K8s Templates
Starter YAML skeletons for basecamp — Helm chart shape, Kustomize overlay pair, Flux HelmRelease wiring, Cilium NetworkPolicy, Pyrra SLO, workload custom-resource instances. Copy-paste starting points for any K8s-native project.
K8s Templates — Starter YAML for basecamp
Copy these into basecamp/ (or any K8s-native project) when bootstrapping a new service / overlay / SLO / NetworkPolicy / Workload.
The shapes here match what basecamp plan documents. Each template’s top-of-file comment names the apiVersion last verified — bump it when you re-verify against a cluster upgrade.
Contents
| Template | What it is | Phase first touched |
|---|---|---|
helm-chart-skeleton/ | Chart.yaml + values.yaml + templates/{deployment,service,configmap,_helpers}. The minimum-useful Helm chart shape. | Y3 Phase 20 |
kustomize-overlay-pair/ | base/ + overlays/{k3s,eks}/ showing env-specific patching (replicas, image tag, namespace). GKE structurally identical to EKS. | Y3 Phase 20, Phase 24 (multi-cloud) |
flux-helmrelease.yaml | The four Flux CRDs that wire a chart into GitOps: GitRepository + HelmRepository + Kustomization + HelmRelease. | Y3 Phase 20 |
cilium-networkpolicy.yaml | Default-deny + explicit-allow CiliumNetworkPolicy with L3/L4 + L7 (HTTP) rules. | Y3 Phase 25 |
pyrra-slo.yaml | A Pyrra ServiceLevelObjective — latency + availability SLIs. | Y3 Phase 28 |
workload-cr-instance.yaml | A platform.basecamp.io/v1alpha1 Workload CRD instance — what platform-ctl new service produces. | Y3 Phase 26 |
How to use
- Copy the template into the appropriate basecamp location (per the basecamp plan repo layout).
- Search-replace placeholders:
my-service,<user>,<namespace>,<owner>,<email>— find every one withgrep -rn "<" .and substitute. - Verify the apiVersion matches what your cluster supports:
kubectl api-resources | grep <Kind>to confirm. - Validate before committing:
- Helm:
helm template . --debug - Kustomize:
kustomize build overlays/k3s/ - Both:
kubeconform <output>.yaml
- Helm:
- Update
# Last verified:when you tune for current cluster versions.
How the templates compose
Developer runs: platform-ctl new service my-app --language go --targets k3s,eks
│
▼ creates
A Workload CRD instance ──── [workload-cr-instance.yaml]
│
▼ platform-ctl operator reconciles
│
├──► Helm chart in Git ── [helm-chart-skeleton/]
├──► Kustomize overlays per env ── [kustomize-overlay-pair/]
├──► Flux HelmRelease + Kustom. ── [flux-helmrelease.yaml]
├──► CiliumNetworkPolicy ── [cilium-networkpolicy.yaml]
├──► Pyrra SLO ── [pyrra-slo.yaml]
└──► Runbook stub ── [meta/runbook-template]
Six YAML templates + one prose template = everything a new basecamp service needs.
Staleness discipline
YAML templates rot faster than prose. apiVersions are deprecated across Kubernetes minor versions; Helm chart conventions evolve; Cilium adds L7 capabilities each release; Pyrra schema changes.
Re-verify each template on:
- Every major Kubernetes upgrade (1.30 → 1.31 → 1.32 …)
- Every Cilium minor upgrade
- Every Flux minor upgrade
- Every Pyrra minor upgrade
- Every Helm major version (v3 → v4 will require touch-ups)
Bump the # Last verified: comment when you do. Templates from 18 months ago need re-verification before use.
Public-safety
Every file in this directory is public-safe by audit. Placeholder values (<user>, <namespace>, <owner>, <email>) are generic; service names referenced (my-service, triage, llm-gateway) are /root project names from the public projects index.
Do NOT introduce real internal service names, real internal registries, real Apple-internal apiGroups. The /pre-publish-check Claude skill (configured in the repo root’s .claude/skills/pre-publish-check/SKILL.md) will catch them; the private INTERNAL-PARALLELS.md mapping (at the workspace root, never published) has the forbidden list.
Related templates (prose)
- meta/runbook-template — every service gets one
- meta/adr-template — record decisions about which template variation to use
- meta/pattern-template — patterns explain WHY these shapes; the YAML shows WHAT
Cross-references
- basecamp plan — where these instantiate
- Y3 Phase 20: Kubernetes + GitOps — first use
- Y3 Phase 24: Multi-cloud Synthesis — Kustomize overlays go multi-cluster here
- Y3 Phase 25: Service Mesh + Zero-Trust — NetworkPolicy lands here
- Y3 Phase 26: Platform Engineering — Workload CRD source
- Y3 Phase 28: Observability at Platform Depth — Pyrra SLOs operational
- pattern: gitops — the pattern the Flux templates instantiate
- pattern: operator-pattern — the pattern the Workload CRD instantiates