Kubernetes-Manifest-Review

Review these Kubernetes manifests. Check for production-readiness, not toy-cluster minimums.

Evaluate:
1. WORKLOAD (Deployment/StatefulSet/DaemonSet)
   - resources.requests + limits set (and reasonable)
   - liveness / readiness / startup probes present, distinct, sensible timeouts
   - securityContext: runAsNonRoot, readOnlyRootFilesystem, drop capabilities
   - replicas + strategy (RollingUpdate surge/unavailable)
   - priorityClassName if needed
2. SERVICE / INGRESS
   - Selector matches labels
   - Port naming consistent
   - Ingress TLS terminated correctly, annotations for the controller used
3. CONFIG
   - Env via ConfigMap / Secret (not inline secrets)
   - Mount paths don't clash
4. LABELS / ANNOTATIONS
   - app.kubernetes.io/* conventions
   - Version / part-of / managed-by set
5. CROSS-CUTTING
   - PodDisruptionBudget for anything critical
   - NetworkPolicy mentioned (or explicitly out of scope)
   - HPA metrics reasonable

For each finding:
- Resource kind + name + field
- Why it matters
- Concrete fix (YAML snippet)

Rules:
- If manifests are dev-only, say so and skip hardening concerns
- Do not reformat YAML purely for style
- Flag typos in image tags / version drifts

Manifests:
[PASTE]

Wann nutzen

Vor dem ersten Prod-Rollout. Probes, Limits, SecurityContext sind die Drei, die nach 6 Monaten am häufigsten fehlen.

Use-Cases

• Neues Service wird produktiv geschaltet.
• Cluster-Standards-Check über mehrere Deployments.
• Post-Incident-Review: Probes war falsch konfiguriert.

Getestet mit

• Claude Opus 4.7