TazLab K8s Conventions
Strict conventions ensure that the GitOps repository remains clean, secure, and understandable for both humans and agents.
1. No Plaintext Secrets (Purity)
- Mandatory: Never commit
kind: Secretwith real data. - Test: Run
./tests/verify_manifest_purity.shbefore every push.
2. Manifest Naming
- Use
kebab-case. - Prefer
<kind>.yaml(e.g.,deployment.yaml) or<app-name>.yaml.
3. Resource Discipline
- Every container must have
requestsandlimits. - Every Deployment using ESO secrets should have
reloader.stakater.com/auto: "true".
4. Kustomize Structure
- Base:
apps/base/<app>/(Agnostic). - Cluster:
apps/cluster/<app>/(Overlay). - Entrypoint:
clusters/tazlab-k8s/(Flux Hook).
See Also
- Structure: GitOps Structure
- Hub: TazLab K8s Hub