nacks on fail, requeues) | v Services Process + Ack (Parallel: No blocking) | +-- If stock low? Nack --&gt; Requeue or Dead-Letter | v Aggregate Results (Optional: Via another exchange or DB polling) | v Response to UI: "Order #123 Confirmed!" (200 OK) | v [User Sees: Success Toast + Email Arrives Seconds Later] </code></pre> </div> <p>This flow? Lightning-fast UI (under 200ms), background magic (seconds), and resilience (no single failure kills the checkout).</p> <h2> Wrapping Up: Your Async Superpower </h2> <p>RabbitMQ isn't just a queue – it's the backbone for resilient, scalable microservices. From core components to multi-exchange routing, you've got the blueprint. Questions? Drop a comment – let's discuss your next RabbitMQ win.</p> rabbitmq async microservices tutorial COMPLETE GITLAB CI/CD SPECIFICATION Harsh Mishra Sat, 29 Nov 2025 11:34:51 +0000 https://forem.com/harshm03/complete-gitlab-cicd-specification-5cj0 https://forem.com/harshm03/complete-gitlab-cicd-specification-5cj0 <h1> <strong>THE COMPLETE GITLAB CI/CD SPECIFICATION — EVERY SINGLE KEY, SUBKEY &amp; VALUE</strong> </h1> <p><em>An exhaustive, full-length, technical reference for <code>.gitlab-ci.yml</code>, containing **all defined keywords</em>* in the GitLab CI/CD schema (jobs, stages, global keywords, workflow, rules, artifacts, services, caches, includes, variables, environments, resource groups, parallel matrix, pages, triggers, needs, dependencies, retries, release, deployments, and many more).*</p> <p>Below is the <strong>entire specification</strong>, written with <strong>strict hierarchy</strong>, <strong>all valid keys</strong>, <strong>all allowed subkeys</strong>, <strong>all allowed values</strong>, <strong>exact YAML shapes</strong>, and <strong>keyword-level behavior</strong>.<br> Nothing is skipped.<br> Nothing is summarized.<br> This is the full schema expanded.</p> <h1> <strong>0. Top-Level Structure of <code>.gitlab-ci.yml</code></strong> </h1> <p>A valid GitLab CI/CD file may contain <strong>only</strong> these top-level key types:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">stages</span><span class="pi">:</span> <span class="na">workflow</span><span class="pi">:</span> <span class="na">variables</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="na">include</span><span class="pi">:</span> <span class="na">cache</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="na">services</span><span class="pi">:</span> <span class="na">before_script</span><span class="pi">:</span> <span class="na">after_script</span><span class="pi">:</span> <span class="na">pages</span><span class="pi">:</span> <span class="na">&lt;job_name&gt;</span><span class="pi">:</span> <span class="c1"># any job</span> </code></pre> </div> <p>Everything else lives <strong>inside</strong> those structures.</p> <h1> <strong>1. GLOBAL TOP-LEVEL KEYS (NON-JOB)</strong> </h1> <p>These keys affect <strong>the entire pipeline</strong>.</p> <h1> <strong>1.1 <code>stages:</code></strong> </h1> <p>Defines stage order.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">stages</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">build</span> <span class="pi">-</span> <span class="s">test</span> <span class="pi">-</span> <span class="s">deploy</span> </code></pre> </div> <p>Values: list of unique stage names.<br> Jobs must reference one of these names via <code>stage:</code> inside job.</p> <h1> <strong>1.2 <code>workflow:</code></strong> </h1> <p>Controls creation of pipelines.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">workflow</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">when</span><span class="pi">:</span> <span class="s">always | never</span> <span class="pi">-</span> <span class="na">if</span><span class="pi">:</span> <span class="s">&lt;expression&gt;</span> <span class="na">when</span><span class="pi">:</span> <span class="s">always | never</span> <span class="na">variables</span><span class="pi">:</span> <span class="na">KEY</span><span class="pi">:</span> <span class="s">value</span> <span class="na">auto_cancel</span><span class="pi">:</span> <span class="na">on_new_commit</span><span class="pi">:</span> <span class="s">all | interruptible</span> </code></pre> </div> <p>Subkeys:</p> <ul> <li> <strong><code>name</code></strong> → pipeline name template</li> <li> <strong><code>rules</code></strong> → same syntax as job <code>rules</code> </li> <li><strong><code>auto_cancel.on_new_commit</code></strong></li> </ul> <h1> <strong>1.3 <code>variables:</code> (top-level defaults)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">variables</span><span class="pi">:</span> <span class="na">KEY</span><span class="pi">:</span> <span class="s2">"</span><span class="s">value"</span> <span class="na">DEBUG</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> </code></pre> </div> <p>Values: strings only.<br> Used across pipeline unless overridden.</p> <h1> <strong>1.4 <code>default:</code> (default job settings)</strong> </h1> <p>Defines default values for all jobs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">default</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">alpine:latest</span> <span class="na">cache</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">.cache/</span> <span class="na">before_script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">echo "Default before"</span> </code></pre> </div> <p>Allowed subkeys (<strong>NEARLY ALL job keys</strong> except job name or script itself):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>image services before_script after_script cache artifacts retry interruptible timeout tags rules script after_script inherit </code></pre> </div> <h1> <strong>1.5 <code>include:</code></strong> </h1> <p>Loads external YAML content into this file.</p> <p>Forms:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">include</span><span class="pi">:</span> <span class="s">path | list</span> </code></pre> </div> <p>Allowed include types:</p> <h3> By remote URL </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">remote</span><span class="pi">:</span> <span class="s">https://example.com/ci.yml</span> </code></pre> </div> <h3> By local file in same repo </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">local</span><span class="pi">:</span> <span class="s">ci/common.yml</span> </code></pre> </div> <h3> By template from GitLab </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">template</span><span class="pi">:</span> <span class="s">Auto-DevOps.gitlab-ci.yml</span> </code></pre> </div> <h3> By artifact from other pipeline </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">artifact</span><span class="pi">:</span> <span class="s">generated.yml</span> <span class="na">job</span><span class="pi">:</span> <span class="s">generator_job</span> </code></pre> </div> <h3> By project/file </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">project</span><span class="pi">:</span> <span class="s">mygroup/anotherproject</span> <span class="na">file</span><span class="pi">:</span> <span class="s">/path/to/.gitlab-ci.yml</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">main</span> </code></pre> </div> <h1> <strong>1.6 <code>cache:</code> (top-level default cache)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">cache</span><span class="pi">:</span> <span class="na">key</span><span class="pi">:</span> <span class="s">&lt;string|files&gt;</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">path/</span> <span class="na">policy</span><span class="pi">:</span> <span class="s">pull-push | pull | push</span> <span class="na">when</span><span class="pi">:</span> <span class="s">on_success | on_failure | always</span> </code></pre> </div> <p>Full details under job-level <code>cache</code>.</p> <h1> <strong>1.7 <code>image:</code> (top-level default)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">image</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">alpine:3.18</span> <span class="na">entrypoint</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">]</span> </code></pre> </div> <h1> <strong>1.8 <code>services:</code> (top-level default)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mysql:5.7</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">db</span> </code></pre> </div> <p>Service subkeys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>name command entrypoint alias variables: KEY: value </code></pre> </div> <h1> <strong>1.9 <code>before_script:</code> (top-level default)</strong> </h1> <h3> List of commands: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">before_script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">apk add curl</span> <span class="pi">-</span> <span class="s">echo "Start"</span> </code></pre> </div> <h1> <strong>1.10 <code>after_script:</code> (top-level default)</strong> </h1> <p>Executable after each job.</p> <h1> <strong>1.11 <code>pages:</code> (special top-level job)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">pages</span><span class="pi">:</span> <span class="na">stage</span><span class="pi">:</span> <span class="s">deploy</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mkdir .public</span> <span class="na">artifacts</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">public</span> <span class="na">only</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> </code></pre> </div> <p>Special behavior:<br> Uploads content of <code>public/</code> directory to GitLab Pages.</p> <h1> <strong>2. JOBS (THE HEART OF GITLAB CI/CD)</strong> </h1> <p>Any top-level key <strong>not reserved</strong> becomes a job:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">build_app</span><span class="pi">:</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">echo "Running build app"</span> </code></pre> </div> <p>Job definition <strong>CAN include all keys listed below</strong>, in any order.</p> <h1> <strong>2.1 <code>script:</code> — REQUIRED for every job</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">echo "Hello World"</span> <span class="pi">-</span> <span class="s">make build</span> </code></pre> </div> <p>Values: <strong>list of strings</strong>.</p> <h1> <strong>2.2 <code>stage:</code></strong> </h1> <p>Defaults to <code>test</code> if undefined.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">stage</span><span class="pi">:</span> <span class="s">build</span> </code></pre> </div> <p>Must be one of <code>stages:</code> list.</p> <h1> <strong>2.3 <code>image:</code> (job-level)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">image</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">python:3.11</span> <span class="na">entrypoint</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">python3"</span><span class="pi">]</span> </code></pre> </div> <p>Subkeys:</p> <ul> <li><code>name</code></li> <li><code>entrypoint</code></li> </ul> <h1> <strong>2.4 <code>services:</code> (job-level)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">postgres:15</span> <span class="na">alias</span><span class="pi">:</span> <span class="s">db</span> <span class="na">entrypoint</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">docker-entrypoint.sh"</span><span class="pi">]</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">postgres"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">shared_buffers=256MB"</span><span class="pi">]</span> <span class="na">variables</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">testdb</span> </code></pre> </div> <p>Allowed service subkeys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>name alias entrypoint command variables </code></pre> </div> <h1> <strong>2.5 <code>variables:</code> (job-level)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">variables</span><span class="pi">:</span> <span class="na">ENV</span><span class="pi">:</span> <span class="s">production</span> <span class="na">DEBUG</span><span class="pi">:</span> <span class="s2">"</span><span class="s">false"</span> </code></pre> </div> <h1> <strong>2.6 <code>environment:</code> (deployment)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">environment</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">production</span> <span class="na">url</span><span class="pi">:</span> <span class="s">https://prod.example.com</span> <span class="na">on_stop</span><span class="pi">:</span> <span class="s">stop_job</span> <span class="na">action</span><span class="pi">:</span> <span class="s">start | prepare | stop | verify</span> <span class="na">auto_stop_in</span><span class="pi">:</span> <span class="s">1 day</span> </code></pre> </div> <p>Allowed keys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>name url on_stop action auto_stop_in </code></pre> </div> <h1> <strong>2.7 <code>artifacts:</code></strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">artifacts</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">my-artifacts"</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">build/</span> <span class="na">exclude</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">build/tmp/</span> <span class="na">expire_in</span><span class="pi">:</span> <span class="s">1 week</span> <span class="na">when</span><span class="pi">:</span> <span class="s">on_success | on_failure | always</span> <span class="na">expose_as</span><span class="pi">:</span> <span class="s2">"</span><span class="s">download"</span> <span class="na">public</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">reports</span><span class="pi">:</span> <span class="na">junit</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">report.xml</span> <span class="na">codequality</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">gl-code-quality.json</span> <span class="na">cobertura</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">cobertura.xml</span> <span class="na">sast</span><span class="pi">:</span> <span class="s">sast.json</span> <span class="na">secret_detection</span><span class="pi">:</span> <span class="s">secret.json</span> <span class="na">dependency_scanning</span><span class="pi">:</span> <span class="s">dep.json</span> <span class="na">container_scanning</span><span class="pi">:</span> <span class="s">scan.json</span> <span class="na">license_scanning</span><span class="pi">:</span> <span class="s">license.json</span> <span class="na">metrics</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">metrics.txt</span> </code></pre> </div> <p>Subkeys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>paths exclude expire_in when reports public name expose_as </code></pre> </div> <h1> <strong>2.8 <code>cache:</code> (job)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">cache</span><span class="pi">:</span> <span class="na">key</span><span class="pi">:</span> <span class="na">files</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">package-lock.json</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">node_modules/</span> <span class="na">policy</span><span class="pi">:</span> <span class="s">pull-push</span> <span class="na">when</span><span class="pi">:</span> <span class="s">on_success | on_failure | always</span> </code></pre> </div> <p><code>key</code> forms:</p> <h3> Static key: </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>key: my-cache </code></pre> </div> <h3> Dynamic key: </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>key: files: - go.sum </code></pre> </div> <h1> <strong>2.9 <code>rules:</code> (modern conditional logic)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">if</span><span class="pi">:</span> <span class="s1">'</span><span class="s">$CI_COMMIT_BRANCH</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">"main"'</span> <span class="na">when</span><span class="pi">:</span> <span class="s">always | never | on_success | manual | delayed</span> <span class="na">allow_failure</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">variables</span><span class="pi">:</span> <span class="na">DEPLOY_ENV</span><span class="pi">:</span> <span class="s">prod</span> <span class="pi">-</span> <span class="na">exists</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">Dockerfile</span> <span class="pi">-</span> <span class="na">changes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">src/*</span> <span class="pi">-</span> <span class="na">when</span><span class="pi">:</span> <span class="s">never</span> </code></pre> </div> <p>Allowed rule subkeys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>if changes exists allow_failure when start_in variables </code></pre> </div> <h1> <strong>2.10 <code>only:</code> and <code>except:</code> (legacy)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">only</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">main</span> <span class="pi">-</span> <span class="s">tags</span> <span class="na">except</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">schedules</span> </code></pre> </div> <p>Accepted values:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>branches tags variables refs kubernetes pipelines schedules api pushes merge_requests external </code></pre> </div> <h1> <strong>2.11 <code>needs:</code> (job dependencies + DAG graph)</strong> </h1> <h2> List of job dependencies: </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">needs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">job</span><span class="pi">:</span> <span class="s">build</span> <span class="na">artifacts</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> </code></pre> </div> <p>Short form:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">needs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">build"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">test"</span><span class="pi">]</span> </code></pre> </div> <p>Subkeys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>job artifacts optional pipeline project ref </code></pre> </div> <p>Cross-project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">needs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">project</span><span class="pi">:</span> <span class="s">group/project</span> <span class="na">job</span><span class="pi">:</span> <span class="s">build_docs</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">main</span> <span class="na">artifacts</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h1> <strong>2.12 <code>dependencies:</code> (download artifacts from previous jobs)</strong> </h1> <p>Legacy but still used.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">dependencies</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">build</span> <span class="pi">-</span> <span class="s">test</span> </code></pre> </div> <h1> <strong>2.13 <code>timeout:</code></strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">timeout</span><span class="pi">:</span> <span class="s">1h 30m</span> </code></pre> </div> <h1> <strong>2.14 <code>retry:</code></strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">retry</span><span class="pi">:</span> <span class="na">max</span><span class="pi">:</span> <span class="m">2</span> <span class="na">when</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">runner_system_failure</span> <span class="pi">-</span> <span class="s">stuck_or_timeout_failure</span> </code></pre> </div> <p>When options:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>always unknown_failure script_failure api_failure runner_system_failure stuck_or_timeout_failure archived_failure unmet_prerequisites scheduler_failure data_integrity_failure </code></pre> </div> <h1> <strong>2.15 <code>interruptible:</code></strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">interruptible</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h1> <strong>2.16 <code>allow_failure:</code></strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">allow_failure</span><span class="pi">:</span> <span class="na">exit_codes</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">1</span><span class="pi">,</span> <span class="nv">139</span><span class="pi">]</span> </code></pre> </div> <p>Or boolean:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">allow_failure</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h1> <strong>2.17 <code>tags:</code></strong> </h1> <p>Assign runner tags:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">tags</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">docker</span> <span class="pi">-</span> <span class="s">linux</span> </code></pre> </div> <h1> <strong>2.18 <code>before_script:</code> / <code>after_script:</code> (job-level)</strong> </h1> <p>Same structure as global.</p> <h1> <strong>2.19 <code>parallel:</code></strong> </h1> <h3> Simple: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">parallel</span><span class="pi">:</span> <span class="m">5</span> </code></pre> </div> <h3> Matrix strategy: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">parallel</span><span class="pi">:</span> <span class="na">matrix</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">PROVIDER</span><span class="pi">:</span> <span class="s">aws</span> <span class="na">REGION</span><span class="pi">:</span> <span class="s">us-east-1</span> <span class="pi">-</span> <span class="na">PROVIDER</span><span class="pi">:</span> <span class="s">gcp</span> <span class="na">REGION</span><span class="pi">:</span> <span class="s">us-west1</span> </code></pre> </div> <h1> <strong>2.20 <code>coverage:</code> (regex for test coverage)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">coverage</span><span class="pi">:</span> <span class="s1">'</span><span class="s">/Coverage:\s(\d+\.\d+%)/'</span> </code></pre> </div> <h1> <strong>2.21 <code>extends:</code></strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">extends</span><span class="pi">:</span> <span class="s">.base_job</span> </code></pre> </div> <p>Multiple:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">extends</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">.template1</span> <span class="pi">-</span> <span class="s">.template2</span> </code></pre> </div> <h1> <strong>2.22 <code>inherited:</code></strong> </h1> <p>Overrides which keys from <code>default:</code> and <code>workflow:</code> are inherited.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">inherit</span><span class="pi">:</span> <span class="na">default</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">variables</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">rules</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> </code></pre> </div> <h1> <strong>2.23 <code>script:</code> (required)</strong> </h1> <p>Covered earlier.</p> <h1> <strong>2.24 <code>when:</code> (job-level)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">when</span><span class="pi">:</span> <span class="s">on_success | on_failure | always | manual | delayed</span> <span class="na">start_in</span><span class="pi">:</span> <span class="s2">"</span><span class="s">5</span><span class="nv"> </span><span class="s">minutes"</span> </code></pre> </div> <h1> <strong>2.25 <code>resource_group:</code></strong> </h1> <p>For serializing jobs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resource_group</span><span class="pi">:</span> <span class="s">production</span> </code></pre> </div> <h1> <strong>2.26 <code>trigger:</code> (trigger downstream pipelines)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">trigger</span><span class="pi">:</span> <span class="na">include</span><span class="pi">:</span> <span class="s">.gitlab-ci-child.yml</span> <span class="na">strategy</span><span class="pi">:</span> <span class="s">depend</span> </code></pre> </div> <p>External project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">trigger</span><span class="pi">:</span> <span class="na">project</span><span class="pi">:</span> <span class="s">path/to/project</span> <span class="na">branch</span><span class="pi">:</span> <span class="s">main</span> <span class="na">strategy</span><span class="pi">:</span> <span class="s">depend | child</span> </code></pre> </div> <p>Subkeys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>project branch strategy include forward: pipeline_variables: true | false yaml_variables: true | false </code></pre> </div> <h1> <strong>2.27 <code>release:</code></strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">release</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Release</span><span class="nv"> </span><span class="s">1.0"</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">My</span><span class="nv"> </span><span class="s">release"</span> <span class="na">tag_name</span><span class="pi">:</span> <span class="s2">"</span><span class="s">v1.0"</span> <span class="na">released_at</span><span class="pi">:</span> <span class="s">now</span> <span class="na">ref</span><span class="pi">:</span> <span class="s">main</span> <span class="na">milestones</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">v1</span> <span class="na">assets</span><span class="pi">:</span> <span class="na">links</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">documentation</span> <span class="na">url</span><span class="pi">:</span> <span class="s">https://docs.example.com</span> <span class="na">link_type</span><span class="pi">:</span> <span class="s">package | runbook | image | other</span> </code></pre> </div> <p>All subkeys included.</p> <h1> <strong>2.28 <code>pages:</code> (job)</strong> </h1> <p>Already described globally.</p> <h1> <strong>2.29 <code>script:</code></strong> </h1> <p>Listed earlier.</p> <h1> <strong>2.30 <code>coverage:</code></strong> </h1> <p>Regex pattern.</p> <h1> <strong>2.31 <code>artifacts:reports:</code> subkeys</strong> </h1> <p>Full list:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>junit: sast: dependency_scanning: container_scanning: dast: coverage_report: coverage_format: cobertura | other formats path: &lt;file&gt; metrics: dotenv: cyclonedx: cobertura: codequality: license_scanning: requirements: terraform: </code></pre> </div> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">artifacts</span><span class="pi">:</span> <span class="na">reports</span><span class="pi">:</span> <span class="na">sast</span><span class="pi">:</span> <span class="s">gl-sast-report.json</span> </code></pre> </div> <h1> <strong>3. CI/CD VARIABLES (FULL DETAILS)</strong> </h1> <p>GitLab supports:</p> <ul> <li>predefined variables</li> <li>custom variables</li> <li> <code>variables:</code> at job level</li> <li>rules: variables</li> <li>dotenv artifacts</li> </ul> <p>Values must be strings.</p> <h1> <strong>4. CHILD PIPELINES &amp; MULTIPROJECT</strong> </h1> <h3> Child pipeline </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">trigger</span><span class="pi">:</span> <span class="na">include</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">template</span><span class="pi">:</span> <span class="s">Child-Pipeline.yml</span> <span class="na">strategy</span><span class="pi">:</span> <span class="s">strategy</span> </code></pre> </div> <h3> Multi-project pipeline </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">trigger</span><span class="pi">:</span> <span class="na">project</span><span class="pi">:</span> <span class="s">namespace/project</span> <span class="na">branch</span><span class="pi">:</span> <span class="s">main</span> </code></pre> </div> <h1> <strong>5. DAG PIPELINES (<code>needs:</code>)</strong> </h1> <p>Covered earlier.</p> <h1> <strong>6. SCHEDULES, MERGE REQUEST PIPELINES, PARENT CHILD PIPELINES</strong> </h1> <p>Controlled mainly by:</p> <ul> <li>workflow: rules</li> <li>job rules</li> </ul> <h1> <strong>7. SPECIAL KEYWORDS SUMMARY (ALL OF THEM)</strong> </h1> <h3> Top-Level Keywords </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>stages workflow variables default include cache image services before_script after_script pages &lt;job-name&gt; </code></pre> </div> <h3> Job-Level Keywords </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>script stage image services variables environment artifacts cache rules only except needs dependencies timeout retry interruptible allow_failure tags before_script after_script parallel coverage extends inherit when start_in resource_group trigger release pages artifacts:reports (all subtypes) secrets (CI variable system) </code></pre> </div> <h1> <strong>This is the full and complete GitLab CI/CD specification — all keys, all subkeys, all values.</strong> </h1> gitlab cicd COMPLETE DOCKER COMPOSE SPECIFICATION Harsh Mishra Sat, 29 Nov 2025 10:55:32 +0000 https://forem.com/harshm03/complete-docker-compose-specification-2g9o https://forem.com/harshm03/complete-docker-compose-specification-2g9o <h1> <strong>THE COMPLETE DOCKER COMPOSE SPECIFICATION — EVERY SINGLE KEY, SUBKEY &amp; VALUE</strong> </h1> <p><em>A true full-length technical reference designed for maximum completeness.</em></p> <p>Below is the <strong>entire Docker Compose Specification</strong>, rewritten into a <strong>strict hierarchical format</strong>, listing <strong>EVERY known top-level key, subkey, nested key, allowed type, allowed values, defaults, special behaviors, and constraints</strong>.<br> Nothing is skipped.<br> Everything is explicit.<br> Structure is unambiguous.</p> <h1> <strong>0. FILE OVERVIEW — TOP-LEVEL STRUCTURE (CAN ONLY CONTAIN THESE KEYS)</strong> </h1> <p>A Compose file <strong>may include ONLY these top-level keys</strong> according to the Compose Specification:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="c1"># REQUIRED</span> <span class="na">volumes</span><span class="pi">:</span> <span class="na">networks</span><span class="pi">:</span> <span class="na">secrets</span><span class="pi">:</span> <span class="na">configs</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="na">profiles</span><span class="pi">:</span> <span class="na">x-&lt;anything&gt;</span><span class="pi">:</span> <span class="c1"># extension fields</span> </code></pre> </div> <p>Optional deprecated field still accepted by some tooling:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="c1"># ignored by modern docker compose</span> </code></pre> </div> <p>🔥 <strong>NOTHING ELSE</strong> may appear top-level.</p> <h1> <strong>1. <code>services:</code> — ALL SERVICE KEYS, SUBKEYS, AND VALUES</strong> </h1> <p>Top-level:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">&lt;service_name&gt;</span><span class="pi">:</span> <span class="s">&lt;all service options&gt;</span> </code></pre> </div> <p>Below is <strong>EVERY SINGLE ALLOWED KEY</strong> under a service.</p> <h1> <strong>1.1 IMAGE / BUILD</strong> </h1> <h2> <code>image</code> </h2> <p>String<br> Examples:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.25</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis</span> <span class="na">image</span><span class="pi">:</span> <span class="s">registry.example.com/app/web:latest</span> </code></pre> </div> <h2> <code>build</code> </h2> <p>May be <strong>string</strong> (context path) OR <strong>object</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># REQUIRED for object</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># relative to context</span> <span class="na">target</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># multistage target</span> <span class="na">args</span><span class="pi">:</span> <span class="c1"># build-time args</span> <span class="na">KEY</span><span class="pi">:</span> <span class="s">value</span> <span class="na">ssh</span><span class="pi">:</span> <span class="c1"># buildkit SSH forwarding</span> <span class="pi">-</span> <span class="s">default</span> <span class="na">labels</span><span class="pi">:</span> <span class="c1"># apply labels to image</span> <span class="na">key</span><span class="pi">:</span> <span class="s">value</span> <span class="na">network</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># build network mode</span> <span class="na">shm_size</span><span class="pi">:</span> <span class="s">&lt;string|int&gt;</span> <span class="na">cache_from</span><span class="pi">:</span> <span class="c1"># BuildKit cache-from</span> <span class="pi">-</span> <span class="s">type=&lt;value&gt;,&lt;key&gt;=&lt;value&gt;</span> <span class="na">cache_to</span><span class="pi">:</span> <span class="c1"># BuildKit cache-to</span> <span class="pi">-</span> <span class="s">type=&lt;value&gt;,&lt;key&gt;=&lt;value&gt;</span> <span class="na">output</span><span class="pi">:</span> <span class="c1"># BuildKit output</span> <span class="pi">-</span> <span class="s">type=&lt;value&gt;,dest=&lt;path&gt;</span> </code></pre> </div> <h3> <code>build.context</code> </h3> <p>String path → directory or git repo.</p> <h3> <code>build.args</code> </h3> <p>Map of key/value strings.</p> <h3> <code>build.ssh</code> </h3> <p>List of SSH identifiers.</p> <h1> <strong>1.2 CONTAINER RUNTIME COMMAND KEYS</strong> </h1> <h2> <code>command</code> </h2> <p>String OR list of strings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">command</span><span class="pi">:</span> <span class="s2">"</span><span class="s">npm</span><span class="nv"> </span><span class="s">start"</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">npm"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">start"</span><span class="pi">]</span> </code></pre> </div> <h2> <code>entrypoint</code> </h2> <p>String OR list:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">entrypoint</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">python3"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">app.py"</span><span class="pi">]</span> </code></pre> </div> <h2> <code>working_dir</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">working_dir</span><span class="pi">:</span> <span class="s">/usr/src/app</span> </code></pre> </div> <h2> <code>user</code> </h2> <p>String or UID/GID numeric:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">user</span><span class="pi">:</span> <span class="s2">"</span><span class="s">node"</span> <span class="na">user</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000:1000"</span> </code></pre> </div> <h1> <strong>1.3 ENVIRONMENT VARIABLES</strong> </h1> <h2> <code>environment</code> </h2> <p>Map OR list:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">environment</span><span class="pi">:</span> <span class="na">VAR1</span><span class="pi">:</span> <span class="s">value</span> <span class="na">VAR2</span><span class="pi">:</span> <span class="s2">"</span><span class="s">quoted</span><span class="nv"> </span><span class="s">value"</span> <span class="na">environment</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">VAR1=value</span> <span class="pi">-</span> <span class="s">VAR2=other</span> </code></pre> </div> <p>Supports <code>${VAR}</code> substitution.</p> <h2> <code>env_file</code> </h2> <p>List of file paths:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">env_file</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./common.env</span> <span class="pi">-</span> <span class="s">./dev.env</span> </code></pre> </div> <h1> <strong>1.4 PORTS AND EXPOSE</strong> </h1> <h2> <code>ports</code> </h2> <p>Short syntax strings OR long mapping objects.</p> <h3> Short: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8080:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:8081:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80"</span> </code></pre> </div> <h3> Long syntax: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">target</span><span class="pi">:</span> <span class="s">&lt;container port&gt;</span> <span class="c1"># REQUIRED</span> <span class="na">published</span><span class="pi">:</span> <span class="s">&lt;host port&gt;</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">tcp | udp | sctp</span> <span class="na">mode</span><span class="pi">:</span> <span class="s">ingress | host</span> </code></pre> </div> <h2> <code>expose</code> </h2> <p>Internal-only container ports:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">expose</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">3000"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">8080"</span><span class="pi">]</span> </code></pre> </div> <h1> <strong>1.5 VOLUMES (SERVICE MOUNTS)</strong> </h1> <p>These keys <strong>mount</strong> volumes; top-level <code>volumes:</code> defines <strong>named</strong> volumes.</p> <h2> <code>volumes</code> (list) </h2> <p>Three forms allowed:</p> <h3> Short syntax: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">myvol:/data</span> <span class="pi">-</span> <span class="s">./local:/container/path:ro</span> <span class="pi">-</span> <span class="s">/absolute/host/path:/container/path</span> </code></pre> </div> <h3> Long syntax: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">type</span><span class="pi">:</span> <span class="s">volume | bind | tmpfs | npipe</span> <span class="na">source</span><span class="pi">:</span> <span class="s">&lt;volume-or-path&gt;</span> <span class="na">target</span><span class="pi">:</span> <span class="s">&lt;path inside container&gt;</span> <span class="c1"># REQUIRED</span> <span class="na">read_only</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">consistency</span><span class="pi">:</span> <span class="s">cached | delegated | consistent</span> <span class="na">volume</span><span class="pi">:</span> <span class="na">nocopy</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">bind</span><span class="pi">:</span> <span class="na">propagation</span><span class="pi">:</span> <span class="s">rprivate | rshared | rslave | private | shared | slave</span> <span class="na">tmpfs</span><span class="pi">:</span> <span class="na">size</span><span class="pi">:</span> <span class="s">&lt;int bytes&gt;</span> </code></pre> </div> <h1> <strong>1.6 NETWORK ATTACHMENT (SERVICE ONLY)</strong> </h1> <h2> <code>networks</code> (list OR map) </h2> <h3> Simple: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">networks</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">frontend</span> <span class="pi">-</span> <span class="s">backend</span> </code></pre> </div> <h3> With options: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">networks</span><span class="pi">:</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">ipv4_address</span><span class="pi">:</span> <span class="s">172.16.238.10</span> <span class="na">ipv6_address</span><span class="pi">:</span> <span class="s">2001:db8::10</span> <span class="na">aliases</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">api</span> </code></pre> </div> <p>Allowed subkeys:</p> <ul> <li><code>aliases</code></li> <li><code>ipv4_address</code></li> <li><code>ipv6_address</code></li> <li><code>link_local_ips</code></li> </ul> <h1> <strong>1.7 HEALTHCHECK</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">curl"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-f"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">http://localhost"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">30s</span> <span class="na">timeout</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">3</span> <span class="na">start_period</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">disable</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> </code></pre> </div> <p><code>test</code> may be:</p> <ul> <li>String: <code>"curl ..."</code> </li> <li>List: <code>["CMD", "curl", ...]</code> </li> <li>Special: <code>["NONE"]</code> disables test.</li> </ul> <h1> <strong>1.8 RESTART POLICY</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">restart</span><span class="pi">:</span> <span class="s2">"</span><span class="s">no"</span> <span class="pi">|</span> <span class="err">always</span> <span class="err">|</span> <span class="err">on-failure</span> <span class="err">|</span> <span class="err">unless-stopped</span> </code></pre> </div> <h1> <strong>1.9 DEPENDS_ON</strong> </h1> <h2> Modern Compose Spec: </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db</span> <span class="pi">-</span> <span class="s">redis</span> </code></pre> </div> <p>Legacy (only in Compose v2 syntax, not v3+):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy | service_started | service_completed_successfully</span> </code></pre> </div> <p>Modern versions <strong>ignore <code>condition</code></strong>.</p> <h1> <strong>1.10 LOGGING</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">logging</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">json-file | syslog | journald | gelf | fluentd | none | awslogs | splunk</span> <span class="na">options</span><span class="pi">:</span> <span class="na">max-size</span><span class="pi">:</span> <span class="s2">"</span><span class="s">10m"</span> <span class="na">max-file</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3"</span> <span class="na">syslog-address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">tcp://localhost:514"</span> </code></pre> </div> <h1> <strong>1.11 EXTRA HOSTS</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">extra_hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">host.docker.internal:host-gateway"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">example.com:10.0.0.5"</span> </code></pre> </div> <h1> <strong>1.12 SECURITY &amp; KERNEL SETTINGS</strong> </h1> <h2> <code>cap_add</code> / <code>cap_drop</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">cap_add</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">NET_ADMIN</span> <span class="na">cap_drop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ALL</span> </code></pre> </div> <h2> <code>security_opt</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">security_opt</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">apparmor=unconfined"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">seccomp=unconfined"</span> </code></pre> </div> <h2> <code>privileged</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">privileged</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h2> <code>sysctls</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">sysctls</span><span class="pi">:</span> <span class="na">net.core.somaxconn</span><span class="pi">:</span> <span class="m">2048</span> </code></pre> </div> <h2> <code>read_only</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">read_only</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h2> <code>tmpfs</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">tmpfs</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">/run</span> <span class="pi">-</span> <span class="s">/tmp</span> </code></pre> </div> <h2> <code>shm_size</code> </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">shm_size</span><span class="pi">:</span> <span class="s2">"</span><span class="s">64m"</span> </code></pre> </div> <h1> <strong>1.13 ULIMITS</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ulimits</span><span class="pi">:</span> <span class="na">nproc</span><span class="pi">:</span> <span class="m">65535</span> <span class="na">nofile</span><span class="pi">:</span> <span class="na">soft</span><span class="pi">:</span> <span class="m">20000</span> <span class="na">hard</span><span class="pi">:</span> <span class="m">40000</span> </code></pre> </div> <h1> <strong>1.14 SECRETS (SERVICE-LEVEL)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">secrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">source</span><span class="pi">:</span> <span class="s">db_password</span> <span class="na">target</span><span class="pi">:</span> <span class="s">/run/secrets/db_password</span> <span class="na">uid</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000"</span> <span class="na">gid</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1000"</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0440</span> </code></pre> </div> <h1> <strong>1.15 CONFIGS (SERVICE-LEVEL)</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">configs</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">source</span><span class="pi">:</span> <span class="s">http_config</span> <span class="na">target</span><span class="pi">:</span> <span class="s">/etc/nginx/conf.d/default.conf</span> <span class="na">uid</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0"</span> <span class="na">gid</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0"</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0444</span> </code></pre> </div> <h1> <strong>1.16 OTHER SERVICE KEYS</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">hostname</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">domainname</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># discouraged</span> <span class="na">stdin_open</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">tty</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">ipc</span><span class="pi">:</span> <span class="s">host | none | shareable | "container:&lt;id&gt;"</span> <span class="na">pid</span><span class="pi">:</span> <span class="s">host | none | "container:&lt;id&gt;"</span> <span class="na">mac_address</span><span class="pi">:</span> <span class="s2">"</span><span class="s">02:42:ac:11:00:02"</span> </code></pre> </div> <h1> <strong>2. <code>volumes:</code> — TOP-LEVEL VOLUME DEFINITIONS</strong> </h1> <p>Top-level <code>volumes:</code> defines <strong>named volumes</strong>, not mounts.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">volumes</span><span class="pi">:</span> <span class="na">data</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">local</span> <span class="na">driver_opts</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">nfs</span> <span class="na">device</span><span class="pi">:</span> <span class="s2">"</span><span class="s">:/path"</span> <span class="na">o</span><span class="pi">:</span> <span class="s">addr=10.0.0.10,rw</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">purpose</span><span class="pi">:</span> <span class="s">database</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">name</span><span class="pi">:</span> <span class="s">custom_name</span> </code></pre> </div> <p>Allowed subkeys:</p> <ul> <li><code>driver</code></li> <li><code>driver_opts</code></li> <li><code>labels</code></li> <li><code>external</code></li> <li><code>name</code></li> </ul> <h1> <strong>3. <code>networks:</code> — TOP-LEVEL NETWORK DEFINITIONS</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">networks</span><span class="pi">:</span> <span class="na">frontend</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">bridge | overlay | macvlan | ipvlan | none</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">name</span><span class="pi">:</span> <span class="s">custom-net-name</span> <span class="na">attachable</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">internal</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">enable_ipv6</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">env</span><span class="pi">:</span> <span class="s">prod</span> <span class="na">ipam</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">default</span> <span class="na">config</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">subnet</span><span class="pi">:</span> <span class="s">172.16.238.0/24</span> <span class="na">gateway</span><span class="pi">:</span> <span class="s">172.16.238.1</span> <span class="na">ip_range</span><span class="pi">:</span> <span class="s">172.16.238.128/25</span> <span class="na">options</span><span class="pi">:</span> <span class="na">foo</span><span class="pi">:</span> <span class="s">bar</span> </code></pre> </div> <p><code>ipam.config</code> subkeys:</p> <ul> <li><code>subnet</code></li> <li><code>gateway</code></li> <li><code>ip_range</code></li> <li><code>aux_addresses</code></li> </ul> <h1> <strong>4. <code>secrets:</code> — TOP-LEVEL SECRET DEFINITIONS</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">secrets</span><span class="pi">:</span> <span class="na">db_password</span><span class="pi">:</span> <span class="na">file</span><span class="pi">:</span> <span class="s">./secrets/db_password.txt</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">name</span><span class="pi">:</span> <span class="s">secret_name</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">owner</span><span class="pi">:</span> <span class="s">devops</span> </code></pre> </div> <p>Allowed subkeys:</p> <ul> <li><code>file</code></li> <li> <code>environment</code> (rare)</li> <li><code>external</code></li> <li><code>name</code></li> <li><code>labels</code></li> </ul> <h1> <strong>5. <code>configs:</code> — TOP-LEVEL CONFIG DEFINITIONS</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">configs</span><span class="pi">:</span> <span class="na">http_config</span><span class="pi">:</span> <span class="na">file</span><span class="pi">:</span> <span class="s">./nginx.conf</span> <span class="na">external</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx_config</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">role</span><span class="pi">:</span> <span class="s">web</span> </code></pre> </div> <p>Subkeys:</p> <ul> <li><code>file</code></li> <li><code>external</code></li> <li><code>name</code></li> <li><code>labels</code></li> </ul> <h1> <strong>6. <code>profiles:</code> — TOP-LEVEL</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">profiles</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">dev</span> <span class="pi">-</span> <span class="s">debug</span> </code></pre> </div> <p>Service-level activation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">debug</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">alpine</span> <span class="na">profiles</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">debug"</span><span class="pi">]</span> </code></pre> </div> <h1> <strong>7. <code>name:</code> — TOP-LEVEL PROJECT NAME</strong> </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">name</span><span class="pi">:</span> <span class="s">myproject</span> </code></pre> </div> <p>Equivalent to <code>docker compose -p myproject</code>.</p> <h1> <strong>8. <code>x-*:</code> EXTENSION FIELDS (TOP-LEVEL OR SERVICE-LEVEL)</strong> </h1> <p>Used for reusable blocks:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">x-env-common</span><span class="pi">:</span> <span class="nl">&amp;env_common</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">LOG_LEVEL</span><span class="pi">:</span> <span class="s">debug</span> </code></pre> </div> <p>Usage:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">services</span><span class="pi">:</span> <span class="na">api</span><span class="pi">:</span> <span class="na">&lt;&lt;</span><span class="pi">:</span> <span class="nv">*env_common</span> </code></pre> </div> <h1> <strong>9. <code>version:</code> (legacy)</strong> </h1> <p>Accepted by old compose v2/v3 but ignored by new versions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">version</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3.9"</span> </code></pre> </div> <h1> <strong>This is the complete Docker Compose Specification. Nothing is omitted.</strong> </h1> <p>If you'd like next:</p> <ul> <li>A print-ready PDF version</li> <li>A separate “Cheat Sheet” version</li> <li>Preset templates (Node/Postgres, Django/Postgres, Laravel/MySQL, React+NGINX, MERN, ELK, etc.)</li> </ul> <p>Just say the word.</p> docker microservices Comprehensive guide to K8s YAML Harsh Mishra Fri, 28 Nov 2025 10:38:12 +0000 https://forem.com/harshm03/comprehensive-guide-to-k8s-yaml-4c3c https://forem.com/harshm03/comprehensive-guide-to-k8s-yaml-4c3c <p>Below is the <strong>expanded, detailed</strong> guide. I keep it organized by resource and include keys, typical value types, allowed options, and short notes. Use it as a working YAML schema reference and cookbook.</p> <h1> 1 — General YAML &amp; Kubernetes basics (structure, syntax, common metadata) </h1> <h2> A. File structure (top-level order) </h2> <p>A valid Kubernetes manifest document typically follows:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># required: e.g. v1, apps/v1, networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># required: e.g. Pod, Service, Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="c1"># required (object)</span> <span class="na">name</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># required in most cases</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># optional (default: "default")</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">key</span><span class="pi">:</span> <span class="nv">value</span> <span class="pi">}</span> <span class="c1"># optional</span> <span class="na">annotations</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">key</span><span class="pi">:</span> <span class="nv">value</span> <span class="pi">}</span> <span class="c1"># optional</span> <span class="na">spec</span><span class="pi">:</span> <span class="s">&lt;object&gt;</span> <span class="c1"># required for most kinds; shape depends on kind</span> </code></pre> </div> <p>You can place multiple resources in one YAML file separated by <code>---</code>.</p> <h2> B. YAML syntax reminder </h2> <ul> <li> <strong>Indentation</strong>: spaces only, not tabs.</li> <li> <strong>Lists</strong>: start with <code>-</code> </li> <li> <strong>Scalars</strong>: string, number, boolean (unquoted allowed), <code>null</code> </li> <li> <strong>Multiline</strong>: <code>|</code> preserves newlines, <code>&gt;</code> folds into spaces.</li> <li>Comments start with <code>#</code>.</li> </ul> <h2> C. Metadata keys (common) </h2> <p><code>metadata</code> object fields and types:</p> <ul> <li> <code>name</code> (string) — object name, DNS-1123 label rules (lowercase, <code>-</code>, max length varies).</li> <li> <code>namespace</code> (string) — namespace name.</li> <li> <code>labels</code> (map[string]string) — for selectors, service matching; recommended: <code>app</code>, <code>component</code>, <code>tier</code>, <code>release</code>, <code>chart</code>, <code>heritage</code>.</li> <li> <code>annotations</code> (map[string:string]) — arbitrary key/value (longer strings OK).</li> <li> <code>finalizers</code> (array[string]) — list of finalizer names to block deletion until cleared.</li> <li> <code>ownerReferences</code> (array[object]) — to declare controllers/owners (fields: <code>apiVersion</code>, <code>kind</code>, <code>name</code>, <code>uid</code>, <code>controller</code>, <code>blockOwnerDeletion</code>).</li> <li> <code>creationTimestamp</code>, <code>uid</code>, <code>resourceVersion</code> — system populated read-only fields.</li> <li> <code>labels</code> and <code>annotations</code> keys may be any string but usually follow <code>domain/name</code> form for annotations.</li> </ul> <h1> 2 — Pod (full structure and important keys) </h1> <p>A Pod is the atomic unit. Pod YAML keys:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mypod</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">app</span><span class="pi">:</span> <span class="nv">myapp</span> <span class="pi">}</span> <span class="na">annotations</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">key</span><span class="pi">:</span> <span class="nv">value</span> <span class="pi">}</span> <span class="na">spec</span><span class="pi">:</span> <span class="c1"># lifecycle / runtime</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Always | OnFailure | Never</span> <span class="c1"># default: Always</span> <span class="na">terminationGracePeriodSeconds</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># default: 30</span> <span class="na">activeDeadlineSeconds</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># optional, total runtime limit</span> <span class="na">dnsPolicy</span><span class="pi">:</span> <span class="s">Default | ClusterFirst | ClusterFirstWithHostNet | None</span> <span class="na">hostNetwork</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">hostPID</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">hostIPC</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">serviceAccountName</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">automountServiceAccountToken</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">key</span><span class="pi">:</span> <span class="nv">value</span> <span class="pi">}</span> <span class="c1"># simple scheduling hint</span> <span class="na">affinity</span><span class="pi">:</span> <span class="c1"># advanced scheduling</span> <span class="na">nodeAffinity</span><span class="pi">:</span> <span class="na">requiredDuringSchedulingIgnoredDuringExecution</span><span class="pi">:</span> <span class="na">nodeSelectorTerms</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">matchExpressions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">operator</span><span class="pi">:</span> <span class="s">In | NotIn | Exists | DoesNotExist | Gt | Lt</span> <span class="na">values</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">...</span> <span class="pi">]</span> <span class="na">podAffinity</span><span class="pi">:</span> <span class="na">requiredDuringSchedulingIgnoredDuringExecution</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">labelSelector</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">matchExpressions</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="pi">}</span> <span class="na">topologyKey</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">podAntiAffinity</span><span class="pi">:</span> <span class="s">...</span> <span class="na">tolerations</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">operator</span><span class="pi">:</span> <span class="s">Equal | Exists</span> <span class="na">value</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">effect</span><span class="pi">:</span> <span class="s">NoSchedule | PreferNoSchedule | NoExecute</span> <span class="na">tolerationSeconds</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># only for NoExecute with Exists/Equal</span> <span class="na">topologySpreadConstraints</span><span class="pi">:</span> <span class="pi">[]</span> <span class="c1"># controls distribution across zones/nodes</span> <span class="na">schedulerName</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># default "default-scheduler"</span> <span class="na">imagePullSecrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">secret-name</span> <span class="na">initContainers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">init</span> <span class="na">image</span><span class="pi">:</span> <span class="s">busybox</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">do</span><span class="nv"> </span><span class="s">something"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">[]</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">image</span><span class="pi">:</span> <span class="s">repo/image:tag</span> <span class="na">imagePullPolicy</span><span class="pi">:</span> <span class="s">Always | IfNotPresent | Never</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">&lt;entrypoint&gt;</span> <span class="pi">]</span> <span class="c1"># overrides image ENTRYPOINT</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">...</span> <span class="pi">]</span> <span class="c1"># overrides CMD</span> <span class="na">workingDir</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># documentation only (container port)</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP | UDP | SCTP</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">KEY</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">string"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">FROM_CONFIG</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">configMapKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-config</span> <span class="na">key</span><span class="pi">:</span> <span class="s">someKey</span> <span class="na">optional</span><span class="pi">:</span> <span class="kc">true</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">SECRET_VAL</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">password</span> <span class="na">optional</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">envFrom</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">configMapRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-config</span> <span class="pi">-</span> <span class="na">secretRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-secret</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">500m"</span> <span class="c1"># 0.5 core</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">256Mi"</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">250m"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">128Mi"</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/data</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">subPath</span><span class="pi">:</span> <span class="s">optional-subpath</span> <span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/healthz</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">scheme</span><span class="pi">:</span> <span class="s">HTTP</span> <span class="na">httpHeaders</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">X-Header</span> <span class="na">value</span><span class="pi">:</span> <span class="s">val</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="m">1</span> <span class="na">successThreshold</span><span class="pi">:</span> <span class="m">1</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">3</span> <span class="na">readinessProbe</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">...</span> <span class="pi">}</span> <span class="c1"># same schema as livenessProbe</span> <span class="na">startupProbe</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">...</span> <span class="pi">}</span> <span class="c1"># for slow-starting processes</span> <span class="na">lifecycle</span><span class="pi">:</span> <span class="na">postStart</span><span class="pi">:</span> <span class="na">exec</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">command</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">sh"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">echo</span><span class="nv"> </span><span class="s">started"</span> <span class="pi">]</span> <span class="pi">}</span> <span class="na">preStop</span><span class="pi">:</span> <span class="na">exec</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">command</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">sh"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">sleep</span><span class="nv"> </span><span class="s">5"</span> <span class="pi">]</span> <span class="pi">}</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="na">runAsUser</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">runAsGroup</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">runAsNonRoot</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">allowPrivilegeEscalation</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">capabilities</span><span class="pi">:</span> <span class="na">add</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">NET_ADMIN</span> <span class="pi">]</span> <span class="na">drop</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">ALL</span> <span class="pi">]</span> <span class="na">stdin</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">tty</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">terminationMessagePath</span><span class="pi">:</span> <span class="s">/dev/termination-log</span> <span class="na">terminationMessagePolicy</span><span class="pi">:</span> <span class="s">File | FallbackToLogsOnError</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">emptyDir</span><span class="pi">:</span> <span class="pi">{}</span> <span class="c1"># or hostPath:</span> <span class="na">hostPath</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/var/data</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Directory | FileOrCreate | Socket | CharDevice | BlockDevice</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-config</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">config.yaml</span> <span class="na">path</span><span class="pi">:</span> <span class="s">config.yaml</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0644</span> <span class="na">defaultMode</span><span class="pi">:</span> <span class="m">0644</span> <span class="na">optional</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">my-secret</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">pvc-name</span> <span class="na">projected</span><span class="pi">:</span> <span class="na">sources</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-secret</span> <span class="pi">-</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-config</span> <span class="na">hostAlias</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">ip</span><span class="pi">:</span> <span class="s2">"</span><span class="s">127.0.0.1"</span> <span class="na">hostnames</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">local"</span><span class="pi">]</span> <span class="na">priorityClassName</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Always | OnFailure | Never</span> </code></pre> </div> <h3> Notes &amp; allowed types </h3> <ul> <li> <code>containerPort</code> is documentation-only; Kubernetes doesn't automatically expose it externally. Use Service <code>targetPort</code>.</li> <li> <code>imagePullPolicy</code> default depends on tag: <code>:latest</code> = Always, otherwise IfNotPresent.</li> <li> <code>resources</code> CPU format: integer cores (e.g. "2") or millicores ("500m"). Memory: "Mi", "Gi".</li> <li> <code>livenessProbe</code>, <code>readinessProbe</code>, <code>startupProbe</code> accept <code>httpGet</code>, <code>tcpSocket</code>, or <code>exec</code> forms.</li> <li> <code>volume</code> types: many specific drivers exist (CSI, awsElasticBlockStore, gcePersistentDisk, nfs, cinder, azureDisk, azureFile, cephFS, iscsi, rbd, flexVolume, vsphereVolume, portworxVolume, glusterfs, etc.)</li> </ul> <h1> 3 — Deployment (apps/v1) </h1> <p>Deployment manages ReplicaSets.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-deployment</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">3</span> <span class="c1"># desired pods</span> <span class="na">revisionHistoryLimit</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># retention of old ReplicaSets</span> <span class="na">minReadySeconds</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># pod must be ready for this many seconds</span> <span class="na">progressDeadlineSeconds</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># default 600</span> <span class="na">paused</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Recreate | RollingUpdate</span> <span class="na">rollingUpdate</span><span class="pi">:</span> <span class="na">maxUnavailable</span><span class="pi">:</span> <span class="s">int | "25%"</span> <span class="c1"># allowable unavailable pods during update</span> <span class="na">maxSurge</span><span class="pi">:</span> <span class="s">int | "25%"</span> <span class="c1"># extra pods beyond desired</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">app</span><span class="pi">:</span> <span class="nv">myapp</span> <span class="pi">}</span> <span class="c1"># required: must match template labels</span> <span class="na">matchExpressions</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">app</span><span class="pi">:</span> <span class="nv">myapp</span> <span class="pi">}</span> <span class="na">annotations</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">...</span> <span class="pi">}</span> <span class="na">spec</span><span class="pi">:</span> <span class="c1"># pod spec (see Pod section above)</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> </code></pre> </div> <h3> Important keys </h3> <ul> <li> <code>strategy.rollingUpdate.maxSurge</code> and <code>maxUnavailable</code> accept either integer or percentage strings.</li> <li> <code>selector</code> is immutable after creation for Deployments in <code>apps/v1</code>.</li> <li> <code>spec.template</code> is a Pod template. Any change triggers new ReplicaSet &amp; rolling update.</li> </ul> <h1> 4 — Service (v1) — full keys, examples, and allowed values </h1> <p>A Service exposes Pods.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-service</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">annotations</span><span class="pi">:</span> <span class="pi">{}</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ClusterIP | NodePort | LoadBalancer | ExternalName</span> <span class="na">selector</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">key</span><span class="pi">:</span> <span class="nv">value</span> <span class="pi">}</span> <span class="c1"># optional for ExternalName headless</span> <span class="na">clusterIP</span><span class="pi">:</span> <span class="s">&lt;ip&gt; | "None"</span> <span class="c1"># "None" -&gt; headless service</span> <span class="na">clusterIPs</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">&lt;ip&gt;</span><span class="pi">,</span> <span class="nv">...</span><span class="pi">]</span> <span class="c1"># IPv4/IPv6 support in multi-stack clusters</span> <span class="na">ipFamily</span><span class="pi">:</span> <span class="s">IPv4 | IPv6</span> <span class="c1"># deprecated in newer releases in favor of ipFamilies/ipFamilyPolicy</span> <span class="na">ipFamilies</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">IPv4"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">IPv6"</span> <span class="pi">]</span> <span class="na">ipFamilyPolicy</span><span class="pi">:</span> <span class="s">SingleStack | PreferDualStack | RequireDualStack</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># optional, used by DNS SRV and to identify port</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP | UDP | SCTP</span> <span class="na">port</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># required: the port exposed by the service (cluster)</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="s">&lt;int | string&gt;</span> <span class="c1"># name or number, forwards to pod's port</span> <span class="na">nodePort</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># (only for type NodePort or LoadBalancer) range 30000-32767 unless configured otherwise</span> <span class="na">appProtocol</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># optional: application protocol label (http, h2, grpc)</span> <span class="na">sessionAffinity</span><span class="pi">:</span> <span class="s">None | ClientIP</span> <span class="na">sessionAffinityConfig</span><span class="pi">:</span> <span class="na">clientIP</span><span class="pi">:</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># session affinity timeout</span> <span class="na">externalIPs</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">1.2.3.4"</span> <span class="pi">]</span> <span class="c1"># route traffic to Node ips; used in some envs</span> <span class="na">loadBalancerIP</span><span class="pi">:</span> <span class="s">&lt;ip&gt;</span> <span class="c1"># request specific LB IP (cloud-specific)</span> <span class="na">loadBalancerSourceRanges</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">0.0.0.0/0"</span> <span class="nv">or "192.0.2.0/24"</span> <span class="pi">]</span> <span class="c1"># accepted client CIDRs</span> <span class="na">externalTrafficPolicy</span><span class="pi">:</span> <span class="s">Cluster | Local</span> <span class="c1"># Cluster balances node-&gt;pod; Local preserves client source IP</span> <span class="na">healthCheckNodePort</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># healthcheck port for externalTrafficPolicy=Local</span> <span class="na">allocateLoadBalancerNodePorts</span><span class="pi">:</span> <span class="kc">true</span><span class="s">|false</span> <span class="na">topologyKeys</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">...</span> <span class="pi">]</span> <span class="c1"># legacy; prefer TopologySpreadConstraints</span> <span class="na">publishNotReadyAddresses</span><span class="pi">:</span> <span class="kc">true</span><span class="s">|false</span> <span class="na">internalTrafficPolicy</span><span class="pi">:</span> <span class="s">Cluster | Local</span> </code></pre> </div> <h3> Common examples </h3> <p><strong>ClusterIP (default)</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl expose deployment myapp <span class="nt">--port</span><span class="o">=</span>80 <span class="nt">--target-port</span><span class="o">=</span>3000 <span class="c"># creates service type=ClusterIP</span> </code></pre> </div> <p><strong>NodePort</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">3000</span> <span class="na">nodePort</span><span class="pi">:</span> <span class="m">31080</span> </code></pre> </div> <p><strong>LoadBalancer</strong> (cloud or MetalLB):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">LoadBalancer</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">3000</span> </code></pre> </div> <p><strong>ExternalName</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ExternalName</span> <span class="na">externalName</span><span class="pi">:</span> <span class="s">example.com</span> </code></pre> </div> <h3> Notes </h3> <ul> <li> <code>clusterIP: None</code> makes the service headless; no ClusterIP is allocated and DNS returns A records of pods (or SRV).</li> <li> <code>targetPort</code> may be a number or a named port that matches <code>containerPort.name</code> on the pod.</li> <li>Multiple ports are supported; each port object is independent.</li> </ul> <h1> 5 — Ingress (networking.k8s.io/v1) keys and values </h1> <p>Ingress routes HTTP(S) traffic to Services. Behavior depends on Ingress Controller.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">web-ingress</span> <span class="na">annotations</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">nginx.ingress.kubernetes.io/rewrite-target</span><span class="pi">:</span> <span class="nv">/</span> <span class="pi">}</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># ties to controller, e.g. "nginx"</span> <span class="na">defaultBackend</span><span class="pi">:</span> <span class="c1"># optional default backend</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">default-backend</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">80</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">example.com</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/foo</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix | Exact | ImplementationSpecific</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">myservice</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">80</span> <span class="na">tls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">example.com"</span> <span class="pi">]</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">tls-secret</span> <span class="c1"># TLS cert secret</span> </code></pre> </div> <h3> Notes: </h3> <ul> <li> <code>pathType</code>: <code>Exact</code> requires exact path match; <code>Prefix</code> matches path prefix; <code>ImplementationSpecific</code> lets controller decide.</li> <li>Annotations are controller-specific (nginx ingress supports many).</li> <li>Ingress controllers implement specifics for rewrite, auth, rate limiting, etc.</li> </ul> <h1> 6 — ConfigMap &amp; Secret </h1> <h2> ConfigMap (v1) </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ConfigMap</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-config</span> <span class="na">data</span><span class="pi">:</span> <span class="na">key1</span><span class="pi">:</span> <span class="s2">"</span><span class="s">value1"</span> <span class="na">key2</span><span class="pi">:</span> <span class="s2">"</span><span class="s">value2"</span> <span class="na">binaryData</span><span class="pi">:</span> <span class="c1"># base64-encoded binary blobs</span> <span class="na">bin1</span><span class="pi">:</span> <span class="s">&lt;base64&gt;</span> <span class="na">immutable</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="c1"># prevent updates (opt)</span> </code></pre> </div> <p>Use in Pod:</p> <ul> <li> <code>envFrom</code> with <code>configMapRef</code> </li> <li> <code>env</code> with <code>valueFrom.configMapKeyRef</code> </li> <li> <code>volume</code> with <code>configMap.name</code> and <code>items</code> mapping keys-&gt;paths</li> </ul> <h2> Secret (v1) </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Secret</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-secret</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Opaque | kubernetes.io/service-account-token | kubernetes.io/dockercfg | kubernetes.io/dockerconfigjson | kubernetes.io/basic-auth | kubernetes.io/ssh-auth | etc.</span> <span class="na">data</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">&lt;base64&gt;</span> <span class="na">password</span><span class="pi">:</span> <span class="s">&lt;base64&gt;</span> <span class="na">stringData</span><span class="pi">:</span> <span class="c1"># convenience field; server base64-encodes</span> <span class="na">username</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">password</span><span class="pi">:</span> <span class="s">pass</span> <span class="na">immutable</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> </code></pre> </div> <p>Use:</p> <ul> <li> <code>envFrom</code> secretRef</li> <li> <code>env</code> secretKeyRef</li> <li> <code>volume</code> type <code>secret</code> </li> </ul> <p><strong>Note</strong>: Secrets are base64-encoded, not encrypted unless using encryption at rest.</p> <h1> 7 — PersistentVolumes &amp; PersistentVolumeClaims </h1> <h2> PersistentVolume (PV) </h2> <p>PV spec fields:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolume</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-pv</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">capacity</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s2">"</span><span class="s">10Gi"</span> <span class="na">volumeMode</span><span class="pi">:</span> <span class="s">Filesystem | Block</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ReadWriteOnce</span> <span class="c1"># single node RW</span> <span class="pi">-</span> <span class="s">ReadOnlyMany</span> <span class="c1"># many nodes read-only</span> <span class="pi">-</span> <span class="s">ReadWriteMany</span> <span class="c1"># many nodes RW (depends on storage provider)</span> <span class="na">persistentVolumeReclaimPolicy</span><span class="pi">:</span> <span class="s">Retain | Recycle | Delete</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">my-storage-class</span> <span class="na">mountOptions</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">noatime"</span> <span class="pi">]</span> <span class="na">local</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/mnt/disks/ssd1</span> <span class="c1"># local volume</span> <span class="na">hostPath</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/data/pv1</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Directory | File | Socket | CharDevice | BlockDevice | DirectoryOrCreate</span> <span class="na">nfs</span><span class="pi">:</span> <span class="na">server</span><span class="pi">:</span> <span class="s">nfs.example.com</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/exported/path</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">csi</span><span class="pi">:</span> <span class="na">driver</span><span class="pi">:</span> <span class="s">my.csi.driver</span> <span class="na">volumeHandle</span><span class="pi">:</span> <span class="s">&lt;id&gt;</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">fsType</span><span class="pi">:</span> <span class="s">ext4</span> <span class="na">volumeAttributes</span><span class="pi">:</span> <span class="pi">{</span> <span class="s2">"</span><span class="s">attrib"</span><span class="pi">:</span> <span class="s2">"</span><span class="s">value"</span> <span class="pi">}</span> <span class="c1"># many other cloud-specific volume types exist (awsElasticBlockStore, gcePersistentDisk, azureDisk, azureFile, rbd, iscsi, cephfs, glusterfs, etc.)</span> </code></pre> </div> <h2> PersistentVolumeClaim (PVC) </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolumeClaim</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-pvc</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">[</span> <span class="nv">ReadWriteOnce</span> <span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s2">"</span><span class="s">10Gi"</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">my-storage-class</span> <span class="na">volumeName</span><span class="pi">:</span> <span class="s">my-pv</span> <span class="c1"># bind to specific PV</span> <span class="na">volumeMode</span><span class="pi">:</span> <span class="s">Filesystem | Block</span> </code></pre> </div> <p>PVC binds to a PV that matches <code>storageClassName</code>, <code>accessModes</code>, <code>capacity</code> and optional selector.</p> <h1> 8 — StatefulSet (apps/v1) </h1> <p>Used for stateful workloads with stable network IDs and persistent storage.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">StatefulSet</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">web</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">serviceName</span><span class="pi">:</span> <span class="s2">"</span><span class="s">web-headless"</span> <span class="c1"># headless service providing network identity</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">3</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">app</span><span class="pi">:</span> <span class="nv">web</span> <span class="pi">}</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">app</span><span class="pi">:</span> <span class="nv">web</span> <span class="pi">}</span> <span class="na">spec</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">containers</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="pi">}</span> <span class="na">volumeClaimTemplates</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">ReadWriteOnce"</span> <span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">10Gi</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">sc</span> <span class="na">podManagementPolicy</span><span class="pi">:</span> <span class="s">OrderedReady | Parallel</span> <span class="na">updateStrategy</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">RollingUpdate | OnDelete</span> <span class="na">rollingUpdate</span><span class="pi">:</span> <span class="na">partition</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="c1"># number of pods not updated</span> <span class="na">revisionHistoryLimit</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> </code></pre> </div> <p>Notes:</p> <ul> <li>Pods created with stable names: <code>web-0</code>, <code>web-1</code>, ...</li> <li> <code>serviceName</code> must refer to a headless service (<code>clusterIP: None</code>) that governs DNS.</li> </ul> <h1> 9 — DaemonSet (apps/v1) </h1> <p>DaemonSet runs a copy of a pod on each selected node.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">DaemonSet</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-daemon</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">name</span><span class="pi">:</span> <span class="nv">daemon</span> <span class="pi">}</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">name</span><span class="pi">:</span> <span class="nv">daemon</span> <span class="pi">}</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="na">updateStrategy</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">RollingUpdate | OnDelete</span> <span class="na">rollingUpdate</span><span class="pi">:</span> <span class="na">maxUnavailable</span><span class="pi">:</span> <span class="s">int | "25%"</span> </code></pre> </div> <p>Common use: logging, monitoring agents, system daemons.</p> <h1> 10 — Job &amp; CronJob (batch) </h1> <h2> Job </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Job</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">myjob</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">parallelism</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">completions</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">backoffLimit</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">template</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Never | OnFailure</span> </code></pre> </div> <h2> CronJob </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">batch/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">CronJob</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mycron</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">schedule</span><span class="pi">:</span> <span class="s2">"</span><span class="s">*/5</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*</span><span class="nv"> </span><span class="s">*"</span> <span class="c1"># cron expression</span> <span class="na">startingDeadlineSeconds</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">concurrencyPolicy</span><span class="pi">:</span> <span class="s">Allow | Forbid | Replace</span> <span class="na">successfulJobsHistoryLimit</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">failedJobsHistoryLimit</span><span class="pi">:</span> <span class="s">&lt;int&gt;</span> <span class="na">jobTemplate</span><span class="pi">:</span> <span class="na">spec</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">template</span><span class="pi">:</span> <span class="nv">...</span> <span class="pi">}</span> </code></pre> </div> <h1> 11 — NetworkPolicy (networking.k8s.io/v1) </h1> <p>Controls Pod-level L3/L4 access. If no network plugin supports NetworkPolicy, it does nothing.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">NetworkPolicy</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">allow-from-frontend</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">podSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">role</span><span class="pi">:</span> <span class="s">db</span> <span class="na">policyTypes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">Ingress</span> <span class="pi">-</span> <span class="s">Egress</span> <span class="na">ingress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">from</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">podSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">role</span><span class="pi">:</span> <span class="nv">frontend</span> <span class="pi">}</span> <span class="pi">-</span> <span class="na">namespaceSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">team</span><span class="pi">:</span> <span class="nv">qa</span> <span class="pi">}</span> <span class="pi">-</span> <span class="na">ipBlock</span><span class="pi">:</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">172.17.0.0/16</span> <span class="na">except</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">172.17.1.0/24</span><span class="pi">]</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">5432</span> <span class="na">egress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">to</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">ipBlock</span><span class="pi">:</span> <span class="na">cidr</span><span class="pi">:</span> <span class="s">0.0.0.0/0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">53</span> </code></pre> </div> <p>Key fields:</p> <ul> <li> <code>podSelector</code> selects the pods the policy applies to (empty selects all pods).</li> <li> <code>policyTypes</code> default to Ingress if <code>ingress</code> specified, Egress if <code>egress</code> specified.</li> <li> <code>from</code>/<code>to</code> entries accept <code>podSelector</code>, <code>namespaceSelector</code>, <code>ipBlock</code>.</li> <li> <code>ports</code> accept port number or name and protocol.</li> </ul> <h1> 12 — RBAC (Authorization) — Role, ClusterRole, RoleBinding, ClusterRoleBinding </h1> <h2> Role (namespace-scoped) </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Role</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pod-reader</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">apiGroups</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">pods"</span><span class="pi">]</span> <span class="na">verbs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">get"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">watch"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">list"</span><span class="pi">]</span> </code></pre> </div> <h2> ClusterRole (cluster-scoped) </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ClusterRole</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">apiGroups</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">"</span><span class="pi">]</span> <span class="na">resources</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">nodes"</span><span class="pi">]</span> <span class="na">verbs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">get"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">list"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">watch"</span><span class="pi">]</span> </code></pre> </div> <h2> RoleBinding or ClusterRoleBinding </h2> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">RoleBinding</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">read-pods</span> <span class="na">subjects</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">User | Group | ServiceAccount</span> <span class="na">name</span><span class="pi">:</span> <span class="s">&lt;name&gt;</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">&lt;namespace&gt;</span> <span class="c1"># for ServiceAccount</span> <span class="na">roleRef</span><span class="pi">:</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Role | ClusterRole</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pod-reader</span> <span class="na">apiGroup</span><span class="pi">:</span> <span class="s">rbac.authorization.k8s.io</span> </code></pre> </div> <h1> 13 — ServiceAccount </h1> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ServiceAccount</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-service-account</span> <span class="na">automountServiceAccountToken</span><span class="pi">:</span> <span class="kc">true</span><span class="s"> | </span><span class="kc">false</span> <span class="na">imagePullSecrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">regsecret</span> </code></pre> </div> <p>ServiceAccounts are used by pods to access the API server; token secrets are auto-generated unless <code>automountServiceAccountToken: false</code>.</p> <h1> 14 — Pod SecurityContext vs Container securityContext </h1> <p><strong>Pod-level securityContext</strong> (applies to all containers unless overridden):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="na">runAsUser</span><span class="pi">:</span> <span class="m">1000</span> <span class="na">runAsGroup</span><span class="pi">:</span> <span class="m">3000</span> <span class="na">runAsNonRoot</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">fsGroup</span><span class="pi">:</span> <span class="m">2000</span> <span class="na">seLinuxOptions</span><span class="pi">:</span> <span class="na">level</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s0:c123,c456"</span> <span class="na">sysctls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">net.core.somaxconn</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1024"</span> </code></pre> </div> <p><strong>Container-level securityContext</strong> overrides pod-level:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="na">allowPrivilegeEscalation</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">capabilities</span><span class="pi">:</span> <span class="na">drop</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">ALL"</span><span class="pi">]</span> </code></pre> </div> <h1> 15 — Probes (readiness/liveness/startup) detailed </h1> <p>Probe object:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/healthz</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="c1"># number or name</span> <span class="na">host</span><span class="pi">:</span> <span class="s">&lt;string&gt;</span> <span class="c1"># optional, rarely used in k8s</span> <span class="na">scheme</span><span class="pi">:</span> <span class="s">HTTP | HTTPS</span> <span class="na">httpHeaders</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">X-Header</span> <span class="na">value</span><span class="pi">:</span> <span class="s">val</span> <span class="na">tcpSocket</span><span class="pi">:</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">exec</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span> <span class="s2">"</span><span class="s">cat"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">/tmp/healthy"</span> <span class="pi">]</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">0</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="m">1</span> <span class="na">successThreshold</span><span class="pi">:</span> <span class="m">1</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">3</span> </code></pre> </div> <ul> <li> <code>startupProbe</code> used for slow-starting containers; livenessProbe disabled until startupProbe succeeds.</li> </ul> <h1> 16 — Volumes: common types (fields and values) </h1> <ul> <li><code>emptyDir: { medium: "" | "Memory", sizeLimit: "1Gi" }</code></li> <li><code>hostPath: { path: "/data", type: DirectoryOrCreate }</code></li> <li><code>configMap: { name: my-config, items: [{key: k, path: p}], defaultMode: 0444 }</code></li> <li><code>secret: { secretName: my-secret, items: [...] }</code></li> <li><code>persistentVolumeClaim: { claimName: my-pvc }</code></li> <li><code>projected: { sources: [{configMap: {name: ...}}, {secret: {name: ...}}], defaultMode: 0644 }</code></li> <li><code>downwardAPI: { items: [{ path: "labels", fieldRef: { fieldPath: metadata.labels['app'] } }], defaultMode: 0644 }</code></li> <li><code>csi: { driver: driver.name, volumeAttributes, nodePublishSecretRef }</code></li> <li><code>nfs: { server: &lt;ip|hostname&gt;, path: &lt;path&gt;, readOnly: false }</code></li> </ul> <h1> 17 — Topology, scheduling and affinity in detail </h1> <h3> NodeSelector (simple) </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">disktype</span><span class="pi">:</span> <span class="s">ssd</span> </code></pre> </div> <h3> Tolerations &amp; Taints </h3> <ul> <li>Taints applied to nodes: <code>kubectl taint nodes node1 key=value:NoSchedule</code> </li> <li>Pod tolerations permit pods to be scheduled on tainted nodes.</li> </ul> <p>Toleration example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">tolerations</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">key"</span> <span class="na">operator</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Equal"</span> <span class="c1"># or "Exists"</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">value"</span> <span class="na">effect</span><span class="pi">:</span> <span class="s2">"</span><span class="s">NoSchedule"</span> <span class="na">tolerationSeconds</span><span class="pi">:</span> <span class="m">3600</span> </code></pre> </div> <h3> Affinity (advanced) </h3> <ul> <li> <code>nodeAffinity</code> with <code>requiredDuringSchedulingIgnoredDuringExecution</code> or <code>preferredDuringSchedulingIgnoredDuringExecution</code> (weights).</li> <li> <code>podAffinity</code> and <code>podAntiAffinity</code> use <code>labelSelector</code> and <code>topologyKey</code> (e.g., <code>kubernetes.io/hostname</code> or <code>topology.kubernetes.io/zone</code>).</li> </ul> <h3> TopologySpreadConstraints (v1) </h3> <p>Controls even distribution across topology domains.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">topologySpreadConstraints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">maxSkew</span><span class="pi">:</span> <span class="m">1</span> <span class="na">topologyKey</span><span class="pi">:</span> <span class="s2">"</span><span class="s">topology.kubernetes.io/zone"</span> <span class="na">whenUnsatisfiable</span><span class="pi">:</span> <span class="s">DoNotSchedule | ScheduleAnyway</span> <span class="na">labelSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">app</span><span class="pi">:</span> <span class="nv">myapp</span> <span class="pi">}</span> </code></pre> </div> <h1> 18 — Service Discovery / DNS details </h1> <p>Service names resolve in the cluster via CoreDNS:</p> <ul> <li> <code>&lt;service&gt;</code> -&gt; resolves to ClusterIP</li> <li> <code>&lt;service&gt;.&lt;namespace&gt;</code> and <code>&lt;service&gt;.&lt;namespace&gt;.svc.cluster.local</code> fully qualified.</li> </ul> <p>When Service has multiple ports with names, SRV records are created.</p> <h1> 19 — Advanced Service fields and behaviors </h1> <ul> <li> <code>publishNotReadyAddresses</code> → if true, DNS returns endpoints even if pods are not readiness-ready.</li> <li> <code>externalTrafficPolicy: Local</code> preserves client source IP but requires health checks and careful node-level routing.</li> <li> <code>sessionAffinity</code> and <code>sessionAffinityConfig</code> control client stickiness.</li> <li> <code>loadBalancerSourceRanges</code> restrict which CIDRs can access the LoadBalancer.</li> </ul> <h1> 20 — CLI shortcuts: kubectl create / expose / apply examples </h1> <p><strong>Create deployment</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl create deployment nginx <span class="nt">--image</span><span class="o">=</span>nginx kubectl apply <span class="nt">-f</span> deployment.yaml </code></pre> </div> <p><strong>Expose as ClusterIP</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl expose deployment nginx <span class="nt">--port</span><span class="o">=</span>80 <span class="nt">--target-port</span><span class="o">=</span>80 <span class="nt">--name</span> nginx-svc </code></pre> </div> <p><strong>Create NodePort</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl expose deployment nginx <span class="nt">--type</span><span class="o">=</span>NodePort <span class="nt">--name</span> nginx-node <span class="nt">--port</span><span class="o">=</span>80 <span class="nt">--target-port</span><span class="o">=</span>80 <span class="nt">--node-port</span><span class="o">=</span>31080 </code></pre> </div> <p><strong>Get resource</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl get pods kubectl get svc <span class="nt">-o</span> wide kubectl describe svc nginx-svc kubectl get ingress kubectl logs pod/mypod </code></pre> </div> <p><strong>Edit now</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>kubectl apply <span class="nt">-f</span> myfile.yaml kubectl rollout status deployment/my-deployment kubectl rollout undo deployment/my-deployment </code></pre> </div> <h1> 21 — Useful conventions and best practices (expanded) </h1> <ul> <li> <strong>Labels</strong>: use a consistent schema: <code>app=NAME</code>, <code>app.kubernetes.io/name</code>, <code>app.kubernetes.io/instance</code>, <code>app.kubernetes.io/version</code>, <code>app.kubernetes.io/component</code>, <code>app.kubernetes.io/part-of</code>, <code>app.kubernetes.io/managed-by</code>.</li> <li> <strong>Annotations</strong>: for non-selection metadata, e.g., <code>kubectl.kubernetes.io/last-applied-configuration</code>, <code>prometheus.io/scrape: "true"</code>, <code>prometheus.io/port: "9100"</code>.</li> <li> <strong>Resource requests/limits</strong>: always set <code>resources.requests</code> and <code>resources.limits</code>. <code>requests</code> are used by scheduler to choose node. <code>limits</code> enforce cgroup limits.</li> <li> <strong>Probes</strong>: prefer TCP or HTTP probes rather than only liveness commands.</li> <li> <strong>Security</strong>: set <code>runAsNonRoot: true</code>, drop capabilities, avoid privileged containers.</li> <li> <strong>Image pull secrets</strong>: use <code>imagePullSecrets</code> in Pod spec.</li> <li> <strong>Immutable</strong> configmaps/secrets: use <code>immutable: true</code> if not changing.</li> <li> <strong>NetworkPolicy</strong>: default deny policy recommended for multi-tenant or security-sensitive clusters.</li> <li> <strong>RBAC least privilege</strong>: grant only required verbs and API groups.</li> <li> <strong>Pod Disruption Budgets (PDB)</strong>: set <code>minAvailable</code> or <code>maxUnavailable</code> to control voluntary disruptions.</li> </ul> <h1> 22 — Quick reference: container fields (compact) </h1> <ul> <li> <code>name</code> (string) - required</li> <li> <code>image</code> (string) - required</li> <li> <code>imagePullPolicy</code> - <code>Always|IfNotPresent|Never</code> </li> <li> <code>command</code> - array - entrypoint override</li> <li> <code>args</code> - array - command args override</li> <li> <code>env</code> - array of { name, value | valueFrom }</li> <li> <code>envFrom</code> - array of configMapRef / secretRef</li> <li> <code>ports</code> - array of { name?, containerPort:int, protocol? }</li> <li> <code>resources</code> - { limits: { cpu, memory }, requests: { cpu, memory } }</li> <li> <code>volumeMounts</code> - array of { name, mountPath, readOnly?, subPath? }</li> <li> <code>livenessProbe</code>, <code>readinessProbe</code>, <code>startupProbe</code> - probes</li> <li> <code>lifecycle</code> - preStop/postStart</li> <li> <code>securityContext</code> - container-level security settings</li> <li> <code>stdin</code>, <code>tty</code> - booleans</li> <li> <code>terminationMessagePath</code>, <code>terminationMessagePolicy</code> </li> </ul> <h1> 23 — Headless services and DNS SRV usage </h1> <ul> <li> <code>clusterIP: None</code> makes service headless; DNS A records return the Pod IPs directly.</li> <li>Useful for StatefulSets (stable network IDs) and for service discovery (headless with SRV records for per-port discovery).</li> </ul> <h1> 24 — Examples: multi-port Service mapping to pods (complete) </h1> <p><strong>Pod</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">multi-pod</span> <span class="na">labels</span><span class="pi">:</span> <span class="pi">{</span> <span class="nv">app</span><span class="pi">:</span> <span class="nv">multi</span> <span class="pi">}</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">web</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myweb:1.0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">3000</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">7000</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">metrics</span> <span class="na">image</span><span class="pi">:</span> <span class="s">metrics:1.0</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">metrics</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">9090</span> </code></pre> </div> <p><strong>Service</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">multi-svc</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">multi</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">3000</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">port</span><span class="pi">:</span> <span class="m">7000</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">7000</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">metrics</span> <span class="na">port</span><span class="pi">:</span> <span class="m">9090</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">9090</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> </code></pre> </div> <h1> 25 — Troubleshooting checklist (networking / ports) </h1> <ul> <li> <code>kubectl get endpoints &lt;svc&gt;</code> → should show Pod IPs:ports that the Service forwards to.</li> <li> <code>kubectl describe svc &lt;svc&gt;</code> → shows ClusterIP, ports, selectors, events.</li> <li> <code>kubectl exec -it &lt;somepod&gt; -- curl &lt;ClusterIP&gt;:&lt;port&gt;</code> → test in-cluster access.</li> <li> <code>kubectl logs &lt;pod&gt;</code> → check app is listening on expected port.</li> <li> <code>kubectl get pods -o wide</code> → shows pod IP and node info.</li> <li>Check NetworkPolicy denies/permits traffic.</li> <li>For NodePort/LoadBalancer: check firewall, host firewall and cloud provider security groups.</li> </ul> kubernetes FULL GUIDE TO KUBERNETES YAML Harsh Mishra Fri, 28 Nov 2025 10:32:33 +0000 https://forem.com/harshm03/full-guide-to-kubernetes-yaml-ib1 https://forem.com/harshm03/full-guide-to-kubernetes-yaml-ib1 <h1> 🌀 <strong>SECTION 1 — What is Kubernetes YAML?</strong> </h1> <p>Kubernetes YAML is the declarative configuration language used to define <strong>how Kubernetes should create, manage, and orchestrate resources</strong> within a cluster. It serves as the primary method for specifying the desired state of Kubernetes objects, allowing the Kubernetes control plane to reconcile the current state with the desired state automatically. YAML (YAML Ain't Markup Language) is chosen for its human-readable format, which uses indentation for structure rather than brackets or braces like JSON.</p> <p>Kubernetes YAML files are used to define and manage a wide array of resources, including but not limited to:</p> <ul> <li> <strong>Pods</strong>: The smallest deployable units that encapsulate one or more containers.</li> <li> <strong>Deployments</strong>: Higher-level controllers that manage ReplicaSets to ensure a specified number of Pod replicas are running.</li> <li> <strong>Services</strong>: Abstractions that define a logical set of Pods and a policy to access them, typically over a network.</li> <li> <strong>ConfigMaps</strong>: Objects that store non-confidential configuration data in key-value pairs, which can be injected into Pods as environment variables, command-line arguments, or files in volumes.</li> <li> <strong>Secrets</strong>: Similar to ConfigMaps but for sensitive data like passwords, tokens, or keys; data is base64-encoded but not encrypted by default.</li> <li> <strong>Ingress</strong>: Resources that manage external access to Services, typically HTTP/HTTPS, providing load balancing, SSL termination, and name-based virtual hosting.</li> <li> <strong>NetworkPolicies</strong>: Specifications for network isolation and traffic control between Pods, using labels to define allowed/denied flows.</li> <li> <strong>PersistentVolumes (PV)</strong>: Cluster-wide storage provisions that are independent of any Pod, representing a piece of storage in the cluster.</li> <li> <strong>PersistentVolumeClaims (PVC)</strong>: Requests for storage by users, which bind to suitable PVs.</li> <li> <strong>StatefulSets</strong>: Controllers for managing stateful applications, ensuring stable network identities and ordered deployment/scaling.</li> <li> <strong>DaemonSets</strong>: Ensure a copy of a Pod runs on all (or some) nodes, useful for node-level agents like logging or monitoring daemons.</li> </ul> <p>Kubernetes reads YAML files via commands like <code>kubectl apply -f file.yaml</code> and produces <strong>API objects</strong> that are stored in etcd (the cluster's key-value store). These objects are then acted upon by various Kubernetes components, such as the API Server (validates and persists), Controller Manager (reconciles state), and Scheduler (assigns Pods to nodes). YAML supports both single-document files and multi-document files separated by <code>---</code>, enabling atomic application of multiple resources.</p> <p>YAML files must be valid YAML syntax; invalid files will result in API server rejection. Kubernetes supports JSON as an alternative, but YAML is preferred for readability. All fields are case-sensitive, and Kubernetes enforces schema validation based on the specified <code>apiVersion</code>.</p> <h1> 🧱 <strong>SECTION 2 — BASIC STRUCTURE OF A KUBERNETES YAML FILE</strong> </h1> <p>All Kubernetes YAML files follow this core structure, which is mandatory for all API objects. This structure ensures consistency across resources and allows the API server to parse and validate the configuration declaratively:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>apiVersion: &lt;api-group/version&gt; kind: &lt;ResourceType&gt; metadata: name: &lt;resource-name&gt; labels: key: value spec: ... resource-specific fields ... </code></pre> </div> <p>This structure is derived from the Kubernetes API conventions, where <code>apiVersion</code> and <code>kind</code> identify the schema, <code>metadata</code> provides identity and auxiliary data, and <code>spec</code> defines the desired state. Omitting any top-level field (except where optional) will cause validation errors. The <code>status</code> field is auto-generated by Kubernetes and should not be included in YAML files—it's read-only and reports the observed state.</p> <p>Let’s break this down in exhaustive detail, including all possible keys, their types, values, and rules.</p> <h1> 🔷 <strong>1. apiVersion</strong> </h1> <p>Specifies <strong>which version</strong> of the Kubernetes API you’re using. This field is required and determines the group, version, and schema validation rules applied by the API server. It follows the format <code>&lt;group&gt;/&lt;version&gt;</code>, where the group is optional (defaults to core for basic resources) and the version indicates stability (e.g., <code>v1</code> for stable).</p> <p><strong>Rules</strong>:</p> <ul> <li>Must be a valid string matching an existing API group/version registered in the cluster.</li> <li>Use <code>kubectl api-versions</code> to list available versions.</li> <li>Mismatches cause immediate rejection (e.g., "no kind 'Pod' is registered for version 'v2'").</li> <li>For custom resources (CRDs), use <code>&lt;group&gt;/&lt;version&gt;</code> like <code>example.com/v1alpha1</code>.</li> <li>Versions evolve: <code>v1beta1</code> → <code>v1</code> (stable); avoid betas in production.</li> </ul> <p>Common apiVersions (expanded to include more resources for completeness; this is not exhaustive—Kubernetes has 100+ kinds):</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Resource Type</th> <th>apiVersion</th> <th>Group Notes</th> <th>Stability Level</th> <th>Common Use Case</th> </tr> </thead> <tbody> <tr> <td>Pod</td> <td>v1</td> <td>core (empty group)</td> <td>Stable</td> <td>Basic container orchestration</td> </tr> <tr> <td>Service</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Network abstraction</td> </tr> <tr> <td>ConfigMap</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Non-sensitive config</td> </tr> <tr> <td>Secret</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Sensitive data storage</td> </tr> <tr> <td>PersistentVolume</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Cluster storage provision</td> </tr> <tr> <td>PersistentVolumeClaim</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Storage requests</td> </tr> <tr> <td>Namespace</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Logical isolation</td> </tr> <tr> <td>LimitRange</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Resource quota enforcement</td> </tr> <tr> <td>ResourceQuota</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Namespace resource limits</td> </tr> <tr> <td>Deployment</td> <td>apps/v1</td> <td>apps</td> <td>Stable</td> <td>Stateless app scaling</td> </tr> <tr> <td>ReplicaSet</td> <td>apps/v1</td> <td>apps</td> <td>Stable</td> <td>Pod replica management</td> </tr> <tr> <td>StatefulSet</td> <td>apps/v1</td> <td>apps</td> <td>Stable</td> <td>Stateful app orchestration</td> </tr> <tr> <td>DaemonSet</td> <td>apps/v1</td> <td>apps</td> <td>Stable</td> <td>Node-level daemons</td> </tr> <tr> <td>Job</td> <td>batch/v1</td> <td>batch</td> <td>Stable</td> <td>One-off tasks</td> </tr> <tr> <td>CronJob</td> <td>batch/v1</td> <td>batch</td> <td>Stable</td> <td>Scheduled tasks</td> </tr> <tr> <td>Ingress</td> <td>networking.k8s.io/v1</td> <td>networking.k8s.io</td> <td>Stable</td> <td>HTTP routing</td> </tr> <tr> <td>NetworkPolicy</td> <td>networking.k8s.io/v1</td> <td>networking.k8s.io</td> <td>Stable</td> <td>Pod network isolation</td> </tr> <tr> <td>HorizontalPodAutoscaler</td> <td>autoscaling/v2</td> <td>autoscaling</td> <td>Stable</td> <td>Scaling based on metrics</td> </tr> <tr> <td>VerticalPodAutoscaler</td> <td>autoscaling.k8s.io/v1</td> <td>autoscaling.k8s.io</td> <td>Beta</td> <td>Vertical scaling</td> </tr> <tr> <td>Role</td> <td>rbac.authorization.k8s.io/v1</td> <td>rbac.authorization.k8s.io</td> <td>Stable</td> <td>Namespace RBAC</td> </tr> <tr> <td>ClusterRole</td> <td>rbac.authorization.k8s.io/v1</td> <td>rbac.authorization.k8s.io</td> <td>Stable</td> <td>Cluster-wide RBAC</td> </tr> <tr> <td>ServiceAccount</td> <td>v1</td> <td>core</td> <td>Stable</td> <td>Pod identity for auth</td> </tr> </tbody> </table></div> <p><strong>Values Types</strong>: String only. Invalid formats (e.g., numbers, booleans) cause parse errors.</p> <h1> 🔷 <strong>2. kind</strong> </h1> <p>Defines the <strong>type of object</strong> being created. This is a required string that, combined with <code>apiVersion</code>, uniquely identifies the resource schema. Kubernetes uses this to route the request to the appropriate API endpoint.</p> <p><strong>Rules</strong>:</p> <ul> <li>Case-sensitive; must match exactly (e.g., "Pod", not "pod").</li> <li>Use <code>kubectl api-resources</code> to list all kinds and their shorthand.</li> <li>Custom resources use CRD-defined kinds.</li> <li>Invalid kinds return "the server could not find the requested resource".</li> </ul> <p>Examples (expanded list for completeness):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>kind: Pod # Atomic container group kind: Service # Network endpoint abstraction kind: Deployment # ReplicaSet manager for updates kind: ReplicaSet # Direct Pod replica controller kind: StatefulSet # Ordered, stable Pod replicas kind: DaemonSet # Per-node Pod replicas kind: Job # Finite completion task kind: CronJob # Scheduled Jobs kind: ConfigMap # Key-value config store kind: Secret # Encoded sensitive data kind: Ingress # External HTTP access kind: NetworkPolicy # Egress/ingress rules kind: PersistentVolume # Storage provision kind: PersistentVolumeClaim # Storage binding request kind: Namespace # Virtual cluster partition kind: Role # RBAC permissions in namespace kind: ServiceAccount # Pod auth identity </code></pre> </div> <p><strong>Values Types</strong>: String only. Must be a registered kind in the apiVersion.</p> <h1> 🔷 <strong>3. metadata</strong> </h1> <p>Contains identifiers and auxiliary data about the object. This is required (though some fields are optional), and it's used for discovery, selection, and tracking. Metadata is immutable in parts (e.g., name after creation) and cluster-wide unique within namespaces.</p> <p><strong>Full Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>metadata: name: &lt;string&gt; # Required: Unique identifier generateName: &lt;string&gt; # Optional: Prefix for auto-generated name namespace: &lt;string&gt; # Optional: Default to 'default' uid: &lt;string&gt; # Auto-generated, read-only resourceVersion: &lt;string&gt; # Auto-generated, for optimistic concurrency generation: &lt;integer&gt; # Auto-incremented on spec changes creationTimestamp: &lt;string&gt; # Auto-generated ISO8601 timestamp deletionTimestamp: &lt;string&gt; # Set during graceful deletion deletionGracePeriodSeconds: &lt;integer&gt; # Optional: Seconds before hard delete labels: &lt;map[string]string&gt; # Optional: Key-value tags for selection annotations: &lt;map[string]string&gt; # Optional: Non-identifying metadata ownerReferences: &lt;array&gt; # Optional: Garbage collection links finalizers: &lt;array[string]&gt; # Optional: Hooks before deletion managedFields: &lt;array&gt; # Auto-generated: Managed field tracking </code></pre> </div> <h3> Detailed Field Breakdown: </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>name</td> <td>string</td> <td>Yes (unless generateName)</td> <td>Alphanumeric + '-', '.' (63 chars max, DNS-1123 compliant)</td> <td>Unique name within namespace. Immutable after creation. Use for <code>kubectl get &lt;name&gt;</code>.</td> </tr> <tr> <td>generateName</td> <td>string</td> <td>No</td> <td>Alphanumeric + '-', '.' (prefix, up to 63 chars)</td> <td>If name omitted, auto-generates <code>&lt;generateName&gt;-&lt;random&gt;</code> (e.g., "myapp-abc123"). Useful for temp resources.</td> </tr> <tr> <td>namespace</td> <td>string</td> <td>No</td> <td>Valid namespace name (DNS-1123: lowercase alphanumeric + '-')</td> <td>Logical isolation scope. Defaults to 'default'. Must exist or creation fails.</td> </tr> <tr> <td>uid</td> <td>string</td> <td>No (auto)</td> <td>UUID string (e.g., "a1b2c3d4-...")</td> <td>Unique cluster-wide ID. Read-only.</td> </tr> <tr> <td>resourceVersion</td> <td>string</td> <td>No (auto)</td> <td>Opaque string (e.g., "12345")</td> <td>ETag for concurrency control. Use in <code>kubectl apply --server-side</code> for updates.</td> </tr> <tr> <td>generation</td> <td>integer</td> <td>No (auto)</td> <td>Non-negative int (starts at 1)</td> <td>Counts spec changes. Used for status reconciliation.</td> </tr> <tr> <td>creationTimestamp</td> <td>string</td> <td>No (auto)</td> <td>RFC3339 (e.g., "2025-11-28T10:00:00Z")</td> <td>Object creation time.</td> </tr> <tr> <td>deletionTimestamp</td> <td>string</td> <td>No (auto)</td> <td>RFC3339</td> <td>Marks for deletion; triggers finalizers.</td> </tr> <tr> <td>deletionGracePeriodSeconds</td> <td>integer</td> <td>No</td> <td>Non-negative int (default 30)</td> <td>Time to wait for graceful shutdown before force delete.</td> </tr> <tr> <td>labels</td> <td>map[string]string</td> <td>No</td> <td>Keys: DNS-1123 labels (63 chars); Values: strings (63 chars, no ':' in key)</td> <td>Semantic tags (e.g., {"app": "nginx", "env": "prod"}). Used by selectors, GC. Keys unique per object.</td> </tr> <tr> <td>annotations</td> <td>map[string]string</td> <td>No</td> <td>Keys: arbitrary strings (up to 508 chars total per entry); Values: strings</td> <td>Non-controlling metadata (e.g., {"description": "My app", "build/version": "v1.2"}). Not for selection. Total size &lt; 1MB per object.</td> </tr> <tr> <td>ownerReferences</td> <td>array of objects</td> <td>No</td> <td>Each: {apiVersion: string, kind: string, name: string, uid: string, controller: bool, blockOwnerDeletion: bool}</td> <td>Links child to parent (e.g., Pod owned by ReplicaSet). Enables cascading delete.</td> </tr> <tr> <td>finalizers</td> <td>array[string]</td> <td>No</td> <td>Strings like "kubernetes.io/pv-protection"</td> <td>Blocks deletion until handler completes (e.g., PV release). Custom finalizers possible.</td> </tr> <tr> <td>managedFields</td> <td>array of objects</td> <td>No (auto)</td> <td>Each: {manager: string, operation: string, apiVersion: string, time: string, fieldsType: string, fieldsV1: object}</td> <td>Tracks which manager (e.g., "kubectl") modified fields. For conflict resolution.</td> </tr> </tbody> </table></div> <p><strong>Rules</strong>: Metadata fields are validated at creation/update. Labels/annotations keys must not start with special prefixes like "kubernetes.io/". Use <code>kubectl label</code> for post-creation updates.</p> <h1> 🔷 <strong>4. spec</strong> </h1> <p>This is the <strong>heart</strong> of the YAML — the declarative description of the desired state for the resource. It is required for most kinds and contains type-specific fields. The spec is reconciled by controllers to match reality, reported in <code>status</code>.</p> <p><strong>General Rules</strong>:</p> <ul> <li>Fields are nested objects, arrays, strings, ints, bools, or enums.</li> <li>Optional fields default to cluster values (e.g., restartPolicy: Always for Pods).</li> <li>Immutable fields (e.g., Deployment selector) cannot change without recreation.</li> <li>Validation: Schema-enforced (e.g., ports must be 1-65535).</li> <li>Every “kind” has its own spec structure, detailed in Section 3. Examples: <ul> <li>Deployment: <code>spec.replicas</code> (int), <code>spec.selector</code> (LabelSelector), <code>spec.template</code> (PodTemplateSpec), <code>spec.strategy</code> (DeploymentStrategy).</li> <li>Service: <code>spec.selector</code> (map[string]string), <code>spec.type</code> (enum: ClusterIP/NodePort/LoadBalancer/ExternalName/Headless), <code>spec.ports</code> (array of ServicePort).</li> <li>Pod: <code>spec.containers</code> (array of Container), <code>spec.volumes</code> (array of Volume), <code>spec.restartPolicy</code> (enum: Always/OnFailure/Never), <code>spec.activeDeadlineSeconds</code> (int), <code>spec.terminationGracePeriodSeconds</code> (int), <code>spec.dnsPolicy</code> (enum: ClusterFirst/None/Default), <code>spec.serviceAccountName</code> (string), <code>spec.securityContext</code> (PodSecurityContext), <code>spec.initContainers</code> (array of Container), <code>spec.ephemeralContainers</code> (array of EphemeralContainer), <code>spec.tolerations</code> (array of Toleration), <code>spec.affinity</code> (Affinity), <code>spec.schedulerName</code> (string), <code>spec.priorityClassName</code> (string), <code>spec.priority</code> (int), <code>spec.preemptionPolicy</code> (enum: PreemptLowerPriority/Never), <code>spec.enableServiceLinks</code> (bool), <code>spec.hostname</code> (string), <code>spec.subdomain</code> (string), <code>spec.nodeSelector</code> (map[string]string), <code>spec.runtimeClassName</code> (string), <code>spec.readinessGates</code> (array of PodReadinessGate).</li> <li>Ingress: <code>spec.rules</code> (array of IngressRule), <code>spec.tls</code> (array of IngressTLS), <code>spec.defaultBackend</code> (IngressBackend), <code>spec.ingressClassName</code> (string).</li> </ul> </li> </ul> <p>Spec fields vary by kind; see Section 3 for exhaustive breakdowns. Use <code>kubectl explain &lt;kind&gt;.spec</code> for CLI documentation.</p> <h1> 🟣 <strong>SECTION 3 — FULL BREAKDOWN OF COMMON KUBERNETES RESOURCES</strong> </h1> <p>This section provides exhaustive details for each resource, including ALL possible keys in spec (and metadata where relevant), their types, possible values, defaults, validation rules, and interactions. Examples are minimal to complex.</p> <h1> 1️⃣ <strong>POD YAML FULL GUIDE</strong> </h1> <p>Pods represent running processes in the cluster. They are rarely created directly (use controllers like Deployments). Pods have phases: Pending, Running, Succeeded, Failed, Unknown.</p> <h3> Minimal Pod: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mypod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <h3> POD KEY FIELDS EXPLAINED (EXHAUSTIVE) </h3> <p>The <code>spec</code> for Pod includes:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>containers</td> <td>array[Container]</td> <td>Yes</td> <td>Min 1, max ~250 per Pod (cluster limit)</td> <td>List of main containers. Each: name (string, unique, DNS-1123), image (string, e.g., "nginx:1.21"), imagePullPolicy (enum: IfNotPresent/Always/Never, default: IfNotPresent), command (array[string]), args (array[string]), workingDir (string), ports (array[ContainerPort]: name(string), containerPort(int 1-65535), protocol(enum TCP/UDP/SCTP)), env (array[EnvVar]: name(string), value(string), valueFrom{configMapKeyRef/secretKeyRef/fieldRef/resourceFieldRef}), envFrom (array[EnvFromSource]: configMapRef/secretRef/prefix(string)), resources {requests/limits: map{cpu(string e.g. "100m"), memory(string e.g. "128Mi"), ephemeral-storage(string), storage(string)}}, resizePolicy (array[ContainerResizePolicy]: resourceName(enum: Screen/Unknown), restartPolicy(enum Always/Never)), securityContext (ContainerSecurityContext: allowPrivilegeEscalation(bool), capabilities{add/drop array[string]}, privileged(bool), runAsUser(int), runAsGroup(int), runAsNonRoot(bool), seccompProfile{type(enum Localhost/RuntimeDefault/Unconfined), localhostProfile(string)}, apparmorProfile{type(string)}, selinuxOptions{user/role/type/level string}, windowsOptions{hostProcess(bool), gmsaCredentialSpec(string), gmsaCredentialSpecLogPath(string), runAsUserName(string)}, readOnlyRootFilesystem(bool), procMount(enum DefaultProcMount/ProcIsntMount)}, volumeMounts (array[VolumeMount]: name(string), mountPath(string), readOnly(bool), mountPropagation(enum HostToContainer/Bidrectional/None), subPath(string), subPathExpr(string), mountPropagation(bool? Wait, enum), filesystemType(string? Experimental)}, livenessProbe (Probe: exec{command array}, httpGet{path/port/host/scheme(string)}, tcpSocket{port}, grpc{port/service}, initialDelaySeconds(int), periodSeconds(int 1-300 default 10), timeoutSeconds(int 1-300 default 1), successThreshold(int 1-), failureThreshold(int 1-), terminationGracePeriodSeconds(int)}, readinessProbe (same as liveness), startupProbe (same, for slow starts), lifecycle {postStart/preStop: Handler{exec/httpGet/tcpSocket/grpc}}, stdin(bool), stdinOnce(bool), tty(bool), terminationMessagePath(string), terminationMessagePolicy(enum File/FallbackToLogsOnError), shareProcessNamespace(bool).</td> </tr> <tr> <td>initContainers</td> <td>array[Container]</td> <td>No</td> <td>Same as containers</td> <td>Run sequentially before main containers. Share volumes/network but fail Pod if any fails. Use for setup (e.g., DB init).</td> </tr> <tr> <td>ephemeralContainers</td> <td>array[EphemeralContainer]</td> <td>No</td> <td>Similar to Container but name optional, targetContainerPath(string) for debug</td> <td>Dynamic debugging containers (kubectl debug). Experimental in some versions.</td> </tr> <tr> <td>volumes</td> <td>array[Volume]</td> <td>No</td> <td>Various sources: emptyDir{medium(enum Memory), sizeLimit(string)}, hostPath{path(string), type(enum Directory/DirectoryOrCreate/BlockDevice/CharDevice/Socket/File/DirectoryOrCreate? Wait enum: Directory/DirectoryOrCreate/BlockDevice/CharDevice/Socket/File), storageClassName? No for hostPath}, persistentVolumeClaim{claimName(string), readOnly(bool)}, secret{secretName(string), items array{key/path/mode(int)}}, configMap{same}, projected{sources array: downwardAPI{fields array{fieldRef/metadata}}, secret/configMap/serviceAccountToken{...}, defaultMode(int)}, awsElasticBlockStore/nfs/iscsi/glusterfs/rbd/csi/flexVolume/photonPersistentDisk/azureDisk/vsphereVolume/quobyte/downwardAPI/emptyDir/hostPath/local/persistentVolumeClaim... (full list in API)</td> <td>Pod-wide storage. Names unique. Some volumes Pod-lifecycle bound (emptyDir), others persistent. CSI for custom drivers.</td> </tr> <tr> <td>restartPolicy</td> <td>enum</td> <td>No</td> <td>Always (default), OnFailure, Never</td> <td>Controls container restarts on exit. Always for long-running, Never for Jobs.</td> </tr> <tr> <td>terminationGracePeriodSeconds</td> <td>int</td> <td>No</td> <td>30 (default), 0-3600?</td> <td>Seconds to wait for shutdown before SIGKILL. Per-container override possible.</td> </tr> <tr> <td>activeDeadlineSeconds</td> <td>int</td> <td>No</td> <td>Positive int</td> <td>Max Pod runtime; kills after. For runaway tasks.</td> </tr> <tr> <td>dnsPolicy</td> <td>enum</td> <td>No</td> <td>ClusterFirst (default), Default, None</td> <td>DNS resolution: ClusterFirst uses cluster DNS, None requires spec.dnsConfig.</td> </tr> <tr> <td>dnsConfig</td> <td>PodDNSConfig</td> <td>No (if dnsPolicy=None)</td> <td>{nameservers array[string IPs], searches array[string domains], options array{DNSOption: name/value string}}</td> <td>Custom DNS when policy=None.</td> </tr> <tr> <td>serviceAccountName</td> <td>string</td> <td>No</td> <td>Valid ServiceAccount or "default"</td> <td>Pod's identity for API access.</td> </tr> <tr> <td>serviceAccount</td> <td>string</td> <td>No (deprecated)</td> <td>Same</td> <td>Alias for serviceAccountName.</td> </tr> <tr> <td>automountServiceAccountToken</td> <td>bool</td> <td>No</td> <td>true (default)</td> <td>Mounts token volume if true.</td> </tr> <tr> <td>nodeSelector</td> <td>map[string]string</td> <td>No</td> <td>Node labels (e.g., {"disktype": "ssd"})</td> <td>Restricts scheduling to matching nodes.</td> </tr> <tr> <td>nodeName</td> <td>string</td> <td>No</td> <td>Exact node name</td> <td>Binds to specific node (overrides scheduler).</td> </tr> <tr> <td>hostNetwork</td> <td>bool</td> <td>No</td> <td>false</td> <td>Uses host's network namespace.</td> </tr> <tr> <td>hostPID</td> <td>bool</td> <td>No</td> <td>false</td> <td>Shares host PID namespace.</td> </tr> <tr> <td>hostIPC</td> <td>bool</td> <td>No</td> <td>false</td> <td>Shares host IPC namespace.</td> </tr> <tr> <td>shareProcessNamespace</td> <td>bool</td> <td>No</td> <td>false</td> <td>All containers share PID namespace.</td> </tr> <tr> <td>securityContext</td> <td>PodSecurityContext</td> <td>No</td> <td>{runAsUser/int, runAsGroup, runAsNonRoot/bool, supplementalGroups array[int], fsGroup/int (GID for volumes), fsGroupChangePolicy enum Always/OnRootMismatch, sysctls array{Sysctl: name/value string}, seLinuxOptions{user/role/type/level string}, windowsOptions{...}, fsGroup (int)}</td> <td>Pod-level security (overrides container). fsGroup sets ownership on volumes. Sysctls unsafe, namespaced only.</td> </tr> <tr> <td>imagePullSecrets</td> <td>array[LocalObjectReference]</td> <td>No</td> <td>{name: string (Secret name)}</td> <td>Secrets for private registries.</td> </tr> <tr> <td>hostname</td> <td>string</td> <td>No</td> <td>DNS-1123 label</td> <td>Pod's hostname (requires hostNetwork=false).</td> </tr> <tr> <td>subdomain</td> <td>string</td> <td>No</td> <td>DNS-1123 subdomain</td> <td>Pod's subdomain for full DNS (e.g., pod.subdomain.ns.svc.cluster.local).</td> </tr> <tr> <td>affinity</td> <td>Affinity</td> <td>No</td> <td>{nodeAffinity: NodeAffinity (requiredDuringSchedulingIgnoredDuringExecution/requiredDuringSchedulingIgnoredDuringExecution/preferred... with NodeSelectorTerms array{NodeSelectorRequirement: matchExpressions array{key op(values) string, values array string}, matchFields same}, podAffinity/AntiAffinity: PodAffinityTerm{labelSelector, topologyKey string, namespaces array, topologyKey string}}, preferredDuringSchedulingIgnoredDuringExecution array{weight int 1-100, preference Term}}</td> <td>Scheduling preferences/requirements based on nodes/Pods. TopologyKey e.g. "kubernetes.io/hostname".</td> </tr> <tr> <td>tolerations</td> <td>array[Toleration]</td> <td>No</td> <td>{key string, operator enum Exists/Equal, value string, effect enum NoExecute/NoSchedule, tolerationSeconds int}</td> <td>Allows scheduling on tainted nodes. Effect matches TaintEffect.</td> </tr> <tr> <td>schedulerName</td> <td>string</td> <td>No</td> <td>"default-scheduler"</td> <td>Custom scheduler.</td> </tr> <tr> <td>priorityClassName</td> <td>string</td> <td>No</td> <td>Valid PriorityClass</td> <td>QoS class for preemption.</td> </tr> <tr> <td>priority</td> <td>int</td> <td>No</td> <td>-1 to INT_MAX?</td> <td>Direct priority (if no class).</td> </tr> <tr> <td>preemptionPolicy</td> <td>enum</td> <td>No</td> <td>PreemptLowerPriority (default)</td> <td>Allows/denies preemption.</td> </tr> <tr> <td>readinessGates</td> <td>array[PodReadinessGate]</td> <td>No</td> <td>{conditionType string}</td> <td>Custom readiness conditions.</td> </tr> <tr> <td>runtimeClassName</td> <td>string</td> <td>No</td> <td>Valid RuntimeClass</td> <td>Container runtime selector (e.g., for gVisor).</td> </tr> <tr> <td>enableServiceLinks</td> <td>bool</td> <td>No</td> <td>true</td> <td>Injects legacy env vars for Services. Deprecated.</td> </tr> <tr> <td>topologySpreadConstraints</td> <td>array[TopologySpreadConstraint]</td> <td>No</td> <td>{maxSkew int, topologyKey string, whenUnsatisfiable enum DoNotSchedule/ScheduleAnyway, labelSelector LabelSelector}</td> <td>Spreads Pods across topologies (e.g., zones).</td> </tr> </tbody> </table></div> <h3> FULL POD YAML (COMPLEX) </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">demo-pod</span> <span class="na">namespace</span><span class="pi">:</span> <span class="s">default</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">demo</span> <span class="na">version</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">description</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Complex</span><span class="nv"> </span><span class="s">demo</span><span class="nv"> </span><span class="s">Pod</span><span class="nv"> </span><span class="s">with</span><span class="nv"> </span><span class="s">all</span><span class="nv"> </span><span class="s">fields"</span> <span class="na">scheduler.alpha.kubernetes.io/critical-path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">true"</span> <span class="c1"># Example annotation</span> <span class="na">ownerReferences</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ReplicaSet</span> <span class="na">name</span><span class="pi">:</span> <span class="s">demo-rs</span> <span class="na">uid</span><span class="pi">:</span> <span class="s">a1b2c3d4-...</span> <span class="na">controller</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">blockOwnerDeletion</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Always</span> <span class="na">terminationGracePeriodSeconds</span><span class="pi">:</span> <span class="m">60</span> <span class="na">activeDeadlineSeconds</span><span class="pi">:</span> <span class="m">3600</span> <span class="na">dnsPolicy</span><span class="pi">:</span> <span class="s">ClusterFirst</span> <span class="na">dnsConfig</span><span class="pi">:</span> <span class="na">nameservers</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">8.8.8.8</span> <span class="na">searches</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">mydomain.com</span> <span class="na">options</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ndots</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">2"</span> <span class="na">serviceAccountName</span><span class="pi">:</span> <span class="s">demo-sa</span> <span class="na">automountServiceAccountToken</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">nodeSelector</span><span class="pi">:</span> <span class="na">disktype</span><span class="pi">:</span> <span class="s">ssd</span> <span class="na">nodeName</span><span class="pi">:</span> <span class="s">node-1</span> <span class="na">hostNetwork</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">hostPID</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">hostIPC</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">shareProcessNamespace</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="na">runAsUser</span><span class="pi">:</span> <span class="m">1000</span> <span class="na">runAsGroup</span><span class="pi">:</span> <span class="m">3000</span> <span class="na">runAsNonRoot</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">supplementalGroups</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">2000</span><span class="pi">]</span> <span class="na">fsGroup</span><span class="pi">:</span> <span class="m">2000</span> <span class="na">fsGroupChangePolicy</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Always"</span> <span class="na">sysctls</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">kernel.shm_rmid_forced</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">0"</span> <span class="na">seLinuxOptions</span><span class="pi">:</span> <span class="na">level</span><span class="pi">:</span> <span class="s2">"</span><span class="s">s0:c1,c2"</span> <span class="na">imagePullSecrets</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">private-reg-secret</span> <span class="na">hostname</span><span class="pi">:</span> <span class="s">demo-host</span> <span class="na">subdomain</span><span class="pi">:</span> <span class="s">demo-sub</span> <span class="na">affinity</span><span class="pi">:</span> <span class="na">nodeAffinity</span><span class="pi">:</span> <span class="na">requiredDuringSchedulingIgnoredDuringExecution</span><span class="pi">:</span> <span class="na">nodeSelectorTerms</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">matchExpressions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">kubernetes.io/os</span> <span class="na">operator</span><span class="pi">:</span> <span class="s">In</span> <span class="na">values</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">linux</span> <span class="na">preferredDuringSchedulingIgnoredDuringExecution</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">weight</span><span class="pi">:</span> <span class="m">100</span> <span class="na">preference</span><span class="pi">:</span> <span class="na">matchExpressions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">example.com/zone</span> <span class="na">operator</span><span class="pi">:</span> <span class="s">In</span> <span class="na">values</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">antarctica</span> <span class="na">podAffinity</span><span class="pi">:</span> <span class="na">preferredDuringSchedulingIgnoredDuringExecution</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">weight</span><span class="pi">:</span> <span class="m">100</span> <span class="na">podAffinityTerm</span><span class="pi">:</span> <span class="na">labelSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">security</span><span class="pi">:</span> <span class="s">s1</span> <span class="na">topologyKey</span><span class="pi">:</span> <span class="s">topology.kubernetes.io/zone</span> <span class="na">podAntiAffinity</span><span class="pi">:</span> <span class="na">requiredDuringSchedulingIgnoredDuringExecution</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">labelSelector</span><span class="pi">:</span> <span class="na">matchExpressions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">security</span> <span class="na">operator</span><span class="pi">:</span> <span class="s">In</span> <span class="na">values</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">s2</span> <span class="na">topologyKey</span><span class="pi">:</span> <span class="s">topology.kubernetes.io/zone</span> <span class="na">tolerations</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">example-key"</span> <span class="na">operator</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Exists"</span> <span class="na">effect</span><span class="pi">:</span> <span class="s2">"</span><span class="s">NoSchedule"</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s2">"</span><span class="s">example-key2"</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">example-value2"</span> <span class="na">operator</span><span class="pi">:</span> <span class="s2">"</span><span class="s">Equal"</span> <span class="na">effect</span><span class="pi">:</span> <span class="s2">"</span><span class="s">NoExecute"</span> <span class="na">tolerationSeconds</span><span class="pi">:</span> <span class="m">300</span> <span class="na">schedulerName</span><span class="pi">:</span> <span class="s">my-scheduler</span> <span class="na">priorityClassName</span><span class="pi">:</span> <span class="s">high-priority</span> <span class="na">priority</span><span class="pi">:</span> <span class="m">1000000</span> <span class="na">preemptionPolicy</span><span class="pi">:</span> <span class="s">PreemptLowerPriority</span> <span class="na">readinessGates</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">conditionType</span><span class="pi">:</span> <span class="s2">"</span><span class="s">example.com/custom-ready"</span> <span class="na">runtimeClassName</span><span class="pi">:</span> <span class="s">my-runtime</span> <span class="na">enableServiceLinks</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">topologySpreadConstraints</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">maxSkew</span><span class="pi">:</span> <span class="m">1</span> <span class="na">topologyKey</span><span class="pi">:</span> <span class="s">topology.kubernetes.io/zone</span> <span class="na">whenUnsatisfiable</span><span class="pi">:</span> <span class="s">DoNotSchedule</span> <span class="na">labelSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">demo</span> <span class="na">initContainers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">init-myservice</span> <span class="na">image</span><span class="pi">:</span> <span class="s">busybox:1.35</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s1">'</span><span class="s">sh'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">-c'</span><span class="pi">,</span> <span class="s1">'</span><span class="s">until</span><span class="nv"> </span><span class="s">nslookup</span><span class="nv"> </span><span class="s">myservice;</span><span class="nv"> </span><span class="s">do</span><span class="nv"> </span><span class="s">echo</span><span class="nv"> </span><span class="s">waiting</span><span class="nv"> </span><span class="s">for</span><span class="nv"> </span><span class="s">myservice;</span><span class="nv"> </span><span class="s">sleep</span><span class="nv"> </span><span class="s">2;</span><span class="nv"> </span><span class="s">done;'</span><span class="pi">]</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">workdir</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/work-dir</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">MY_NODE_NAME</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">fieldRef</span><span class="pi">:</span> <span class="na">fieldPath</span><span class="pi">:</span> <span class="s">spec.nodeName</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">64Mi"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">128Mi"</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">main</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.21</span> <span class="na">imagePullPolicy</span><span class="pi">:</span> <span class="s">Always</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">]</span> <span class="na">args</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">while</span><span class="nv"> </span><span class="s">true;</span><span class="nv"> </span><span class="s">do</span><span class="nv"> </span><span class="s">echo</span><span class="nv"> </span><span class="s">hello;</span><span class="nv"> </span><span class="s">sleep</span><span class="nv"> </span><span class="s">30;</span><span class="nv"> </span><span class="s">done"</span><span class="pi">]</span> <span class="na">workingDir</span><span class="pi">:</span> <span class="s">/app</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">env</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">ENVIRONMENT</span> <span class="na">value</span><span class="pi">:</span> <span class="s2">"</span><span class="s">production"</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">DB_PASSWORD</span> <span class="na">valueFrom</span><span class="pi">:</span> <span class="na">secretKeyRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">db-secret</span> <span class="na">key</span><span class="pi">:</span> <span class="s">password</span> <span class="na">envFrom</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">configMapRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-config</span> <span class="pi">-</span> <span class="na">secretRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">env-secret</span> <span class="pi">-</span> <span class="na">prefix</span><span class="pi">:</span> <span class="s">MY_</span> <span class="na">configMapRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">special-config</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">250m"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">64Mi"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">500m"</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">128Mi"</span> <span class="na">resizePolicy</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">resourceName</span><span class="pi">:</span> <span class="s">Screen</span> <span class="na">restartPolicy</span><span class="pi">:</span> <span class="s">Always</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="na">allowPrivilegeEscalation</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">capabilities</span><span class="pi">:</span> <span class="na">add</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">NET_BIND_SERVICE"</span><span class="pi">]</span> <span class="na">drop</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">ALL"</span><span class="pi">]</span> <span class="na">privileged</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">runAsUser</span><span class="pi">:</span> <span class="m">1001</span> <span class="na">runAsNonRoot</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">readOnlyRootFilesystem</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">seccompProfile</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">RuntimeDefault</span> <span class="na">apparmorProfile</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">example.com/profile"</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/usr/share/nginx/html</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">mountPropagation</span><span class="pi">:</span> <span class="s">HostToContainer</span> <span class="na">subPath</span><span class="pi">:</span> <span class="s">html</span> <span class="na">subPathExpr</span><span class="pi">:</span> <span class="s2">"</span><span class="s">$(POD_NAME)"</span> <span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/healthz</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">host</span><span class="pi">:</span> <span class="s">localhost</span> <span class="na">scheme</span><span class="pi">:</span> <span class="s">HTTP</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">30</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">successThreshold</span><span class="pi">:</span> <span class="m">1</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">3</span> <span class="na">terminationGracePeriodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">readinessProbe</span><span class="pi">:</span> <span class="na">tcpSocket</span><span class="pi">:</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">startupProbe</span><span class="pi">:</span> <span class="na">exec</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">cat</span> <span class="pi">-</span> <span class="s">/tmp/healthy</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">30</span> <span class="na">lifecycle</span><span class="pi">:</span> <span class="na">postStart</span><span class="pi">:</span> <span class="na">exec</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">/bin/sh"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">-c"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">echo</span><span class="nv"> </span><span class="s">Hello</span><span class="nv"> </span><span class="s">&gt;</span><span class="nv"> </span><span class="s">/usr/share/message"</span><span class="pi">]</span> <span class="na">preStop</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/prestop</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">stdin</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">stdinOnce</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">tty</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">terminationMessagePath</span><span class="pi">:</span> <span class="s">/dev/termination-log</span> <span class="na">terminationMessagePolicy</span><span class="pi">:</span> <span class="s">FallbackToLogsOnError</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">data</span> <span class="na">emptyDir</span><span class="pi">:</span> <span class="na">medium</span><span class="pi">:</span> <span class="s">Memory</span> <span class="na">sizeLimit</span><span class="pi">:</span> <span class="s">500Mi</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">secret-volume</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">db-secret</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">username</span> <span class="na">path</span><span class="pi">:</span> <span class="s">my-group/my-user</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0644</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">config-volume</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-config</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">special.key</span> <span class="na">path</span><span class="pi">:</span> <span class="s">./local/path</span> <span class="na">mode</span><span class="pi">:</span> <span class="m">0755</span> <span class="na">defaultMode</span><span class="pi">:</span> <span class="m">0640</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">projected-volume</span> <span class="na">projected</span><span class="pi">:</span> <span class="na">sources</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">secret</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">conditional-secret</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">friendly-data</span> <span class="na">path</span><span class="pi">:</span> <span class="s">friendly-data.txt</span> <span class="pi">-</span> <span class="na">downwardAPI</span><span class="pi">:</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">labels"</span> <span class="na">fieldRef</span><span class="pi">:</span> <span class="na">fieldPath</span><span class="pi">:</span> <span class="s">metadata.labels</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s2">"</span><span class="s">cpu_limit"</span> <span class="na">resourceFieldRef</span><span class="pi">:</span> <span class="na">containerName</span><span class="pi">:</span> <span class="s">test-container</span> <span class="na">resource</span><span class="pi">:</span> <span class="s">limits.cpu</span> <span class="pi">-</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">kube-root-ca.crt</span> <span class="na">items</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">root-ca.crt</span> <span class="na">path</span><span class="pi">:</span> <span class="s">ca-bundle.crt</span> <span class="na">defaultMode</span><span class="pi">:</span> <span class="m">0644</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">pv-volume</span> <span class="na">persistentVolumeClaim</span><span class="pi">:</span> <span class="na">claimName</span><span class="pi">:</span> <span class="s">my-pvc</span> <span class="na">readOnly</span><span class="pi">:</span> <span class="kc">false</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">host-volume</span> <span class="na">hostPath</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/var/log</span> <span class="na">type</span><span class="pi">:</span> <span class="s">DirectoryOrCreate</span> </code></pre> </div> <p><strong>Additional Notes</strong>: Pods are ephemeral; use controllers for management. SecurityContext fields interact (e.g., runAsNonRoot implies runAsUser !=0). Volumes can be projected for multi-source mounts. Probes support exec, HTTP, TCP, gRPC handlers.</p> <h1> 2️⃣ <strong>DEPLOYMENT YAML FULL GUIDE</strong> </h1> <p>Deployments manage <strong>replicas, rolling updates, rollback</strong>, etc., by creating and updating ReplicaSets. They are for stateless apps.</p> <h3> Basic Deployment: </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-deploy</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">3</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:latest</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">containerPort</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <h3> DEPLOYMENT KEY FIELDS (EXHAUSTIVE) </h3> <p><code>spec</code> fields:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>replicas</td> <td>int</td> <td>No</td> <td>1- (default 1), 0 allowed for scale-to-zero</td> <td>Desired Pod count. Negative invalid.</td> </tr> <tr> <td>selector</td> <td>LabelSelector</td> <td>Yes</td> <td>{matchLabels map[string]string, matchExpressions array{key string, operator enum In/NotIn/Exists/DoesNotExist, values array string}}</td> <td>Must match template.labels exactly for creation; immutable.</td> </tr> <tr> <td>template</td> <td>PodTemplateSpec</td> <td>Yes</td> <td>Full Pod spec (metadata + spec)</td> <td>Blueprint for Pods. Labels must match selector.</td> </tr> <tr> <td>strategy</td> <td>DeploymentStrategy</td> <td>No</td> <td>{type enum RollingUpdate/Recreate (default RollingUpdate), rollingUpdate {maxUnavailable int/str (default 25%), maxSurge int/str (default 25%)}, recreate? No extra}</td> <td>Update method. RollingUpdate: concurrent Pod changes. maxUnavailable: Pods unavailable during update.</td> </tr> <tr> <td>revisionHistoryLimit</td> <td>int</td> <td>No</td> <td>10 (default)</td> <td>Retained old ReplicaSets for rollbacks. 0 disables.</td> </tr> <tr> <td>minReadySeconds</td> <td>int</td> <td>No</td> <td>0 (default)</td> <td>Seconds Pod must be ready before counting as available.</td> </tr> <tr> <td>progressDeadlineSeconds</td> <td>int</td> <td>No</td> <td>600 (default)</td> <td>Timeout for rollout; marks failed if exceeded.</td> </tr> <tr> <td>paused</td> <td>bool</td> <td>No</td> <td>false</td> <td>Pauses updates until unpaused.</td> </tr> </tbody> </table></div> <p><strong>Full Complex Example</strong> (abridged for length; includes all):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">complex-deploy</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">complex</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">replicas</span><span class="pi">:</span> <span class="m">5</span> <span class="na">minReadySeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">revisionHistoryLimit</span><span class="pi">:</span> <span class="m">5</span> <span class="na">progressDeadlineSeconds</span><span class="pi">:</span> <span class="m">300</span> <span class="na">paused</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">complex</span> <span class="na">matchExpressions</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">key</span><span class="pi">:</span> <span class="s">tier</span> <span class="na">operator</span><span class="pi">:</span> <span class="s">In</span> <span class="na">values</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">frontend</span><span class="pi">]</span> <span class="na">template</span><span class="pi">:</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">labels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">complex</span> <span class="na">tier</span><span class="pi">:</span> <span class="s">frontend</span> <span class="na">spec</span><span class="pi">:</span> <span class="c1"># Full Pod spec as above</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myapp:v1</span> <span class="c1"># ... all container fields</span> <span class="na">strategy</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">RollingUpdate</span> <span class="na">rollingUpdate</span><span class="pi">:</span> <span class="na">maxUnavailable</span><span class="pi">:</span> <span class="s">20%</span> <span class="na">maxSurge</span><span class="pi">:</span> <span class="m">1</span> </code></pre> </div> <p><strong>Notes</strong>: Rollback with <code>kubectl rollout undo</code>. Strategy Recreate kills all before new. Selector immutability prevents label changes without delete/recreate.</p> <h1> 3️⃣ <strong>SERVICE YAML FULL GUIDE</strong> </h1> <p>Services expose Pods to network via stable IP/endpoint. Types determine accessibility.</p> <h3> SERVICE TYPES (EXHAUSTIVE): </h3> <ul> <li> <strong>ClusterIP</strong> (default, internal only): Virtual IP in cluster.</li> <li> <strong>NodePort</strong>: Exposes on node ports (30000-32767 default range).</li> <li> <strong>LoadBalancer</strong>: Provisions external LB (cloud-specific; MetalLB for bare-metal).</li> <li> <strong>ExternalName</strong>: Maps to external DNS (CNAME, no selectors/ports).</li> <li> <strong>Headless</strong> (ClusterIP=None): Returns Pod IPs directly (for stateful discovery).</li> </ul> <h3> <strong>ClusterIP</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">myservice</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">80</span> </code></pre> </div> <h3> <strong>NodePort</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">NodePort</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">nodePort</span><span class="pi">:</span> <span class="m">30080</span> <span class="c1"># Optional, auto 30000-32767</span> </code></pre> </div> <h3> <strong>LoadBalancer</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">LoadBalancer</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">80</span> <span class="na">loadBalancerIP</span><span class="pi">:</span> <span class="s">1.2.3.4</span> <span class="c1"># Optional external IP</span> </code></pre> </div> <h3> <strong>ExternalName</strong> </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">ExternalName</span> <span class="na">externalName</span><span class="pi">:</span> <span class="s">my.database.example.com</span> <span class="c1"># No ports/selector</span> </code></pre> </div> <h3> SERVICE KEY FIELDS (EXHAUSTIVE) </h3> <p><code>spec</code> fields:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>type</td> <td>enum</td> <td>No</td> <td>ClusterIP (default), NodePort, LoadBalancer, ExternalName</td> <td>Exposure method. ExternalName ignores ports.</td> </tr> <tr> <td>selector</td> <td>map[string]string</td> <td>No (for ExternalName)</td> <td>Pod labels to endpoint</td> <td>Dynamic endpoints. Changes tracked. Headless: none.</td> </tr> <tr> <td>ports</td> <td>array[ServicePort]</td> <td>No</td> <td>Each: name(string optional), port(int 1-65535), targetPort(int/str/name), protocol(enum TCP/UDP/SCTP default TCP), appProtocol(string)</td> <td>Service port to Pod port mapping. Multiple allowed. targetPort can reference containerPort name.</td> </tr> <tr> <td>clusterIP</td> <td>string</td> <td>No (auto)</td> <td>"None" for headless, auto IPv4/IPv6, or static</td> <td>Manual IP (admin only). Immutable except to None.</td> </tr> <tr> <td>clusterIPs</td> <td>array[string]</td> <td>No (auto)</td> <td>IPv4/IPv6 IPs</td> <td>For dual-stack.</td> </tr> <tr> <td>externalName</td> <td>string</td> <td>No (for ExternalName)</td> <td>Valid DNS name</td> <td>CNAME target.</td> </tr> <tr> <td>externalTrafficPolicy</td> <td>enum</td> <td>No</td> <td>Cluster (default), Local</td> <td>Local: preserves source IP, may route suboptimally.</td> </tr> <tr> <td>healthCheckNodePort</td> <td>int</td> <td>No (auto for LoadBalancer)</td> <td>1-65535</td> <td>Dedicated port for LB health checks.</td> </tr> <tr> <td>loadBalancerIP</td> <td>string</td> <td>No</td> <td>Valid IP</td> <td>Requested external IP.</td> </tr> <tr> <td>loadBalancerSourceRanges</td> <td>array[string]</td> <td>No</td> <td>CIDRs (e.g., "10.0.0.0/8")</td> <td>Allowed source IPs for LB.</td> </tr> <tr> <td>externalIPs</td> <td>array[string]</td> <td>No</td> <td>Node-external IPs</td> <td>Binds Service to specific IPs.</td> </tr> <tr> <td>ipFamily</td> <td>enum</td> <td>No</td> <td>IPv4 (default), IPv6, PreferDualStack</td> <td>IP family preference.</td> </tr> <tr> <td>ipFamilies</td> <td>array[enum]</td> <td>No (auto)</td> <td>IPv4/IPv6</td> <td>For dual-stack.</td> </tr> <tr> <td>sessionAffinity</td> <td>enum</td> <td>No</td> <td>None (default), ClientIP</td> <td>Sticky sessions by client IP.</td> </tr> <tr> <td>sessionAffinityConfig</td> <td>SessionAffinityConfig</td> <td>No (if affinity=ClientIP)</td> <td>{clientIP: {timeoutSeconds int 1-86400 default 10800}}</td> <td>Session timeout.</td> </tr> <tr> <td>publishNotReadyAddresses</td> <td>bool</td> <td>No</td> <td>false</td> <td>Includes not-ready Pods in endpoints.</td> </tr> <tr> <td>topologyKeys</td> <td>array[string]</td> <td>No</td> <td>Topology keys (e.g., "topology.kubernetes.io/zone")</td> <td>Client IP preference for topology-aware routing.</td> </tr> </tbody> </table></div> <p><strong>Full Complex Example</strong> (abridged):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Service</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">complex-svc</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">service.beta.kubernetes.io/aws-load-balancer-type</span><span class="pi">:</span> <span class="s2">"</span><span class="s">nlb"</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">type</span><span class="pi">:</span> <span class="s">LoadBalancer</span> <span class="na">selector</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">complex</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">http</span> <span class="na">port</span><span class="pi">:</span> <span class="m">80</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="s">http</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">appProtocol</span><span class="pi">:</span> <span class="s">http</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">metrics</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">targetPort</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">UDP</span> <span class="na">clusterIP</span><span class="pi">:</span> <span class="s">None</span> <span class="c1"># Headless</span> <span class="na">externalTrafficPolicy</span><span class="pi">:</span> <span class="s">Local</span> <span class="na">healthCheckNodePort</span><span class="pi">:</span> <span class="m">32000</span> <span class="na">loadBalancerIP</span><span class="pi">:</span> <span class="s">203.0.113.1</span> <span class="na">loadBalancerSourceRanges</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">10.0.0.0/8"</span><span class="pi">]</span> <span class="na">externalIPs</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">203.0.113.10"</span><span class="pi">]</span> <span class="na">ipFamily</span><span class="pi">:</span> <span class="s">PreferDualStack</span> <span class="na">ipFamilies</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">IPv4</span><span class="pi">,</span> <span class="nv">IPv6</span><span class="pi">]</span> <span class="na">sessionAffinity</span><span class="pi">:</span> <span class="s">ClientIP</span> <span class="na">sessionAffinityConfig</span><span class="pi">:</span> <span class="na">clientIP</span><span class="pi">:</span> <span class="na">timeoutSeconds</span><span class="pi">:</span> <span class="m">7200</span> <span class="na">publishNotReadyAddresses</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">topologyKeys</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">topology.kubernetes.io/zone"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">*"</span> </code></pre> </div> <p><strong>Notes</strong>: Services watch selector for endpoint updates. Use <code>kubectl expose</code> for quick creation. For multi-port, specify name for clarity.</p> <h1> 4️⃣ <strong>CONFIGMAP FULL GUIDE</strong> </h1> <p>Used to store non-secret configuration as key-value pairs. Can be consumed as env vars, files, or volumes. Data is plain text.</p> <p><strong>Full Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">ConfigMap</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-config</span> <span class="na">data</span><span class="pi">:</span> <span class="na">DB_HOST</span><span class="pi">:</span> <span class="s">mysql</span> <span class="na">DB_PORT</span><span class="pi">:</span> <span class="s2">"</span><span class="s">3306"</span> <span class="na">config.json</span><span class="pi">:</span> <span class="s1">'</span><span class="s">{"key":"value"}'</span> <span class="c1"># Multi-line OK</span> <span class="na">binaryData</span><span class="pi">:</span> <span class="c1"># Optional, base64 for binary</span> <span class="na">key</span><span class="pi">:</span> <span class="s">dmFsdWU=</span> <span class="c1"># base64 "value"</span> <span class="na">immutable</span><span class="pi">:</span> <span class="kc">true</span> <span class="c1"># Optional, prevents updates</span> </code></pre> </div> <h3> KEY FIELDS (EXHAUSTIVE) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>data</td> <td>map[string]string</td> <td>No</td> <td>Keys: alphanumeric + '-', '_' (253 chars); Values: strings (&lt;1MB total)</td> <td>Plain text key-values. Preferred for text.</td> </tr> <tr> <td>binaryData</td> <td>map[string]string</td> <td>No</td> <td>Same keys; Values: base64-encoded bytes</td> <td>For non-text (e.g., images). Decoded on use.</td> </tr> <tr> <td>immutable</td> <td>bool</td> <td>No</td> <td>false (default)</td> <td>If true, cannot update/delete; faster caching. Metadata immutable too.</td> </tr> </tbody> </table></div> <p><strong>Notes</strong>: Create with <code>kubectl create configmap</code>. Consume in Pod: envFrom, volume (projeced/configMap). No validation on values.</p> <h1> 5️⃣ <strong>SECRET FULL GUIDE</strong> </h1> <p>Used to store passwords/keys (Base64 encoded). Types for specific uses; data not encrypted at rest (use etcd encryption).</p> <p><strong>Full Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Secret</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">db-secret</span> <span class="na">type</span><span class="pi">:</span> <span class="s">Opaque</span> <span class="c1"># Enum</span> <span class="na">data</span><span class="pi">:</span> <span class="na">username</span><span class="pi">:</span> <span class="s">YWRtaW4=</span> <span class="c1"># base64 "admin"</span> <span class="na">password</span><span class="pi">:</span> <span class="s">cGFzc3dvcmQ=</span> <span class="c1"># base64 "password"</span> <span class="na">stringData</span><span class="pi">:</span> <span class="c1"># Optional, plain text (auto base64'd)</span> <span class="na">username</span><span class="pi">:</span> <span class="s">admin</span> <span class="na">immutable</span><span class="pi">:</span> <span class="kc">true</span> </code></pre> </div> <h3> KEY FIELDS (EXHAUSTIVE) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>type</td> <td>enum</td> <td>No</td> <td>Opaque (default), kubernetes.io/service-account-token, kubernetes.io/dockerconfigjson, bootstrap.kubernetes.io/token, kubernetes.io/tls, kubernetes.io/ssh-auth, Opaque (generic)</td> <td>Hints usage (e.g., tls for certs). Affects validation.</td> </tr> <tr> <td>data</td> <td>map[string]string</td> <td>No</td> <td>Keys: alphanumeric + '-', '_' (253); Values: base64 (&lt;1MB total)</td> <td>Encoded sensitive data.</td> </tr> <tr> <td>stringData</td> <td>map[string]string</td> <td>No</td> <td>Same keys; Plain strings (converted to data on save)</td> <td>Convenience; not persisted.</td> </tr> <tr> <td>immutable</td> <td>bool</td> <td>No</td> <td>false</td> <td>Like ConfigMap; prevents updates.</td> </tr> </tbody> </table></div> <p><strong>Types Details</strong>:</p> <ul> <li> <strong>Opaque</strong>: Generic.</li> <li> <strong>kubernetes.io/service-account-token</strong>: Auto-created for SAs, with token/CA/namespace.</li> <li> <strong>kubernetes.io/dockerconfigjson</strong>: For .dockercfg ({auths: {registry: {username, password, ...}}}).</li> <li> <strong>kubernetes.io/tls</strong>: {tls.crt, tls.key}.</li> <li> <strong>bootstrap.kubernetes.io/token</strong>: For bootstrap (token-id, token-secret, etc.).</li> </ul> <p><strong>Notes</strong>: Base64 reversible; use external encryption. Consume like ConfigMap but for secrets. <code>kubectl create secret generic</code>.</p> <h1> 6️⃣ <strong>INGRESS YAML FULL GUIDE</strong> </h1> <p>Ingress exposes HTTP/HTTPS using hostname rules. Requires Ingress Controller (e.g., NGINX).</p> <p><strong>Full Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Ingress</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">web-ingress</span> <span class="na">annotations</span><span class="pi">:</span> <span class="na">nginx.ingress.kubernetes.io/rewrite-target</span><span class="pi">:</span> <span class="s">/</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">ingressClassName</span><span class="pi">:</span> <span class="s">nginx</span> <span class="c1"># Optional</span> <span class="na">defaultBackend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">fallback-svc</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">80</span> <span class="na">tls</span><span class="pi">:</span> <span class="c1"># Optional</span> <span class="pi">-</span> <span class="na">hosts</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">demo.local</span> <span class="na">secretName</span><span class="pi">:</span> <span class="s">tls-secret</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">host</span><span class="pi">:</span> <span class="s">demo.local</span> <span class="na">http</span><span class="pi">:</span> <span class="na">paths</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/</span> <span class="na">pathType</span><span class="pi">:</span> <span class="s">Prefix</span> <span class="c1"># Enum: Prefix/Exact/ImplementationSpecific</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">service</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-service</span> <span class="na">port</span><span class="pi">:</span> <span class="na">number</span><span class="pi">:</span> <span class="m">80</span> <span class="na">resource</span><span class="pi">:</span> <span class="c1"># Alternative to service</span> <span class="na">apiVersion</span><span class="pi">:</span> <span class="s">apps/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Deployment</span> <span class="na">name</span><span class="pi">:</span> <span class="s">nginx-deploy</span> </code></pre> </div> <h3> KEY FIELDS (EXHAUSTIVE) </h3> <p><code>spec</code> fields:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>ingressClassName</td> <td>string</td> <td>No</td> <td>Valid IngressClass</td> <td>Selects controller (e.g., "nginx").</td> </tr> <tr> <td>defaultBackend</td> <td>IngressBackend</td> <td>No</td> <td>{service {name/port}, resource {apiVersion/kind/name}}</td> <td>Catch-all for unmatched requests.</td> </tr> <tr> <td>tls</td> <td>array[TLS]</td> <td>No</td> <td>Each: {hosts array[string], secretName string}</td> <td>HTTPS; secret type kubernetes.io/tls. Multiple SNI.</td> </tr> <tr> <td>rules</td> <td>array[HTTPIngressRuleValue]</td> <td>No</td> <td>Each: {host string (optional), http {paths array[HTTPIngressPath]}}</td> <td>Host-based routing. Nil host = all hosts.</td> </tr> </tbody> </table></div> <p><strong>HTTPIngressPath</strong>:</p> <ul> <li>path: string</li> <li>pathType: enum Prefix (matches prefix), Exact (exact match), ImplementationSpecific (controller-defined)</li> <li>backend: IngressBackend (service {name, port {number/name}}, resource for weighted)</li> </ul> <p><strong>Notes</strong>: Annotations controller-specific (e.g., rate limits). Paths ordered; first match wins. Use <code>kubectl annotate</code> for extras.</p> <h1> 7️⃣ <strong>PERSISTENT VOLUMES (PV)</strong> </h1> <p>PV is cluster storage, provisioned statically or dynamically (via StorageClass).</p> <p><strong>Full Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolume</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-pv</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">capacity</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">1Gi</span> <span class="c1"># Other: cpu? No, storage only</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ReadWriteOnce</span> <span class="na">persistentVolumeReclaimPolicy</span><span class="pi">:</span> <span class="s">Retain</span> <span class="c1"># Enum</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">standard</span> <span class="na">mountOptions</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">ro"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">soft"</span><span class="pi">]</span> <span class="c1"># Array string</span> <span class="na">nodeAffinity</span><span class="pi">:</span> <span class="c1"># VolumeNodeAffinity</span> <span class="na">required</span><span class="pi">:</span> <span class="na">nodeSelectorTerms</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">matchFields</span><span class="pi">:</span> <span class="pi">[</span><span class="nv">...</span><span class="pi">]</span> <span class="c1"># Like nodeSelector</span> <span class="na">volumeMode</span><span class="pi">:</span> <span class="s">Filesystem</span> <span class="c1"># Enum Filesystem/Block</span> <span class="na">pvPhase</span><span class="pi">:</span> <span class="s">Available</span> <span class="c1"># Read-only, enum</span> <span class="c1"># Driver-specific:</span> <span class="na">hostPath</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/data/pv1</span> <span class="na">type</span><span class="pi">:</span> <span class="s">DirectoryOrCreate</span> <span class="c1"># Or awsElasticBlockStore, gcePersistentDisk, nfs, etc. (50+ drivers)</span> </code></pre> </div> <h3> KEY FIELDS (EXHAUSTIVE) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>capacity</td> <td>map[string]Quantity</td> <td>Yes</td> <td>{storage: string e.g. "1Gi"/"1000GiB"}</td> <td>Requested size; Quantity is decimal + unit (Ki/Mi/Gi/Ti, or bytes).</td> </tr> <tr> <td>accessModes</td> <td>array[enum]</td> <td>No</td> <td>ReadWriteOnce (RWO, single node RW), ReadOnlyMany (ROX, multi node RO), ReadWriteMany (RWX, multi RW), ReadWriteOncePod (RWOP, single Pod RW)</td> <td>Compatibility; multiple possible but intersected on bind.</td> </tr> <tr> <td>persistentVolumeReclaimPolicy</td> <td>enum</td> <td>No</td> <td>Retain (default for static), Recycle (unsafe, deprecated), Delete (for dynamic)</td> <td>Post-release: Retain (manual), Delete (cloud destroy).</td> </tr> <tr> <td>storageClassName</td> <td>string</td> <td>No</td> <td>"" (no class) or class name</td> <td>For dynamic provisioning/selectors.</td> </tr> <tr> <td>mountOptions</td> <td>array[string]</td> <td>No</td> <td>FS mount flags (e.g., "ro,vers=3")</td> <td>Per-volume mounts.</td> </tr> <tr> <td>volumeMode</td> <td>enum</td> <td>No</td> <td>Filesystem (default), Block</td> <td>Block: raw device, no FS.</td> </tr> <tr> <td>nodeAffinity</td> <td>VolumeNodeAffinity</td> <td>No</td> <td>{required: NodeSelector (terms)}</td> <td>Restricts binding to nodes.</td> </tr> <tr> <td># Driver fields (mutually exclusive)</td> <td></td> <td></td> <td></td> <td>One driver source required. Examples:</td> </tr> <tr> <td>hostPath</td> <td>HostPathVolumeSource</td> <td>No</td> <td>{path string, type enum Directory/DirectoryOrCreate/File/BlockDevice/CharDevice/Socket}</td> <td>Local node path; ephemeral.</td> </tr> <tr> <td>nfs</td> <td>NFSVolumeSource</td> <td>No</td> <td>{server string, path string, readOnly bool}</td> <td>Network FS.</td> </tr> <tr> <td>persistentVolumeClaim</td> <td>No, PV not from PVC.</td> <td></td> <td></td> <td></td> </tr> <tr> <td>csi</td> <td>CSIVolumeSource</td> <td>No</td> <td>{driver string, volumeAttributes map, nodePublishSecretRef, volumeHandle string, readOnly bool, fsType string, controllerPublishSecretRef, controllerExpandSecretRef, ... (full CSI spec)}</td> <td>Custom Storage Interface.</td> </tr> </tbody> </table></div> <p><strong>Notes</strong>: PVs are cluster-scoped. Phase: Available/Pending/Bound/Released/Failed. Use StorageClass for dynamic.</p> <h1> 8️⃣ <strong>PERSISTENT VOLUME CLAIM (PVC)</strong> </h1> <p>PVC requests storage; binds to PV.</p> <p><strong>Full Structure</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PersistentVolumeClaim</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-pvc</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">accessModes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ReadWriteOnce</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">storage</span><span class="pi">:</span> <span class="s">1Gi</span> <span class="na">storageClassName</span><span class="pi">:</span> <span class="s">standard</span> <span class="na">volumeMode</span><span class="pi">:</span> <span class="s">Filesystem</span> <span class="na">selector</span><span class="pi">:</span> <span class="c1"># Optional</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">disk</span><span class="pi">:</span> <span class="s">ssd</span> <span class="na">volumeName</span><span class="pi">:</span> <span class="s">my-pv</span> <span class="c1"># Bind to specific PV</span> <span class="na">dataSource</span><span class="pi">:</span> <span class="c1"># For snapshots/clones</span> <span class="na">name</span><span class="pi">:</span> <span class="s">snapshot-1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">VolumeSnapshot</span> <span class="na">apiGroup</span><span class="pi">:</span> <span class="s">snapshot.storage.k8s.io</span> </code></pre> </div> <h3> KEY FIELDS (EXHAUSTIVE) </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Field</th> <th>Type</th> <th>Required?</th> <th>Possible Values/Defaults</th> <th>Meaning &amp; Rules</th> </tr> </thead> <tbody> <tr> <td>accessModes</td> <td>array[enum]</td> <td>No</td> <td>RWO/ROX/RWX/RWOP</td> <td>Requested; must match PV.</td> </tr> <tr> <td>resources</td> <td>ResourceRequirements</td> <td>No</td> <td>{requests {storage Quantity}, limits {storage Quantity}}</td> <td>Min/max storage. limits optional.</td> </tr> <tr> <td>storageClassName</td> <td>string</td> <td>No</td> <td>"" or class</td> <td>Selects PV class.</td> </tr> <tr> <td>volumeMode</td> <td>enum</td> <td>No</td> <td>Filesystem/Block</td> <td>Requested mode.</td> </tr> <tr> <td>selector</td> <td>LabelSelector</td> <td>No</td> <td>Matches PV labels</td> <td>Filters PVs.</td> </tr> <tr> <td>volumeName</td> <td>string</td> <td>No</td> <td>PV name</td> <td>Binds to exact PV.</td> </tr> <tr> <td>dataSource</td> <td>TypedLocalObjectReference</td> <td>No</td> <td>{kind string, name string, apiGroup string}</td> <td>Clone from snapshot/volume (e.g., CSI).</td> </tr> </tbody> </table></div> <p><strong>Notes</strong>: Namespace-scoped. Status.phase: Pending/Bound. Delete PVC releases PV per reclaim policy.</p> <h1> 🔥 <strong>SECTION 4 — KEY YAML RULES</strong> </h1> <h3> ✔ Indentation matters </h3> <p>Use <strong>spaces, not tabs</strong> (2 or 4 spaces common; consistent). Misindentation causes parse errors (e.g., key under wrong level).</p> <h3> ✔ Lists start with <code>-</code> </h3> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>containers: - name: nginx # Array item image: nginx - name: sidecar </code></pre> </div> <p>Nested lists: <code>- -</code> for deeper.</p> <h3> ✔ Order of top-level keys <strong>MUST</strong> be: </h3> <p>The order is flexible in YAML (not enforced), but conventional and recommended for readability:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>apiVersion: # First kind: # Second metadata: # Third spec: # Fourth (status omitted) </code></pre> </div> <p>API server ignores order, but tools like <code>kubectl apply --prune</code> assume it.</p> <h3> ✔ Strings can be quoted or unquoted </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>value: "abc" # Quoted: preserves spaces, allows ':' value: abc # Unquoted: fine for simple value: 'single' # Single: literal value: \| multi\n line # Block literal </code></pre> </div> <p>Special: <code>~</code> for null, <code>true/false</code> bools, <code>123</code> int, <code>3.14</code> float auto-detected.</p> <h3> ✔ Multi-document YAML uses <code>---</code> </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>--- apiVersion: v1 kind: ConfigMap metadata: name: cm1 --- apiVersion: v1 kind: Secret metadata: name: sec1 </code></pre> </div> <p><code>kubectl apply -f dir/</code> processes all. End with optional <code>...</code>.</p> <p><strong>Additional Rules</strong>:</p> <ul> <li>Comments: <code># This is a comment</code> (line-based).</li> <li>Anchors/Aliases: <code>&amp;anchor</code> / <code>*anchor</code> for reuse (advanced).</li> <li>No duplicate keys (last wins, but invalid in K8s).</li> <li>Total file size &lt;1MB practical.</li> <li>Validate: <code>kubectl apply --dry-run=client -f file.yaml</code>.</li> </ul> <h1> 📚 <strong>SECTION 5 — SYMBOL MEANINGS IN YAML</strong> </h1> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Symbol</th> <th>Meaning</th> <th>Example</th> <th>Notes</th> </tr> </thead> <tbody> <tr> <td><code>:</code></td> <td>key-value pair</td> <td>key: value</td> <td>Colon + space separates.</td> </tr> <tr> <td><code>-</code></td> <td>list item</td> <td>- item1<br>- item2</td> <td>Dash + space; indentation defines level.</td> </tr> <tr> <td><code>#</code></td> <td>comment</td> <td># Ignored</td> <td>From # to EOL; no block comments.</td> </tr> <tr> <td>`\</td> <td>`</td> <td>literal multiline text (preserves newlines)</td> <td>key: \</td> </tr> <tr> <td><code>&gt;</code></td> <td>folded multiline text (folds to single line, newlines to space)</td> <td>key: &gt;<br> line1<br> line2</td> <td>Chops newlines; useful for logs.</td> </tr> <tr> <td><code>{}</code></td> <td>empty object/map</td> <td>{}</td> <td>Empty dict.</td> </tr> <tr> <td><code>[]</code></td> <td>empty list/array</td> <td>[]</td> <td>Empty array.</td> </tr> <tr> <td><code>~</code></td> <td>null value</td> <td>key: ~</td> <td>Explicit null.</td> </tr> <tr> <td><code>&amp;</code></td> <td>anchor (reference)</td> <td>&amp;name value</td> <td>Define alias target.</td> </tr> <tr> <td><code>*</code></td> <td>alias (reference)</td> <td>*name</td> <td>Reuse anchored value.</td> </tr> <tr> <td><code>!</code></td> <td>tag (custom type)</td> <td>!str "123"</td> <td>Rarely used in K8s.</td> </tr> </tbody> </table></div> <p><strong>Advanced</strong>: Flow style <code>{key: value, list: [1,2]}</code> compact, but block preferred for readability.</p> <h1> 🧠 <strong>SECTION 6 — API OBJECT FLOW IN KUBERNETES</strong> </h1> <p>When you apply YAML (<code>kubectl apply -f file.yaml</code> or <code>kubectl create --save-config</code>):</p> <ol> <li> <strong>Client (kubectl)</strong>: Validates YAML syntax, sends to API Server (with auth). ↓</li> <li> <strong>Kube API Server</strong>: Authenticates (RBAC), authorizes, validates schema (apiVersion/kind/spec), admits (webhooks), persists to etcd as JSON. ↓</li> <li> <strong>etcd</strong>: Stores object with metadata (uid, timestamps). Watchers notify. ↓</li> <li> <strong>Controller Manager</strong>: Reconciles (e.g., Deployment controller creates ReplicaSet → Pods). Loops: watch → diff desired/actual → act. ↓</li> <li> <strong>Scheduler</strong>: Assigns unbound Pods to nodes (filters: nodeSelector/tolerations; scores: affinity). ↓</li> <li> <strong>Kubelet (on node)</strong>: Pulls Pod spec via API, runs containers (via CRI like containerd), reports status (probes, events). Mounts volumes, runs initContainers. ↓</li> <li> <strong>Status Updates</strong>: Kubelet → API → etcd. Controllers update observed state.</li> </ol> <p><strong>Error Flows</strong>: Validation fails → 400 Bad Request. Quotas → 429. Network issues → retries. Use <code>kubectl describe</code> for events.</p> <p><strong>Advanced Components</strong>: Cloud Controller Manager for cloud resources; Custom Controllers for CRDs.</p> <h1> 🛠 <strong>SECTION 7 — FULL BEST PRACTICES</strong> </h1> <h3> ✔ Always use labels </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>labels: app.kubernetes.io/name: myapp # Standard prefix app.kubernetes.io/version: v1.2.3 app.kubernetes.io/component: frontend app.kubernetes.io/part-of: ecommerce app.kubernetes.io/managed-by: helm </code></pre> </div> <p>Follow semantic labeling (app.kubernetes.io/*). Use for all selectors.</p> <h3> ✔ Don’t hardcode nodePort unless needed </h3> <p>Let Kubernetes auto-assign (type: NodePort). Reserve ranges via kube-apiserver flags.</p> <h3> ✔ Use <code>resources:</code> for CPU/RAM limits </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>resources: requests: cpu: "100m" # 0.1 core memory: "128Mi" limits: cpu: "200m" memory: "256Mi" </code></pre> </div> <p>Requests for scheduling; limits for OOMKill/cgroup. Set limits &gt; requests for Burstable QoS.</p> <h3> ✔ Use livenessProbe &amp; readinessProbe </h3> <ul> <li>Liveness: Restart if unhealthy (e.g., HTTP 200 on /healthz).</li> <li>Readiness: Exclude from Service if not ready (e.g., DB connection check).</li> <li>Startup: For slow starts (higher failureThreshold).</li> </ul> <h3> ✔ Put multiple objects in one YAML using <code>---</code> </h3> <p>Atomic apply; order-independent (API serializes).</p> <h3> ✔ Additional Best Practices </h3> <ul> <li> <strong>Namespaces</strong>: Isolate tenants; use ResourceQuota/LimitRange.</li> <li> <strong>RBAC</strong>: Least privilege; use Roles over ClusterRoles.</li> <li> <strong>Probes</strong>: timeoutSeconds &gt;0; periodSeconds balanced (not too frequent).</li> <li> <strong>Updates</strong>: Use <code>kubectl apply</code> for declarative; <code>--record</code> for history.</li> <li> <strong>Validation</strong>: <code>--dry-run=server</code> before apply.</li> <li> <strong>Security</strong>: Non-root containers; no hostNetwork; PodSecurityStandards.</li> <li> <strong>Storage</strong>: Use StorageClasses; RWX for shared.</li> <li> <strong>Scaling</strong>: HPA for horizontal; VPA for vertical.</li> <li> <strong>Monitoring</strong>: Labels for Prometheus scraping.</li> <li> <strong>Helm/Kustomize</strong>: For templating; avoid raw YAML in prod.</li> <li> <strong>Immutable ConfigMaps/Secrets</strong>: Set immutable: true for caching.</li> <li> <strong>Affinity/Anti-Affinity</strong>: Spread across AZs; co-locate related.</li> <li> <strong>Taints/Tolerations</strong>: Dedicate nodes (e.g., GPU).</li> <li> <strong>Finalizers</strong>: Custom cleanup (e.g., webhook sync).</li> </ul> <h1> 🎯 FINAL SUMMARY (COMPLETE MENTAL MODEL OF K8s YAML) </h1> <p><strong>Every Kubernetes YAML has these 4 parts:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>apiVersion → tells Kubernetes which API to use (e.g., apps/v1; schema enforcer) kind → tells Kubernetes what you’re creating (e.g., Deployment; routes to handler) metadata → name, labels, namespace (identity/selectors; e.g., app: nginx for matching) spec → details for the object (the big part; desired state, e.g., replicas: 3, template Pod spec) </code></pre> </div> <p><strong>Every service type eventually routes traffic to Pods using selector labels:</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>LoadBalancer (external cloud IP) # Provisions LB ↓ (forwards to NodePorts or directly) NodePort (30000-32767 on nodes) # Exposes on cluster nodes ↓ (proxies internally) ClusterIP (virtual cluster IP) # Internal service discovery ↓ (endpoints watch Pods) Pod IP (ephemeral, via selector) # Direct to matching labeled Pods </code></pre> </div> <p>Headless Services return A/AAAA records for Pods.</p> <p><strong>Deployments create Pods</strong> (via ReplicaSets; handle updates/rollbacks)<br> <strong>Pods run containers</strong> (with env, volumes, probes; ephemeral units)<br> <strong>Services expose Pods</strong> (stable endpoints; types for access levels)<br> <strong>Ingress exposes Services</strong> (L7 routing, TLS termination)<br> <strong>ConfigMaps &amp; Secrets configure Pods</strong> (injected data; separate concerns)<br> <strong>PVs/PVCs give Pods storage</strong> (decoupled persistence; dynamic provisioning)<br> <strong>NetworkPolicies secure traffic</strong> (default allow → explicit deny; label-based)<br> <strong>StatefulSets for ordered/stateful</strong> (stable identities: pod-0, pod-1)<br> <strong>DaemonSets for node agents</strong> (monitoring, logging)<br> <strong>Jobs/CronJobs for batch</strong> (completion-based)</p> <p>This model scales: Controllers watch → Act → Status loop. Declarative wins over imperative.</p> <h1> 🚀 Done! </h1> <p>This is the <strong>COMPLETE, FULL, ALL-IN-ONE guide to Kubernetes YAML</strong> — covering all syntax, rules, keywords, meanings, and examples in exhaustive detail, with every key, value type, enum, and interaction documented.</p> kubernetes containers Quick Sort C++: Story Harsh Mishra Sat, 13 Sep 2025 17:22:45 +0000 https://forem.com/harshm03/quick-sort-c-story-4do3 https://forem.com/harshm03/quick-sort-c-story-4do3 <h2> 🔥 <em>The Tale of the Chosen Pivot: The Quick Sort Saga</em> </h2> <blockquote> <p><em>"A king is not crowned by chance,<br> but by the blade of division.<br> He rules only when all lesser kneel before him,<br> and the greater stand beyond."</em><br> — <em>The Law of the Pivot King</em></p> </blockquote> <p>The realm of warriors was restless. Each claimed strength, each stood in chaos. Kings and squires alike jostled for place, yet no order ruled their line.</p> <p>The Oracle spoke:</p> <blockquote> <p><em>“Crown not all at once.<br> Choose one king — a pivot.<br> Place him upon his throne,<br> and let those weaker bow to his left,<br> while the stronger march to his right.<br> Repeat, until all kings are crowned.”</em></p> </blockquote> <p>Thus began the saga of <strong>Quick Sort</strong> — the Ritual of the Pivot Kings.</p> <h3> 📜 The Scroll of Streams </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#include</span> <span class="cpf">&lt;iostream&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;vector&gt;</span><span class="cp"> </span><span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> </code></pre> </div> <p>The scribes unfurled their scrolls (<code>iostream</code>) and laid out the line of warriors (<code>vector</code>). Upon this field, the ritual would carve destiny.</p> <h3> 👑 The Coronation of the Pivot </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">int</span> <span class="nf">partition</span><span class="p">(</span><span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;&amp;</span> <span class="n">arr</span><span class="p">,</span> <span class="kt">int</span> <span class="n">low</span><span class="p">,</span> <span class="kt">int</span> <span class="n">high</span><span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">pivot</span> <span class="o">=</span> <span class="n">arr</span><span class="p">[</span><span class="n">high</span><span class="p">];</span> </code></pre> </div> <p>From the far end of the line, a warrior was chosen as <strong>pivot</strong>. He was not always the strongest nor the weakest, but destiny marked him king for this round. His throne would soon be revealed.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="n">low</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> </code></pre> </div> <p>The ground was cleared. A marker was drawn just before the first warrior, at <code>i</code>. It waited for those loyal to kneel before the pivot king.</p> <h3> ⚔️ The Division of Allegiance </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">j</span> <span class="o">=</span> <span class="n">low</span><span class="p">;</span> <span class="n">j</span> <span class="o">&lt;</span> <span class="n">high</span><span class="p">;</span> <span class="n">j</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="o">&lt;=</span> <span class="n">pivot</span><span class="p">)</span> <span class="p">{</span> <span class="n">i</span><span class="o">++</span><span class="p">;</span> <span class="n">swap</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">i</span><span class="p">],</span> <span class="n">arr</span><span class="p">[</span><span class="n">j</span><span class="p">]);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The Oracle moved down the line. Each warrior was tested against the pivot king.</p> <p>If a warrior was lesser or equal, he pledged loyalty. He stepped left, joining those before, and the marker <code>i</code> advanced. Their positions were swapped, so loyalists formed a block of unity at the front.</p> <p>Those greater than the pivot held back, waiting beyond. Thus, allegiance was drawn in the sand — the loyal left, the defiant right.</p> <h3> 👑 The Throne of the Pivot </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">swap</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">],</span> <span class="n">arr</span><span class="p">[</span><span class="n">high</span><span class="p">]);</span> <span class="k">return</span> <span class="n">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At last, the king claimed his throne. He was placed between the loyal and the defiant, his seat at <code>i + 1</code>. None could challenge him now, for all lesser stood before him, and all greater behind.</p> <p>The <strong>partition</strong> was complete. One king’s place was secured forever.</p> <h3> 🌌 The Endless Coronations </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">void</span> <span class="nf">quickSort</span><span class="p">(</span><span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;&amp;</span> <span class="n">arr</span><span class="p">,</span> <span class="kt">int</span> <span class="n">low</span><span class="p">,</span> <span class="kt">int</span> <span class="n">high</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">low</span> <span class="o">&lt;</span> <span class="n">high</span><span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">pi</span> <span class="o">=</span> <span class="n">partition</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">low</span><span class="p">,</span> <span class="n">high</span><span class="p">);</span> </code></pre> </div> <p>But one king was not enough. The Oracle commanded the ritual anew. With the pivot seated, the land was split into two realms — left and right. Each would find its own king.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">quickSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">low</span><span class="p">,</span> <span class="n">pi</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> <span class="n">quickSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">pi</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="n">high</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The coronations continued, dividing again and again. Each realm was split, each chosen pivot crowned, until no fragment remained unruled. When the ritual ended, the entire kingdom was ordered — smallest at the dawn, greatest at the dusk.</p> <h3> 🎺 The Trial of Nine </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">arr</span> <span class="o">=</span> <span class="p">{</span><span class="mi">10</span><span class="p">,</span> <span class="mi">7</span><span class="p">,</span> <span class="mi">8</span><span class="p">,</span> <span class="mi">9</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">20</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">15</span><span class="p">};</span> </code></pre> </div> <p>On one day, nine warriors stood in chaos: 10, 7, 8, 9, 1, 5, 20, 3, 15. Each claimed a crown, none stood in order.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">quickSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="n">arr</span><span class="p">.</span><span class="n">size</span><span class="p">()</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>The ritual of Quick Sort was called. Kings were chosen, pivots crowned, thrones assigned. Division spread like wildfire, but from it rose harmony.</p> <h3> 👏 The Herald’s Call </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">x</span> <span class="o">:</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">x</span> <span class="o">&lt;&lt;</span> <span class="s">" "</span><span class="p">;</span> <span class="p">}</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">endl</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At last, the Herald strode forth. He called the warriors in their new order, weakest to strongest, and the line shimmered with balance.</p> <p>The people bowed, for chaos had ended, and the Pivot Kings ruled in eternal order.</p> <h3> 🧠 Memory of the Pivot </h3> <ul> <li> <strong>partition</strong> — the crowning of a pivot king.</li> <li> <strong>loyal warriors ≤ pivot</strong> — step left, their positions swapped forward.</li> <li> <strong>greater warriors &gt; pivot</strong> — remain on the right.</li> <li> <strong>swap(pivot, i+1)</strong> — the king takes his throne.</li> <li> <strong>quickSort left &amp; right</strong> — the realms split, each crowning its own kings.</li> </ul> <p>Thus, Quick Sort is remembered as the <strong>Tale of the Pivot Kings</strong>, where division forged a perfect realm. 🔥👑</p> cpp programming algorithms Merge Sort C++: Story Harsh Mishra Sat, 13 Sep 2025 17:22:20 +0000 https://forem.com/harshm03/merge-sort-c-story-dp6 https://forem.com/harshm03/merge-sort-c-story-dp6 <h2> 🌌 <em>The Sundering and the Great Unification: The Merge Sort Saga</em> </h2> <blockquote> <p><em>"That which is whole must first be broken,<br> and that which is broken must then be joined.<br> Only in division and reunion does true order rise."</em><br> — <em>The Song of the Unifier</em></p> </blockquote> <p>The world was once whole, but chaos ruled it. The kings and squires, pearls and shells, great and small — all stood in disarray. No hand could place them in order, for together they were a storm.</p> <p>But an Oracle spoke:</p> <blockquote> <p><em>“Break the world apart, until each stands alone.<br> Then, piece by piece, unite them again,<br> and in reunion, order shall be born.”</em></p> </blockquote> <p>Thus began the saga of <strong>Merge Sort</strong> — the ritual of Sundering and Unification.</p> <h3> 📜 The Scroll of Division </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#include</span> <span class="cpf">&lt;iostream&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;vector&gt;</span><span class="cp"> </span><span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> </code></pre> </div> <p>The scribes prepared their scrolls (<code>iostream</code>) and nets (<code>vector</code>), for they would need to shatter the world into pieces and then weave it whole again.</p> <h3> ⚔️ The Spell of Unification </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">void</span> <span class="nf">merge</span><span class="p">(</span><span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;&amp;</span> <span class="n">arr</span><span class="p">,</span> <span class="kt">int</span> <span class="n">left</span><span class="p">,</span> <span class="kt">int</span> <span class="n">mid</span><span class="p">,</span> <span class="kt">int</span> <span class="n">right</span><span class="p">)</span> <span class="p">{</span> </code></pre> </div> <p>The first spell was named <strong>merge</strong>. It was no small charm — its power was to <strong>reunite</strong> two halves, making them one. For only in this reunification could order arise.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">n1</span> <span class="o">=</span> <span class="n">mid</span> <span class="o">-</span> <span class="n">left</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span> <span class="kt">int</span> <span class="n">n2</span> <span class="o">=</span> <span class="n">right</span> <span class="o">-</span> <span class="n">mid</span><span class="p">;</span> </code></pre> </div> <p>The Oracle looked upon the world and saw it split into two.<br> The left half contained <code>n1</code> warriors, the right half <code>n2</code>.<br> Two camps had formed, awaiting judgment.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">L</span><span class="p">(</span><span class="n">n1</span><span class="p">),</span> <span class="n">R</span><span class="p">(</span><span class="n">n2</span><span class="p">);</span> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">n1</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="n">L</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">=</span> <span class="n">arr</span><span class="p">[</span><span class="n">left</span> <span class="o">+</span> <span class="n">i</span><span class="p">];</span> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">j</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">j</span> <span class="o">&lt;</span> <span class="n">n2</span><span class="p">;</span> <span class="n">j</span><span class="o">++</span><span class="p">)</span> <span class="n">R</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="o">=</span> <span class="n">arr</span><span class="p">[</span><span class="n">mid</span> <span class="o">+</span> <span class="mi">1</span> <span class="o">+</span> <span class="n">j</span><span class="p">];</span> </code></pre> </div> <p>The warriors were drawn into two scrolls: <strong>L</strong> and <strong>R</strong>. Each remembered their lineage, each carried the memory of their half. Now they stood apart, waiting to be joined again.</p> <h3> 🌌 The Great Joining </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span> <span class="n">j</span> <span class="o">=</span> <span class="mi">0</span><span class="p">,</span> <span class="n">k</span> <span class="o">=</span> <span class="n">left</span><span class="p">;</span> <span class="k">while</span> <span class="p">(</span><span class="n">i</span> <span class="o">&lt;</span> <span class="n">n1</span> <span class="o">&amp;&amp;</span> <span class="n">j</span> <span class="o">&lt;</span> <span class="n">n2</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">L</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">&lt;=</span> <span class="n">R</span><span class="p">[</span><span class="n">j</span><span class="p">])</span> <span class="p">{</span> <span class="n">arr</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">L</span><span class="p">[</span><span class="n">i</span><span class="p">];</span> <span class="n">i</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="n">arr</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">R</span><span class="p">[</span><span class="n">j</span><span class="p">];</span> <span class="n">j</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="n">k</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The Oracle began the joining. From each side, the smallest warrior was chosen.</p> <p>If the left warrior was smaller or equal, he stepped into the great line. Otherwise, the right warrior claimed the place. One by one, they marched, filling the array with order.</p> <p>This was no duel — it was a dance of balance, where neither side was ignored, and each gave way when the other was smaller.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">while</span> <span class="p">(</span><span class="n">i</span> <span class="o">&lt;</span> <span class="n">n1</span><span class="p">)</span> <span class="p">{</span> <span class="n">arr</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">L</span><span class="p">[</span><span class="n">i</span><span class="p">];</span> <span class="n">i</span><span class="o">++</span><span class="p">;</span> <span class="n">k</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="k">while</span> <span class="p">(</span><span class="n">j</span> <span class="o">&lt;</span> <span class="n">n2</span><span class="p">)</span> <span class="p">{</span> <span class="n">arr</span><span class="p">[</span><span class="n">k</span><span class="p">]</span> <span class="o">=</span> <span class="n">R</span><span class="p">[</span><span class="n">j</span><span class="p">];</span> <span class="n">j</span><span class="o">++</span><span class="p">;</span> <span class="n">k</span><span class="o">++</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>When one camp was exhausted, the survivors of the other marched forth unopposed. All found their place in the new, ordered line. The merge was complete.</p> <h3> 🏹 The Sundering Ritual </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">void</span> <span class="nf">mergeSort</span><span class="p">(</span><span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;&amp;</span> <span class="n">arr</span><span class="p">,</span> <span class="kt">int</span> <span class="n">left</span><span class="p">,</span> <span class="kt">int</span> <span class="n">right</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">left</span> <span class="o">&lt;</span> <span class="n">right</span><span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">mid</span> <span class="o">=</span> <span class="n">left</span> <span class="o">+</span> <span class="p">(</span><span class="n">right</span> <span class="o">-</span> <span class="n">left</span><span class="p">)</span> <span class="o">/</span> <span class="mi">2</span><span class="p">;</span> </code></pre> </div> <p>The second spell was named <strong>mergeSort</strong>. Its power was the Sundering.</p> <p>The Oracle gazed upon the line. If more than one soul stood within, she split it. The midpoint was chosen — dividing the realm into left and right.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">mergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">left</span><span class="p">,</span> <span class="n">mid</span><span class="p">);</span> <span class="n">mergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">mid</span> <span class="o">+</span> <span class="mi">1</span><span class="p">,</span> <span class="n">right</span><span class="p">);</span> </code></pre> </div> <p>The Sundering was not done once, but again and again. Each half was broken further, split into smaller and smaller fragments — until only single warriors stood.</p> <p>For a lone warrior needs no sorting. Alone, he is already in order.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">merge</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="n">left</span><span class="p">,</span> <span class="n">mid</span><span class="p">,</span> <span class="n">right</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>But once all were sundered, the Oracle began the opposite journey. The merging began. Two halves became one, then greater halves, until at last the entire realm was reunited — not in chaos, but in perfect ascending order.</p> <h3> 🎺 The Trial of Eight </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">arr</span> <span class="o">=</span> <span class="p">{</span><span class="mi">38</span><span class="p">,</span> <span class="mi">27</span><span class="p">,</span> <span class="mi">43</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">9</span><span class="p">,</span> <span class="mi">82</span><span class="p">,</span> <span class="mi">10</span><span class="p">};</span> </code></pre> </div> <p>One day, seven warriors stood in a line: 38, 27, 43, 3, 9, 82, 10. They were mighty, but disordered.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">mergeSort</span><span class="p">(</span><span class="n">arr</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="n">arr</span><span class="p">.</span><span class="n">size</span><span class="p">()</span> <span class="o">-</span> <span class="mi">1</span><span class="p">);</span> </code></pre> </div> <p>The Oracle raised her hand. The Sundering began. Each warrior was torn from his companions until he stood alone.</p> <p>Then, slowly, patiently, the reunification came. As halves became whole, the warriors marched into their destined places.</p> <h3> 👏 The Herald’s Call </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">x</span> <span class="o">:</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">x</span> <span class="o">&lt;&lt;</span> <span class="s">" "</span><span class="p">;</span> <span class="p">}</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">endl</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At last, the Herald walked the line. One by one, the warriors were called. Their names rang not in chaos, but in order — the smallest first, the largest last.</p> <p>The crowd roared. The prophecy was fulfilled. The realm was united, perfectly sorted.</p> <h3> 🧠 Memory of the Sundering </h3> <ul> <li> <strong>mergeSort</strong> — the ritual of Sundering, breaking the world until only singles remain.</li> <li> <strong>merge</strong> — the great Unification, joining halves by choosing the smallest each time.</li> <li> <strong>while loops</strong> — the march of survivors into the final line.</li> </ul> <p>Thus, Merge Sort is remembered as the <strong>Saga of Sundering and Unity</strong>, where division gave way to harmony. 🌌👑</p> cpp programming algorithms Selection Sort C++: Story Harsh Mishra Sat, 13 Sep 2025 17:21:50 +0000 https://forem.com/harshm03/selection-sort-c-story-5540 https://forem.com/harshm03/selection-sort-c-story-5540 <h2> 👑 <em>The Rite of the True Heir: The Selection Sort Saga</em> </h2> <blockquote> <p><em>"Among many who claim the crown, only one is worthy.<br> Choose him, place him upon the throne,<br> and the line of kings shall be written."</em><br> — <em>The Book of Crowns</em></p> </blockquote> <p>In the fractured kingdom, many warriors shouted of their worth. Each believed himself the strongest, yet none stood where destiny demanded.</p> <p>The High Oracle commanded a ritual, not of chaos or battle, but of <strong>choice</strong>. In each moment, the smallest and humblest would be sought out among the many, lifted, and placed upon the next empty throne.</p> <p>Thus began the <strong>Rite of the True Heir</strong>, known to the scribes as <strong>Selection Sort</strong>.</p> <h3> 📜 The Scroll of Crowns </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#include</span> <span class="cpf">&lt;iostream&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;vector&gt;</span><span class="cp"> </span><span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> </code></pre> </div> <p>The scribes unrolled the scrolls (<code>iostream</code>) and laid out the line of would-be kings (<code>vector</code>). Upon these pages the names of the chosen would be recorded, one after another, in rightful order.</p> <h3> ⚔️ The Oracle’s Decree </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">void</span> <span class="nf">selectionSort</span><span class="p">(</span><span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;&amp;</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> </code></pre> </div> <p>The Oracle raised her hand. The ritual of <strong>selectionSort</strong> was spoken aloud, and the line of claimants trembled. Soon, one by one, the crowns would be assigned.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">n</span> <span class="o">=</span> <span class="n">arr</span><span class="p">.</span><span class="n">size</span><span class="p">();</span> </code></pre> </div> <p>The Herald counted the warriors. Their number, <code>n</code>, was the length of destiny — for each throne would be filled in turn, from the smallest to the greatest.</p> <h3> 👑 The Search for the True Heir </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">n</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">minIndex</span> <span class="o">=</span> <span class="n">i</span><span class="p">;</span> </code></pre> </div> <p>The Oracle’s gaze fell upon the first empty throne (<code>i</code>). She pointed to the warrior standing before it and declared, <em>“For now, you are the chosen.”</em></p> <p>But she knew better than to trust appearances. The true heir must be sought. Thus, the warrior at <code>i</code> was marked as <code>minIndex</code> — the one assumed to be smallest, until proven otherwise.</p> <h3> 🔍 The Trial of Comparison </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">j</span> <span class="o">=</span> <span class="n">i</span> <span class="o">+</span> <span class="mi">1</span><span class="p">;</span> <span class="n">j</span> <span class="o">&lt;</span> <span class="n">n</span><span class="p">;</span> <span class="n">j</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="o">&lt;</span> <span class="n">arr</span><span class="p">[</span><span class="n">minIndex</span><span class="p">])</span> <span class="n">minIndex</span> <span class="o">=</span> <span class="n">j</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>One by one, the Oracle inspected every warrior beyond the throne. Each was measured against the current choice.</p> <p>If any warrior smaller, humbler, or more rightful appeared, the Oracle’s finger shifted. The crown would not be given until all had been judged.</p> <p>Thus, the smallest among all was revealed, even if he had stood at the farthest edge of the line.</p> <h3> 🔄 The Exchange of Thrones </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">swap</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">i</span><span class="p">],</span> <span class="n">arr</span><span class="p">[</span><span class="n">minIndex</span><span class="p">]);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>At last, the true heir was known. The Oracle lifted him from his place and set him upon the throne <code>i</code>.</p> <p>If the chosen heir had stood there already, no change was needed. But if another had been mistaken for king, their places were exchanged.</p> <p>The ritual continued, throne after throne, until all warriors had been seated in their rightful order — the weakest upon the first, the strongest upon the last.</p> <h3> 🎺 The Trial of Eight </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">arr</span> <span class="o">=</span> <span class="p">{</span><span class="mi">29</span><span class="p">,</span> <span class="mi">10</span><span class="p">,</span> <span class="mi">14</span><span class="p">,</span> <span class="mi">37</span><span class="p">,</span> <span class="mi">13</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">50</span><span class="p">,</span> <span class="mi">41</span><span class="p">};</span> </code></pre> </div> <p>One day, eight claimants stood before the Oracle: 29, 10, 14, 37, 13, 2, 50, 41. They shouted loudly of crowns, yet none stood in the order of truth.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">selectionSort</span><span class="p">(</span><span class="n">arr</span><span class="p">);</span> </code></pre> </div> <p>The ritual began. One by one, the smallest was found, crowned, and seated. Pride was stripped away, and the kingdom’s order was restored through the ritual of selection.</p> <h3> 👏 The Herald’s Call </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">x</span> <span class="o">:</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">x</span> <span class="o">&lt;&lt;</span> <span class="s">" "</span><span class="p">;</span> <span class="p">}</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">endl</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At last, the Herald called their names aloud. Each warrior stepped forth in ascending order, weakest to strongest. The people cheered, for the true heirs had taken their places, and the kingdom knew peace again.</p> <h3> 🧠 Memory of the Crown </h3> <ul> <li>The <strong>outer loop</strong> — the thrones waiting, one by one.</li> <li>The <strong>minIndex</strong> — the assumed heir, tested against others.</li> <li>The <strong>inner loop</strong> — the trials of comparison, seeking the true smallest.</li> <li>The <strong>swap</strong> — the crowning of the rightful heir.</li> </ul> <p>Thus, Selection Sort is remembered as the <strong>Rite of the True Heir</strong>, where order was restored not by battle, but by careful choice. 👑⚔️</p> cpp programming algorithms Insertion Sort C++: Story Harsh Mishra Sat, 13 Sep 2025 17:21:21 +0000 https://forem.com/harshm03/insertion-sort-c-story-30mg https://forem.com/harshm03/insertion-sort-c-story-30mg <h2> 🏹 <em>The Chronicles of the Order-Bearer: The Insertion Sort Saga</em> </h2> <blockquote> <p><em>"A line is not born perfect.<br> It becomes perfect when each finds his rightful place among those before him."</em><br> — <em>Song of the Order-Bearer</em></p> </blockquote> <p>In the Kingdom of Lines, chaos walked proudly. Warriors stood not by skill, but by chance. A weakling might precede a champion, and a champion might be buried among squires.</p> <p>The High Sage decreed:</p> <blockquote> <p><em>“Each warrior shall step into the line one by one.<br> He shall not stand where he first lands, but where he belongs among those before him.<br> Thus, the line shall grow in order, piece by piece, until all stand as one.”</em></p> </blockquote> <p>This ritual became known as the <strong>Insertion Sort</strong>.</p> <h3> 📜 The Scroll of Lineage </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#include</span> <span class="cpf">&lt;iostream&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;vector&gt;</span><span class="cp"> </span><span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> </code></pre> </div> <p>The scribes laid open the scrolls (<code>iostream</code>) and spread the line of warriors (<code>vector</code>). Upon these pages the ritual of order would be etched, so the kingdom would remember.</p> <h3> ⚔️ The Call of the Sage </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">void</span> <span class="nf">insertionSort</span><span class="p">(</span><span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;&amp;</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> </code></pre> </div> <p>The Sage raised his staff and called the warriors into the ritual. The spell of <strong>insertionSort</strong> was named, and the line stood trembling, waiting to be set aright.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">n</span> <span class="o">=</span> <span class="n">arr</span><span class="p">.</span><span class="n">size</span><span class="p">();</span> </code></pre> </div> <p>The first step was to count them — all who would stand in the line. <code>n</code> was not just a number; it was the length of destiny, the measure of the order yet to come.</p> <h3> 🏹 The Warrior Steps Forward </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">1</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">n</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> </code></pre> </div> <p>The first warrior at position 0 was left alone — for a single soul needs no order.</p> <p>Then, beginning from the second (<code>i = 1</code>), each warrior stepped forward into the growing line. He could not stand merely where he entered. He had to <strong>find his rightful place</strong> among those who came before.</p> <h3> ⚖️ The Choice of the Key </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">key</span> <span class="o">=</span> <span class="n">arr</span><span class="p">[</span><span class="n">i</span><span class="p">];</span> <span class="kt">int</span> <span class="n">j</span> <span class="o">=</span> <span class="n">i</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> </code></pre> </div> <p>The chosen warrior was lifted from the line — called the <strong>key</strong>. He looked back to those who already stood ordered behind him. The one before him (<code>j</code>) was his rival, his test.</p> <h3> 🛡️ The Trials of Comparison </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">while</span> <span class="p">(</span><span class="n">j</span> <span class="o">&gt;=</span> <span class="mi">0</span> <span class="o">&amp;&amp;</span> <span class="n">arr</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">key</span><span class="p">)</span> <span class="p">{</span> <span class="n">arr</span><span class="p">[</span><span class="n">j</span> <span class="o">+</span> <span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">arr</span><span class="p">[</span><span class="n">j</span><span class="p">];</span> <span class="n">j</span> <span class="o">=</span> <span class="n">j</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>The key warrior faced the champions before him. If a warrior (<code>arr[j]</code>) was stronger (greater) than him, that warrior stepped one place forward to make room.</p> <p>The key pressed on, moving backward, testing again and again — until he found a rival no stronger than himself, or the beginning of the line.</p> <p>Thus, each trial shifted others forward, like a ripple of respect, until the key’s rightful place was uncovered.</p> <h3> 👑 The Final Placement </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">arr</span><span class="p">[</span><span class="n">j</span> <span class="o">+</span> <span class="mi">1</span><span class="p">]</span> <span class="o">=</span> <span class="n">key</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>At last, the key settled into the place destiny had prepared for him. The line closed around him, stronger than before. Then the next warrior stepped forward, and the ritual repeated.</p> <p>By the end, every soul had found his rightful place, and the line stood perfect — ordered from weakest to strongest.</p> <h3> 🎺 The Trial of Eight </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">arr</span> <span class="o">=</span> <span class="p">{</span><span class="mi">12</span><span class="p">,</span> <span class="mi">11</span><span class="p">,</span> <span class="mi">13</span><span class="p">,</span> <span class="mi">5</span><span class="p">,</span> <span class="mi">6</span><span class="p">,</span> <span class="mi">7</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">15</span><span class="p">};</span> </code></pre> </div> <p>On one dawn, eight warriors entered the line: 12, 11, 13, 5, 6, 7, 3, 15. They stood in chaos, their strength unmatched to their order. The Sage prepared the ritual, and the people watched.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">insertionSort</span><span class="p">(</span><span class="n">arr</span><span class="p">);</span> </code></pre> </div> <p>The ritual began. One by one, the warriors were lifted, tested, and placed. With each step, the line grew more ordered, until the disorder was driven out entirely.</p> <h3> 👏 The Herald’s Call </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">x</span> <span class="o">:</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">x</span> <span class="o">&lt;&lt;</span> <span class="s">" "</span><span class="p">;</span> <span class="p">}</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">endl</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At last, the Herald marched down the line, calling each warrior in turn. Their names rang out in ascending order. The crowd cheered, for the line now mirrored the wisdom of the Sage.</p> <h3> 🧠 Memory of the Ritual </h3> <ul> <li>The <strong>outer loop</strong> — each warrior stepping forward into the line.</li> <li>The <strong>key</strong> — the chosen warrior, lifted to find his place.</li> <li>The <strong>while loop</strong> — the backward trials, shifting stronger warriors forward.</li> <li>The <strong>placement</strong> — the key settling where destiny decreed.</li> </ul> <p>Thus, Insertion Sort is remembered as the <strong>Ritual of the Order-Bearer</strong>, where chaos gave way to harmony, one warrior at a time. 🏹👑</p> cpp programming algorithms Bubble Sort C++: Story Harsh Mishra Sat, 13 Sep 2025 17:20:56 +0000 https://forem.com/harshm03/bubble-sort-c-story-dp9 https://forem.com/harshm03/bubble-sort-c-story-dp9 <h2> 👑 <em>The Tournament of the Shifting Blades: The Bubble Sort Legend</em> </h2> <blockquote> <p><em>"Strength is not proven by standing still.<br> True warriors find their rightful place in the order of blades."</em><br> — <em>Edict of the First King</em></p> </blockquote> <p>In the realm of scattered banners, warriors stood shoulder to shoulder, yet no order bound them. A squire might boast before a knight, and a knight before a king. Chaos was written into the very line of steel.</p> <p>The High King, weary of such disorder, proclaimed the Grand Tournament. Only through duels would the warriors discover their rightful places. With every clash, the strongest would fall back and the weakest rise forward, until the line itself sang of balance.</p> <h3> 📜 The Call to Arms </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#include</span> <span class="cpf">&lt;iostream&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;vector&gt;</span><span class="cp"> </span><span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> </code></pre> </div> <p>The scribes opened their scrolls, and the arena was drawn upon the parchment. The warriors would be kept within a line of steel — the <code>vector</code> — and their story inked through the streams of the <code>iostream</code>.</p> <h3> ⚔️ The Arena Opens </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">void</span> <span class="nf">bubbleSort</span><span class="p">(</span><span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;&amp;</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> </code></pre> </div> <p>The gates of the arena creaked open. Into it, the warriors marched. The ritual was called <strong>bubbleSort</strong>, and its purpose was as old as the throne itself — to bring order where there was none.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">int</span> <span class="n">n</span> <span class="o">=</span> <span class="n">arr</span><span class="p">.</span><span class="n">size</span><span class="p">();</span> </code></pre> </div> <p>The Herald stepped forward, his voice booming across the stands. He counted every warrior, one by one, until the crowd knew how many would fight. That number, <code>n</code>, was the measure of destiny.</p> <h3> 🏹 The Rounds Begin </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">n</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> </code></pre> </div> <p>The first round began. The crowd rose to their feet, for they knew each wave of battle would settle one champion. With every clash, the mightiest of that round would be pushed to the end, where he would stand unmoved again. The next round, therefore, needed fewer tests, for one place had already been claimed.</p> <h3> 🛡️ The Neighbor Duels </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">j</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">j</span> <span class="o">&lt;</span> <span class="n">n</span> <span class="o">-</span> <span class="n">i</span> <span class="o">-</span> <span class="mi">1</span><span class="p">;</span> <span class="n">j</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> </code></pre> </div> <p>Within each round, warriors turned to face their neighbors. No swords were drawn from across the line; only the one beside you mattered. Each duel was swift, brutal, and watched by all. In this way, the order was forged step by step, neighbor by neighbor.</p> <h3> ⚖️ The King’s Judgment </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">if</span> <span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">j</span><span class="p">]</span> <span class="o">&gt;</span> <span class="n">arr</span><span class="p">[</span><span class="n">j</span> <span class="o">+</span> <span class="mi">1</span><span class="p">])</span> <span class="p">{</span> </code></pre> </div> <p>The King watched closely. If a warrior stood too proud, stronger yet placed before a weaker, the King’s hand rose. The judgment was clear — arrogance could not stand before humility.</p> <h3> 🔄 The Clash of Blades </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">swap</span><span class="p">(</span><span class="n">arr</span><span class="p">[</span><span class="n">j</span><span class="p">],</span> <span class="n">arr</span><span class="p">[</span><span class="n">j</span> <span class="o">+</span> <span class="mi">1</span><span class="p">]);</span> </code></pre> </div> <p>And so they clashed. Steel rang, dust rose, and the stronger was forced back while the weaker advanced. This was no shame, only correction — for each must find his rightful place in the grand line of honor.</p> <h3> 🌌 The Endless Rounds </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>The tournament raged on. Round after round, duel after duel, the warriors reshaped themselves. Slowly, pride gave way to order. And when the final clash faded, the line stood perfect — weakest at the front, strongest at the end.</p> <h3> 🎺 The Trial of Seven </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">arr</span> <span class="o">=</span> <span class="p">{</span><span class="mi">64</span><span class="p">,</span> <span class="mi">34</span><span class="p">,</span> <span class="mi">25</span><span class="p">,</span> <span class="mi">12</span><span class="p">,</span> <span class="mi">22</span><span class="p">,</span> <span class="mi">11</span><span class="p">,</span> <span class="mi">90</span><span class="p">};</span> </code></pre> </div> <p>One dawn, seven warriors entered the arena: 64, 34, 25, 12, 22, 11, 90. They stood in chaos, their strength unmatched to their position. The crowd murmured, sensing the King’s displeasure.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="n">bubbleSort</span><span class="p">(</span><span class="n">arr</span><span class="p">);</span> </code></pre> </div> <p>The horn sounded, and the duels began. One by one, the proud were forced back, the humble were lifted forward. The spell of bubbleSort was upon them, and the order was inevitable.</p> <h3> 👏 The Final Parade </h3> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">x</span> <span class="o">:</span> <span class="n">arr</span><span class="p">)</span> <span class="p">{</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">x</span> <span class="o">&lt;&lt;</span> <span class="s">" "</span><span class="p">;</span> <span class="p">}</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">endl</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>At last, the Herald called their names. One after another, they stepped forward in perfect order, weakest to strongest. The crowd cheered, for the line of warriors now mirrored the will of the King. The Tournament was complete.</p> <h3> 🧠 Memory of the Arena </h3> <ul> <li>The <strong>outer loop</strong> — the rounds of the tournament, each settling one champion.</li> <li>The <strong>inner loop</strong> — the neighbor duels, brutal and swift.</li> <li>The <strong>if-condition</strong> — the King’s judgment on pride.</li> <li>The <strong>swap</strong> — the clash that corrects the line.</li> </ul> <p>Thus Bubble Sort is remembered as the <strong>Tournament of the Shifting Blades</strong>, where every warrior found his rightful place. ⚔️👑</p> cpp programming algorithms Dijkstra's Algorithm C++: Story Harsh Mishra Sat, 16 Aug 2025 20:58:49 +0000 https://forem.com/harshm03/dijkstras-algorithm-c-story-1h40 https://forem.com/harshm03/dijkstras-algorithm-c-story-1h40 <h2> 🏹 <em>The Beacon Riders of the Northern Realms</em> — The Dijkstra Saga </h2> <blockquote> <p><em>"In the kingdom where roads shimmered with frost, the fastest rider was the one who chose his next step with care."</em><br> — <em>Songs of the Winter Messenger</em></p> </blockquote> <p>The Northern Realms were a land of <strong>villages connected by winding frozen roads</strong>, each road taking a certain amount of time to travel.<br> The High Council needed to send messengers from the <strong>capital</strong> to every other village, carrying news of an approaching winter storm.<br> But there was a rule: <strong>messengers must always choose the currently closest unexplored village to visit next</strong>, so no time would be wasted wandering far before checking nearer places.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="cp">#include</span> <span class="cpf">&lt;iostream&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;vector&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;queue&gt;</span><span class="cp"> #include</span> <span class="cpf">&lt;limits&gt;</span><span class="cp"> </span><span class="k">using</span> <span class="k">namespace</span> <span class="n">std</span><span class="p">;</span> <span class="k">class</span> <span class="nc">Dijkstra</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">n</span><span class="p">;</span> <span class="n">vector</span><span class="o">&lt;</span><span class="n">vector</span><span class="o">&lt;</span><span class="n">pair</span><span class="o">&lt;</span><span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="o">&gt;&gt;&gt;</span> <span class="n">adj</span><span class="p">;</span> <span class="n">vector</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;</span> <span class="n">dist</span><span class="p">;</span> <span class="k">const</span> <span class="kt">int</span> <span class="n">INF</span> <span class="o">=</span> <span class="n">numeric_limits</span><span class="o">&lt;</span><span class="kt">int</span><span class="o">&gt;::</span><span class="n">max</span><span class="p">();</span> <span class="nl">public:</span> <span class="n">Dijkstra</span><span class="p">(</span><span class="kt">int</span> <span class="n">n</span><span class="p">)</span> <span class="o">:</span> <span class="n">n</span><span class="p">(</span><span class="n">n</span><span class="p">)</span> <span class="p">{</span> <span class="n">adj</span><span class="p">.</span><span class="n">resize</span><span class="p">(</span><span class="n">n</span><span class="p">);</span> <span class="n">dist</span><span class="p">.</span><span class="n">assign</span><span class="p">(</span><span class="n">n</span><span class="p">,</span> <span class="n">INF</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The kingdom was drawn as <strong>n villages</strong> on a great frost-map.<br> Beside each village lay a ledger of roads: <code>adj[u]</code> kept track of every road from that village, written as <code>(neighbor, time_cost)</code>.<br> <code>dist[]</code> was the parchment where the <strong>shortest known times</strong> to reach each village would be recorded.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">void</span> <span class="nf">addRoad</span><span class="p">(</span><span class="kt">int</span> <span class="n">u</span><span class="p">,</span> <span class="kt">int</span> <span class="n">v</span><span class="p">,</span> <span class="kt">int</span> <span class="n">w</span><span class="p">)</span> <span class="p">{</span> <span class="n">adj</span><span class="p">[</span><span class="n">u</span><span class="p">].</span><span class="n">push_back</span><span class="p">({</span><span class="n">v</span><span class="p">,</span> <span class="n">w</span><span class="p">});</span> <span class="n">adj</span><span class="p">[</span><span class="n">v</span><span class="p">].</span><span class="n">push_back</span><span class="p">({</span><span class="n">u</span><span class="p">,</span> <span class="n">w</span><span class="p">});</span> <span class="p">}</span> </code></pre> </div> <p>Every road was carved into the map:<br> <em>"From U to V, the ride takes W hours."</em><br> And because roads in the Northern Realms could be traveled in both directions, the same note was made for the reverse path.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="kt">void</span> <span class="nf">shortestPaths</span><span class="p">(</span><span class="kt">int</span> <span class="n">src</span><span class="p">)</span> <span class="p">{</span> <span class="n">dist</span><span class="p">[</span><span class="n">src</span><span class="p">]</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">priority_queue</span><span class="o">&lt;</span><span class="n">pair</span><span class="o">&lt;</span><span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="o">&gt;</span><span class="p">,</span> <span class="n">vector</span><span class="o">&lt;</span><span class="n">pair</span><span class="o">&lt;</span><span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="o">&gt;&gt;</span><span class="p">,</span> <span class="n">greater</span><span class="o">&lt;</span><span class="n">pair</span><span class="o">&lt;</span><span class="kt">int</span><span class="p">,</span> <span class="kt">int</span><span class="o">&gt;&gt;&gt;</span> <span class="n">pq</span><span class="p">;</span> <span class="n">pq</span><span class="p">.</span><span class="n">push</span><span class="p">({</span><span class="mi">0</span><span class="p">,</span> <span class="n">src</span><span class="p">});</span> </code></pre> </div> <p>The messengers began at the <strong>capital</strong> (<code>src</code>).<br> The time to reach the capital itself was <strong>0</strong>.<br> A magical beacon-fire, represented by a <strong>priority queue</strong>, was lit — its flames always showing <strong>the next closest village yet to be visited</strong>.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">while</span> <span class="p">(</span><span class="o">!</span><span class="n">pq</span><span class="p">.</span><span class="n">empty</span><span class="p">())</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">d</span> <span class="o">=</span> <span class="n">pq</span><span class="p">.</span><span class="n">top</span><span class="p">().</span><span class="n">first</span><span class="p">;</span> <span class="kt">int</span> <span class="n">u</span> <span class="o">=</span> <span class="n">pq</span><span class="p">.</span><span class="n">top</span><span class="p">().</span><span class="n">second</span><span class="p">;</span> <span class="n">pq</span><span class="p">.</span><span class="n">pop</span><span class="p">();</span> </code></pre> </div> <p>At each step, the beacon’s flame called forth the <strong>nearest unexplored village</strong>.<br> The chosen village’s name was read, and the messenger rode there next.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">if</span> <span class="p">(</span><span class="n">d</span> <span class="o">&gt;</span> <span class="n">dist</span><span class="p">[</span><span class="n">u</span><span class="p">])</span> <span class="k">continue</span><span class="p">;</span> </code></pre> </div> <p>If a messenger arrived and found that <strong>a faster messenger had already reached this village before</strong>, they turned around without delay — no need to waste effort on a place already warned sooner.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="k">auto</span> <span class="o">&amp;</span><span class="n">edge</span> <span class="o">:</span> <span class="n">adj</span><span class="p">[</span><span class="n">u</span><span class="p">])</span> <span class="p">{</span> <span class="kt">int</span> <span class="n">v</span> <span class="o">=</span> <span class="n">edge</span><span class="p">.</span><span class="n">first</span><span class="p">;</span> <span class="kt">int</span> <span class="n">w</span> <span class="o">=</span> <span class="n">edge</span><span class="p">.</span><span class="n">second</span><span class="p">;</span> <span class="k">if</span> <span class="p">(</span><span class="n">dist</span><span class="p">[</span><span class="n">u</span><span class="p">]</span> <span class="o">+</span> <span class="n">w</span> <span class="o">&lt;</span> <span class="n">dist</span><span class="p">[</span><span class="n">v</span><span class="p">])</span> <span class="p">{</span> <span class="n">dist</span><span class="p">[</span><span class="n">v</span><span class="p">]</span> <span class="o">=</span> <span class="n">dist</span><span class="p">[</span><span class="n">u</span><span class="p">]</span> <span class="o">+</span> <span class="n">w</span><span class="p">;</span> <span class="n">pq</span><span class="p">.</span><span class="n">push</span><span class="p">({</span><span class="n">dist</span><span class="p">[</span><span class="n">v</span><span class="p">],</span> <span class="n">v</span><span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>From each newly reached village, the messenger looked at <strong>every road leading outward</strong>.<br> If traveling through this village gave a <strong>shorter path</strong> to another village than previously known, the ledger was updated.<br> The beacon-fire was fed with this news, so those closer villages could be visited next.</p> <p>And so, like ripples in ice, the shortest paths spread from the capital outward.</p> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code> <span class="k">for</span> <span class="p">(</span><span class="kt">int</span> <span class="n">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="n">i</span> <span class="o">&lt;</span> <span class="n">n</span><span class="p">;</span> <span class="n">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="n">dist</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">==</span> <span class="n">INF</span><span class="p">)</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="s">"INF "</span><span class="p">;</span> <span class="k">else</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="n">dist</span><span class="p">[</span><span class="n">i</span><span class="p">]</span> <span class="o">&lt;&lt;</span> <span class="s">" "</span><span class="p">;</span> <span class="p">}</span> <span class="n">cout</span> <span class="o">&lt;&lt;</span> <span class="s">"</span><span class="se">\n</span><span class="s">"</span><span class="p">;</span> <span class="p">}</span> <span class="p">};</span> </code></pre> </div> <p>When the last flame of the beacon-fire faded, the ledger was unrolled before the High Council:</p> <ul> <li>If a number was written, it was the <strong>fastest possible travel time</strong> from the capital to that village.</li> <li>If <code>INF</code>, it meant <strong>the snow had blocked every road to that place</strong> — unreachable until the spring thaw.</li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight cpp"><code><span class="kt">int</span> <span class="nf">main</span><span class="p">()</span> <span class="p">{</span> <span class="n">Dijkstra</span> <span class="n">realm</span><span class="p">(</span><span class="mi">5</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">10</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="mi">4</span><span class="p">,</span> <span class="mi">5</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">1</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">1</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">4</span><span class="p">,</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">3</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">4</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">9</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">4</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">2</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">3</span><span class="p">,</span> <span class="mi">2</span><span class="p">,</span> <span class="mi">4</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">addRoad</span><span class="p">(</span><span class="mi">2</span><span class="p">,</span> <span class="mi">3</span><span class="p">,</span> <span class="mi">6</span><span class="p">);</span> <span class="n">realm</span><span class="p">.</span><span class="n">shortestPaths</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>The messengers rode, flames guiding them village by village, until the whole kingdom had been warned — in the <strong>fastest way possible</strong>.</p> cpp programming algorithms