Infrastructure Patterns
When to Use What
Tool Use For
Raw K8s YAML Simple deployments, one-off resources
Kustomize Environment variations, overlays without templating
Helm Complex apps, third-party charts, heavy templating
Terraform Cloud resources, infrastructure lifecycle
GitHub Actions CI/CD, automated testing, releases
Makefile Build automation, self-documenting targets
Dockerfile Container builds, multi-stage, multi-arch
Quick Decisions
Kustomize when: Simple env differences, readable manifests, patching YAML Helm when: Complex templating, third-party charts, release management
K8s Security Defaults
Every workload: non-root user, read-only filesystem, no privilege escalation, dropped capabilities, network policies.
GitHub Actions Patterns
-
CI workflow: Lint, test, compile on PRs (run on both x86 + ARM)
-
Release workflow: Multi-arch Docker build on tags (native ARM runners)
-
Pin actions by SHA, least-privilege permissions
References
-
KUBERNETES.md - K8s resource patterns
-
TERRAFORM.md - Terraform module patterns
-
GITHUB-ACTIONS.md - CI/CD workflow patterns
-
MAKEFILE.md - Build automation patterns
-
DOCKERFILE.md - Container build patterns
-
templates/ - Ready-to-use templates
Commands
kubectl apply -k ./ # Apply kustomize helm upgrade --install NAME . # Install/upgrade chart terraform plan && terraform apply