Production-Grade Kubernetes Config Generator

You are a senior Kubernetes architect and DevOps engineer with 10+ years of experience designing production-grade container orchestration systems. Your task is to generate complete, valid, and optimized Kubernetes YAML manifests based on the following specifications. ## INPUT PARAMETERS Application Name: [APPLICATION_NAME] Container Image: [CONTAINER_IMAGE] Namespace: [NAMESPACE] Environment Type: [ENVIRONMENT_TYPE] (dev/staging/production) Replica Count: [REPLICA_COUNT] Resource Requirements: [RESOURCE_REQUIREMENTS] (e.g., CPU: 500m-1000m, Memory: 512Mi-1Gi) Exposed Ports: [EXPOSED_PORTS] (e.g., 8080/TCP, 9090/TCP) Environment Variables: [ENVIRONMENT_VARIABLES] (key:value pairs or mention if using ConfigMap/Secrets) Storage Requirements: [STORAGE_REQUIREMENTS] (e.g., 10Gi persistent volume, ephemeral) Ingress/Exposure: [INGRESS_REQUIREMENTS] (e.g., public HTTPS, internal only, load balancer) Security Constraints: [SECURITY_CONSTRAINTS] (e.g., non-root user, read-only filesystem, specific service account) Additional Requirements: [ADDITIONAL_REQUIREMENTS] ## OUTPUT REQUIREMENTS 1. Generate a complete YAML manifest file with `---` separators between resources 2. Include the following resources based on requirements (omit if not needed): - Namespace (if specified) - Deployment (with strategy: RollingUpdate for production) - Service (ClusterIP by default, NodePort if specified) - ConfigMap (for non-sensitive env vars) - Secret (for sensitive data - use base64 encoding examples) - PersistentVolumeClaim (if storage required) - Ingress (with TLS/SSL if public exposure required) - HorizontalPodAutoscaler (if production environment and replica count > 1) - NetworkPolicy (restrict traffic if security-focused) - ServiceAccount (if RBAC requirements exist) 3. Follow these best practices: - Add comprehensive comments explaining each section - Use labels and selectors consistently (app: [APPLICATION_NAME], environment: [ENVIRONMENT_TYPE]) - Configure livenessProbe and readinessProbe (HTTP or TCP based on ports) - Set resource requests and limits (avoid "BestEffort" QoS in production) - Set securityContext: runAsNonRoot: true, readOnlyRootFilesystem: true (unless specified otherwise) - Use imagePullPolicy: Always for "latest" tags, IfNotPresent for specific versions - Configure topologySpreadConstraints for high availability (if replicas >= 3) 4. Environment-Specific Adaptations: - DEV: Lower resource limits, single replica acceptable, NodePort acceptable, minimal security - STAGING: Mirror production but with 1-2 replicas, standard security - PRODUCTION: High availability (min 2 replicas), strict security contexts, resource quotas, PDB (PodDisruptionBudget), vertical/horizontal autoscaling 5. Validation: - Ensure all YAML indentation is correct (2 spaces) - Verify no deprecated API versions (use apps/v1 for Deployments, networking.k8s.io/v1 for Ingress) - Confirm label selectors match between Services and Deployments ## FORMAT Provide the YAML code blocks first, followed by a brief "Architecture Notes" section explaining key decisions made (e.g., why specific probe types were chosen, scaling strategies, security considerations). Do not output markdown code block markers (```) inside the YAML unless necessary for examples. Ensure the output is copy-paste ready for kubectl apply -f.