Infrastructure Patterns
When to Use What
| Tool | Use For | | ------------------ | --------------------------------------------------- | | Raw K8s YAML | Simple deployments, one-off resources | | Kustomize | Environment variations, overlays without templating | | Helm | Complex apps, third-party charts, heavy templating | | Terraform | Cloud resources, infrastructure lifecycle | | GitHub Actions | CI/CD, automated testing, releases | | Makefile | Build automation, self-documenting targets | | Dockerfile | Container builds, multi-stage, multi-arch |
Quick Decisions
Kustomize when: Simple env differences, readable manifests, patching YAML Helm when: Complex templating, third-party charts, release management
K8s Security Defaults
Every workload: non-root user, read-only filesystem, no privilege escalation, dropped capabilities, network policies.
GitHub Actions Patterns
- CI workflow: Lint, test, compile on PRs (run on both x86 + ARM)
- Release workflow: Multi-arch Docker build on tags (native ARM runners)
- Pin actions by SHA, least-privilege permissions
References
- KUBERNETES.md - K8s resource patterns
- TERRAFORM.md - Terraform module patterns
- GITHUB-ACTIONS.md - CI/CD workflow patterns
- MAKEFILE.md - Build automation patterns
- DOCKERFILE.md - Container build patterns
- templates/ - Ready-to-use templates
Commands
kubectl apply -k ./ # Apply kustomize
helm upgrade --install NAME . # Install/upgrade chart
terraform plan && terraform apply