{{Project Name}} - Docker Configuration Template

Generated with JAEGIS Enhanced Validation & Research

[[LLM: VALIDATION CHECKPOINT - Review shared context from infrastructure architecture and validate all container requirements. Integrate web research findings for current Docker security patterns and best practices.]]

Executive Summary

[[LLM: RESEARCH INTEGRATION - Include current containerization best practices and validated Docker configurations. All container settings must be researched for security, performance, and current standards.]]

Container Configuration

[[LLM: VALIDATION CHECKPOINT - All Docker configurations must be validated for security, performance optimization, and current best practices. Include research-backed container hardening techniques.]] Docker Version: 24.0+ compatible Security Standards: CIS Docker Benchmark, NIST Container Security

Multi-Stage Dockerfile Template

🐳 Production-Ready Dockerfile

# {application_name} Dockerfile
# Generated by Phoenix Agent on {current_date}
# Multi-stage build for optimized production deployment

# Build stage
FROM {base_build_image} AS builder

# Metadata
LABEL maintainer="{maintainer_email}"
LABEL version="{application_version}"
LABEL description="{application_description}"
LABEL build-date="{current_date}"
LABEL phoenix-agent="true"

# Build arguments
ARG BUILD_DATE={current_date}
ARG VERSION={application_version}
ARG VCS_REF={git_commit_hash}

# Set working directory
WORKDIR /app

# Install build dependencies
{build_dependencies_install}

# Copy dependency files first for better caching
COPY {dependency_files} ./

# Install dependencies
{dependency_install_command}

# Copy source code
COPY {source_files} ./

# Build application
{build_command}

# Run tests (optional, can be disabled with --target runtime)
{test_command}

# Production stage
FROM {base_runtime_image} AS runtime

# Security: Create non-root user
RUN groupadd -r {app_user} && useradd -r -g {app_user} {app_user}

# Install runtime dependencies only
{runtime_dependencies_install}

# Set working directory
WORKDIR /app

# Copy built application from builder stage
COPY --from=builder --chown={app_user}:{app_user} /app/{build_output} ./

# Copy configuration files
COPY --chown={app_user}:{app_user} {config_files} ./config/

# Create necessary directories
RUN mkdir -p /app/logs /app/tmp && \
    chown -R {app_user}:{app_user} /app/logs /app/tmp

# Security: Remove unnecessary packages and clean up
{cleanup_commands}

# Security: Set file permissions
RUN chmod -R 755 /app && \
    chmod -R 644 /app/config && \
    chmod +x /app/{executable_name}

# Switch to non-root user
USER {app_user}

# Expose port
EXPOSE {application_port}

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD {health_check_command} || exit 1

# Environment variables
ENV NODE_ENV={environment} \
    PORT={application_port} \
    LOG_LEVEL={log_level} \
    BUILD_DATE=${BUILD_DATE} \
    VERSION=${VERSION} \
    VCS_REF=${VCS_REF}

# Volume for persistent data
VOLUME ["/app/data", "/app/logs"]

# Start application
CMD ["{start_command}"]

Docker Compose Configuration

🎼 Development Environment (docker-compose.yml)

# {application_name} Docker Compose Configuration
# Generated by Phoenix Agent on {current_date}
# Development environment setup

version: '3.8'

services:
  app:
    build:
      context: .
      dockerfile: Dockerfile
      target: runtime
      args:
        BUILD_DATE: {current_date}
        VERSION: {application_version}
        VCS_REF: {git_commit_hash}
    image: {registry_url}/{application_name}:{application_version}
    container_name: {application_name}-app
    restart: unless-stopped
    
    ports:
      - "{host_port}:{application_port}"
    
    environment:
      - NODE_ENV=development
      - DATABASE_URL=${DATABASE_URL}
      - REDIS_URL=${REDIS_URL}
      - JWT_SECRET=${JWT_SECRET}
      - LOG_LEVEL=debug
      - API_BASE_URL=${API_BASE_URL}
    
    env_file:
      - .env.development
    
    volumes:
      - ./src:/app/src:ro
      - ./config:/app/config:ro
      - app-logs:/app/logs
      - app-data:/app/data
    
    depends_on:
      database:
        condition: service_healthy
      redis:
        condition: service_healthy
    
    networks:
      - app-network
    
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:{application_port}/health"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.5'
          memory: 256M
    
    security_opt:
      - no-new-privileges:true
    
    cap_drop:
      - ALL
    
    cap_add:
      - NET_BIND_SERVICE
    
    read_only: true
    
    tmpfs:
      - /tmp
      - /app/tmp

  database:
    image: {database_image}:{database_version}
    container_name: {application_name}-db
    restart: unless-stopped
    
    environment:
      POSTGRES_DB: ${DB_NAME}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256"
    
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - ./database/init:/docker-entrypoint-initdb.d:ro
    
    networks:
      - app-network
    
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 256M
        reservations:
          cpus: '0.25'
          memory: 128M
    
    security_opt:
      - no-new-privileges:true

  redis:
    image: redis:{redis_version}-alpine
    container_name: {application_name}-redis
    restart: unless-stopped
    
    command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD}
    
    volumes:
      - redis-data:/data
      - ./redis/redis.conf:/usr/local/etc/redis/redis.conf:ro
    
    networks:
      - app-network
    
    healthcheck:
      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
      interval: 10s
      timeout: 3s
      retries: 5
    
    deploy:
      resources:
        limits:
          cpus: '0.25'
          memory: 128M
        reservations:
          cpus: '0.1'
          memory: 64M
    
    security_opt:
      - no-new-privileges:true

  nginx:
    image: nginx:{nginx_version}-alpine
    container_name: {application_name}-nginx
    restart: unless-stopped
    
    ports:
      - "80:80"
      - "443:443"
    
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./nginx/conf.d:/etc/nginx/conf.d:ro
      - ./ssl:/etc/nginx/ssl:ro
      - nginx-logs:/var/log/nginx
    
    depends_on:
      - app
    
    networks:
      - app-network
    
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost/health"]
      interval: 30s
      timeout: 10s
      retries: 3
    
    deploy:
      resources:
        limits:
          cpus: '0.25'
          memory: 128M
        reservations:
          cpus: '0.1'
          memory: 64M
    
    security_opt:
      - no-new-privileges:true

networks:
  app-network:
    driver: bridge
    ipam:
      config:
        - subnet: 172.20.0.0/16

volumes:
  postgres-data:
    driver: local
  redis-data:
    driver: local
  app-logs:
    driver: local
  app-data:
    driver: local
  nginx-logs:
    driver: local

🚀 Production Environment (docker-compose.prod.yml)

# {application_name} Production Docker Compose Configuration
# Generated by Phoenix Agent on {current_date}
# Production environment with enhanced security and monitoring

version: '3.8'

services:
  app:
    image: {registry_url}/{application_name}:{application_version}
    restart: always
    
    environment:
      - NODE_ENV=production
      - DATABASE_URL=${DATABASE_URL}
      - REDIS_URL=${REDIS_URL}
      - JWT_SECRET=${JWT_SECRET}
      - LOG_LEVEL=info
      - METRICS_ENABLED=true
      - TRACING_ENABLED=true
    
    env_file:
      - .env.production
    
    volumes:
      - app-logs:/app/logs
      - app-data:/app/data
    
    networks:
      - app-network
      - monitoring-network
    
    deploy:
      replicas: 3
      update_config:
        parallelism: 1
        delay: 10s
        failure_action: rollback
        order: start-first
      rollback_config:
        parallelism: 1
        delay: 10s
      restart_policy:
        condition: on-failure
        delay: 5s
        max_attempts: 3
        window: 120s
      resources:
        limits:
          cpus: '2.0'
          memory: 1G
        reservations:
          cpus: '1.0'
          memory: 512M
    
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:{application_port}/health"]
      interval: 15s
      timeout: 5s
      retries: 3
      start_period: 60s
    
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    
    security_opt:
      - no-new-privileges:true
      - apparmor:docker-default
    
    cap_drop:
      - ALL
    
    cap_add:
      - NET_BIND_SERVICE
    
    read_only: true
    
    tmpfs:
      - /tmp:noexec,nosuid,size=100m

  database:
    image: {database_image}:{database_version}
    restart: always
    
    environment:
      POSTGRES_DB: ${DB_NAME}
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256"
    
    volumes:
      - postgres-data:/var/lib/postgresql/data
      - postgres-backups:/backups
    
    networks:
      - app-network
    
    deploy:
      replicas: 1
      placement:
        constraints:
          - node.role == manager
      resources:
        limits:
          cpus: '1.0'
          memory: 1G
        reservations:
          cpus: '0.5'
          memory: 512M
    
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
      interval: 10s
      timeout: 5s
      retries: 5
      start_period: 30s
    
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"
    
    security_opt:
      - no-new-privileges:true

  monitoring:
    image: prom/prometheus:{prometheus_version}
    restart: always
    
    volumes:
      - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro
      - prometheus-data:/prometheus
    
    networks:
      - monitoring-network
    
    deploy:
      resources:
        limits:
          cpus: '0.5'
          memory: 512M
        reservations:
          cpus: '0.25'
          memory: 256M

networks:
  app-network:
    driver: overlay
    encrypted: true
  monitoring-network:
    driver: overlay

volumes:
  postgres-data:
    driver: local
  postgres-backups:
    driver: local
  app-logs:
    driver: local
  app-data:
    driver: local
  prometheus-data:
    driver: local

secrets:
  db_password:
    external: true
  jwt_secret:
    external: true
  redis_password:
    external: true

Kubernetes Deployment Templates

☸️ Kubernetes Deployment Manifest

# {application_name} Kubernetes Deployment
# Generated by Phoenix Agent on {current_date}

apiVersion: apps/v1
kind: Deployment
metadata:
  name: {application_name}-deployment
  namespace: {namespace}
  labels:
    app: {application_name}
    version: {application_version}
    component: backend
    managed-by: phoenix-agent
    deployment-date: "{current_date}"
  annotations:
    deployment.kubernetes.io/revision: "1"
    phoenix.agent/generated-date: "{current_date}"
    phoenix.agent/version: "1.0.0"
spec:
  replicas: {replica_count}
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: {application_name}
      component: backend
  template:
    metadata:
      labels:
        app: {application_name}
        version: {application_version}
        component: backend
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "{metrics_port}"
        prometheus.io/path: "/metrics"
    spec:
      securityContext:
        runAsNonRoot: true
        runAsUser: 1001
        runAsGroup: 1001
        fsGroup: 1001
        seccompProfile:
          type: RuntimeDefault
      
      serviceAccountName: {application_name}-service-account
      
      containers:
      - name: {application_name}
        image: {registry_url}/{application_name}:{application_version}
        imagePullPolicy: Always
        
        ports:
        - name: http
          containerPort: {application_port}
          protocol: TCP
        - name: metrics
          containerPort: {metrics_port}
          protocol: TCP
        
        env:
        - name: NODE_ENV
          value: "production"
        - name: PORT
          value: "{application_port}"
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: {application_name}-secrets
              key: database-url
        - name: REDIS_URL
          valueFrom:
            secretKeyRef:
              name: {application_name}-secrets
              key: redis-url
        - name: JWT_SECRET
          valueFrom:
            secretKeyRef:
              name: {application_name}-secrets
              key: jwt-secret
        
        resources:
          requests:
            memory: "{memory_request}"
            cpu: "{cpu_request}"
          limits:
            memory: "{memory_limit}"
            cpu: "{cpu_limit}"
        
        livenessProbe:
          httpGet:
            path: /health
            port: http
          initialDelaySeconds: 30
          periodSeconds: 10
          timeoutSeconds: 5
          failureThreshold: 3
        
        readinessProbe:
          httpGet:
            path: /ready
            port: http
          initialDelaySeconds: 5
          periodSeconds: 5
          timeoutSeconds: 3
          failureThreshold: 3
        
        securityContext:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
          capabilities:
            drop:
            - ALL
        
        volumeMounts:
        - name: tmp-volume
          mountPath: /tmp
        - name: app-logs
          mountPath: /app/logs
        - name: config-volume
          mountPath: /app/config
          readOnly: true
      
      volumes:
      - name: tmp-volume
        emptyDir: {}
      - name: app-logs
        emptyDir: {}
      - name: config-volume
        configMap:
          name: {application_name}-config
      
      imagePullSecrets:
      - name: {registry_secret_name}
      
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app
                  operator: In
                  values:
                  - {application_name}
              topologyKey: kubernetes.io/hostname

Template Variables

📝 Configuration Variables

Template_Variables:
  application_config:
    - {application_name}: Name of the application
    - {application_version}: Version tag for the application
    - {application_description}: Brief description of the application
    - {application_port}: Port the application listens on
    - {maintainer_email}: Email of the maintainer
  
  build_config:
    - {base_build_image}: Base image for build stage
    - {base_runtime_image}: Base image for runtime stage
    - {build_dependencies_install}: Commands to install build dependencies
    - {dependency_install_command}: Command to install application dependencies
    - {build_command}: Command to build the application
    - {test_command}: Command to run tests
  
  runtime_config:
    - {app_user}: Non-root user for running the application
    - {executable_name}: Name of the main executable
    - {start_command}: Command to start the application
    - {health_check_command}: Health check command
    - {cleanup_commands}: Commands to clean up unnecessary files
  
  deployment_config:
    - {registry_url}: Container registry URL
    - {namespace}: Kubernetes namespace
    - {replica_count}: Number of replicas
    - {memory_request}: Memory request for containers
    - {memory_limit}: Memory limit for containers
    - {cpu_request}: CPU request for containers
    - {cpu_limit}: CPU limit for containers

This Docker configuration template provides comprehensive containerization setup with security best practices, multi-stage builds, health checks, and production-ready orchestration configurations.

Previous{{Project Name}} - Document Sharding Plan Template Next{{Project Name}} - Documentation Specification Template

Last updated 2 months ago

# {application_name} Docker Compose Configuration # Generated by Phoenix Agent on {current_date} # Development environment setup version: '3.8' services: app: build: context: . dockerfile: Dockerfile target: runtime args: BUILD_DATE: {current_date} VERSION: {application_version} VCS_REF: {git_commit_hash} image: {registry_url}/{application_name}:{application_version} container_name: {application_name}-app restart: unless-stopped ports: - "{host_port}:{application_port}" environment: - NODE_ENV=development - DATABASE_URL=${DATABASE_URL} - REDIS_URL=${REDIS_URL} - JWT_SECRET=${JWT_SECRET} - LOG_LEVEL=debug - API_BASE_URL=${API_BASE_URL} env_file: - .env.development volumes: - ./src:/app/src:ro - ./config:/app/config:ro - app-logs:/app/logs - app-data:/app/data depends_on: database: condition: service_healthy redis: condition: service_healthy networks: - app-network healthcheck: test: ["CMD", "curl", "-f", "http://localhost:{application_port}/health"] interval: 30s timeout: 10s retries: 3 start_period: 40s deploy: resources: limits: cpus: '1.0' memory: 512M reservations: cpus: '0.5' memory: 256M security_opt: - no-new-privileges:true cap_drop: - ALL cap_add: - NET_BIND_SERVICE read_only: true tmpfs: - /tmp - /app/tmp database: image: {database_image}:{database_version} container_name: {application_name}-db restart: unless-stopped environment: POSTGRES_DB: ${DB_NAME} POSTGRES_USER: ${DB_USER} POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256" volumes: - postgres-data:/var/lib/postgresql/data - ./database/init:/docker-entrypoint-initdb.d:ro networks: - app-network healthcheck: test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"] interval: 10s timeout: 5s retries: 5 start_period: 30s deploy: resources: limits: cpus: '0.5' memory: 256M reservations: cpus: '0.25' memory: 128M security_opt: - no-new-privileges:true redis: image: redis:{redis_version}-alpine container_name: {application_name}-redis restart: unless-stopped command: redis-server --appendonly yes --requirepass ${REDIS_PASSWORD} volumes: - redis-data:/data - ./redis/redis.conf:/usr/local/etc/redis/redis.conf:ro networks: - app-network healthcheck: test: ["CMD", "redis-cli", "--raw", "incr", "ping"] interval: 10s timeout: 3s retries: 5 deploy: resources: limits: cpus: '0.25' memory: 128M reservations: cpus: '0.1' memory: 64M security_opt: - no-new-privileges:true nginx: image: nginx:{nginx_version}-alpine container_name: {application_name}-nginx restart: unless-stopped ports: - "80:80" - "443:443" volumes: - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ./nginx/conf.d:/etc/nginx/conf.d:ro - ./ssl:/etc/nginx/ssl:ro - nginx-logs:/var/log/nginx depends_on: - app networks: - app-network healthcheck: test: ["CMD", "curl", "-f", "http://localhost/health"] interval: 30s timeout: 10s retries: 3 deploy: resources: limits: cpus: '0.25' memory: 128M reservations: cpus: '0.1' memory: 64M security_opt: - no-new-privileges:true networks: app-network: driver: bridge ipam: config: - subnet: 172.20.0.0/16 volumes: postgres-data: driver: local redis-data: driver: local app-logs: driver: local app-data: driver: local nginx-logs: driver: local

# {application_name} Production Docker Compose Configuration # Generated by Phoenix Agent on {current_date} # Production environment with enhanced security and monitoring version: '3.8' services: app: image: {registry_url}/{application_name}:{application_version} restart: always environment: - NODE_ENV=production - DATABASE_URL=${DATABASE_URL} - REDIS_URL=${REDIS_URL} - JWT_SECRET=${JWT_SECRET} - LOG_LEVEL=info - METRICS_ENABLED=true - TRACING_ENABLED=true env_file: - .env.production volumes: - app-logs:/app/logs - app-data:/app/data networks: - app-network - monitoring-network deploy: replicas: 3 update_config: parallelism: 1 delay: 10s failure_action: rollback order: start-first rollback_config: parallelism: 1 delay: 10s restart_policy: condition: on-failure delay: 5s max_attempts: 3 window: 120s resources: limits: cpus: '2.0' memory: 1G reservations: cpus: '1.0' memory: 512M healthcheck: test: ["CMD", "curl", "-f", "http://localhost:{application_port}/health"] interval: 15s timeout: 5s retries: 3 start_period: 60s logging: driver: "json-file" options: max-size: "10m" max-file: "3" security_opt: - no-new-privileges:true - apparmor:docker-default cap_drop: - ALL cap_add: - NET_BIND_SERVICE read_only: true tmpfs: - /tmp:noexec,nosuid,size=100m database: image: {database_image}:{database_version} restart: always environment: POSTGRES_DB: ${DB_NAME} POSTGRES_USER: ${DB_USER} POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_INITDB_ARGS: "--auth-host=scram-sha-256" volumes: - postgres-data:/var/lib/postgresql/data - postgres-backups:/backups networks: - app-network deploy: replicas: 1 placement: constraints: - node.role == manager resources: limits: cpus: '1.0' memory: 1G reservations: cpus: '0.5' memory: 512M healthcheck: test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"] interval: 10s timeout: 5s retries: 5 start_period: 30s logging: driver: "json-file" options: max-size: "10m" max-file: "3" security_opt: - no-new-privileges:true monitoring: image: prom/prometheus:{prometheus_version} restart: always volumes: - ./monitoring/prometheus.yml:/etc/prometheus/prometheus.yml:ro - prometheus-data:/prometheus networks: - monitoring-network deploy: resources: limits: cpus: '0.5' memory: 512M reservations: cpus: '0.25' memory: 256M networks: app-network: driver: overlay encrypted: true monitoring-network: driver: overlay volumes: postgres-data: driver: local postgres-backups: driver: local app-logs: driver: local app-data: driver: local prometheus-data: driver: local secrets: db_password: external: true jwt_secret: external: true redis_password: external: true

# {application_name} Kubernetes Deployment # Generated by Phoenix Agent on {current_date} apiVersion: apps/v1 kind: Deployment metadata: name: {application_name}-deployment namespace: {namespace} labels: app: {application_name} version: {application_version} component: backend managed-by: phoenix-agent deployment-date: "{current_date}" annotations: deployment.kubernetes.io/revision: "1" phoenix.agent/generated-date: "{current_date}" phoenix.agent/version: "1.0.0" spec: replicas: {replica_count} strategy: type: RollingUpdate rollingUpdate: maxSurge: 1 maxUnavailable: 0 selector: matchLabels: app: {application_name} component: backend template: metadata: labels: app: {application_name} version: {application_version} component: backend annotations: prometheus.io/scrape: "true" prometheus.io/port: "{metrics_port}" prometheus.io/path: "/metrics" spec: securityContext: runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 seccompProfile: type: RuntimeDefault serviceAccountName: {application_name}-service-account containers: - name: {application_name} image: {registry_url}/{application_name}:{application_version} imagePullPolicy: Always ports: - name: http containerPort: {application_port} protocol: TCP - name: metrics containerPort: {metrics_port} protocol: TCP env: - name: NODE_ENV value: "production" - name: PORT value: "{application_port}" - name: DATABASE_URL valueFrom: secretKeyRef: name: {application_name}-secrets key: database-url - name: REDIS_URL valueFrom: secretKeyRef: name: {application_name}-secrets key: redis-url - name: JWT_SECRET valueFrom: secretKeyRef: name: {application_name}-secrets key: jwt-secret resources: requests: memory: "{memory_request}" cpu: "{cpu_request}" limits: memory: "{memory_limit}" cpu: "{cpu_limit}" livenessProbe: httpGet: path: /health port: http initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3 readinessProbe: httpGet: path: /ready port: http initialDelaySeconds: 5 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 3 securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL volumeMounts: - name: tmp-volume mountPath: /tmp - name: app-logs mountPath: /app/logs - name: config-volume mountPath: /app/config readOnly: true volumes: - name: tmp-volume emptyDir: {} - name: app-logs emptyDir: {} - name: config-volume configMap: name: {application_name}-config imagePullSecrets: - name: {registry_secret_name} affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - {application_name} topologyKey: kubernetes.io/hostname

Good morning