Download Kubernetes Deployment Manifests for ColdFusion

Get production-ready Kubernetes Deployment manifests tailored for running Adobe ColdFusion or Lucee CFML applications in containers. This downloadable resource provides opinionated, Security-conscious YAML templates and optional Helm and Kustomize overlays so you can deploy faster, standardize environments, and scale reliably across dev, staging, and production. It’s built around Best practices such as liveness/readiness probes, immutable images, externalized Configuration, and horizontal autoscaling—so you can focus on your CFML code, not on YAML plumbing.

---

What You’ll Get

• A curated ZIP containing:
  • /README.pdf (12 pages): Illustrated walkthrough, diagrams, and environment matrix
  • /docker/
    • Dockerfiles for Adobe ColdFusion 2023 and Lucee (CommandBox-based)
    • JVM tuning examples and health endpoint stubs
  • /k8s/base/ (plain Kubernetes YAML)
    • Namespace, ServiceAccount, RBAC
    • Deployment, Service (ClusterIP), Ingress
    • ConfigMap, Secret templates
    • PersistentVolumeClaim (PVC) for externalized assets
    • HorizontalPodAutoscaler (HPA)
    • PodDisruptionBudget (PDB), NetworkPolicy, ResourceQuotas
  • /k8s/overlays/
    • dev/ staging/ prod/ (Kustomize overlays for image tags, replica counts, resources, autoscaling)
  • /helm/coldfusion/
    • Helm chart with values.yaml and environment-specific values files
  • /templates/
    • Sample ColdFusion datasource config, JVM args, Lucee server/web context hints
  • /scripts/
    • precheck.sh (cluster readiness), build-and-push.sh, apply.sh, rollback.sh
  • /examples/
    • Minimal CFML app with /health endpoints and warm-up scripts

Download link: coldfusion-k8s-manifests.zip (use the Download button on this page or supply your own ZIP path in CI/CD).

---

Overview

These manifests help you deploy ColdFusion workloads on Kubernetes with confidence. They support both Adobe ColdFusion and Lucee, include the plumbing for Ingress, autoscaling, Secrets/ConfigMaps, PVCs, RBAC, and provide either Helm or Kustomize paths. You can run them on EKS, GKE, AKS, OpenShift, Rancher, Minikube, or kind.

Key goals:

• Ship a reproducible CFML runtime with immutable images
• Keep sensitive data in Secrets, not hard-coded in YAML
• Ensure uptime with readiness/liveness checks and rolling updates
• Scale with HPA and set safe resource requests/limits
• Offer an approachable on-ramp for teams moving CF apps to containers

---

Benefits

• Save days of setup with ready-to-apply Deployment and Service YAML
• Improve reliability via health probes, PDB, and graceful shutdown
• Secure by default: run as non-root, read-only root filesystem, NetworkPolicy
• Scale elastically with HPA, well-tuned requests/limits, and JVM defaults
• Standardize across environments using Kustomize overlays or Helm values
• Accelerate migrations from VMs to containers with proven patterns for CFML

---

Supported Environments

Platform/Tool	Version Notes	Ingress Notes	Storage Notes
Kubernetes	1.23–1.30	NGINX/ALB/Istio ingress supported	Any default StorageClass
EKS/GKE/AKS	Managed control planes	Use cloud-specific ingress if desired	EBS/PersistentDisk/Azure Disk
OpenShift	4.x	Route objects via template or Helm flag	RWO/RWX supported
Minikube/kind	Latest	Enable ingress addon	hostPath for dev

Prerequisites:

• kubectl 1.23+
• Docker/Podman and registry access
• An ingress controller (e.g., NGINX Ingress)
• A default StorageClass
• Optional: Helm 3.x, Kustomize 5.x, cert-manager for TLS

---

How to Use

Step 1: Download and unpack

• Extract coldfusion-k8s-manifests.zip into your repository under infra/cf-k8s or a similar directory.

Step 2: Choose your runtime and build an image

• Adobe ColdFusion: edit docker/Dockerfile.coldfusion, accept license terms as required, add your CFAdmin provisioning script or cfsetup approach.
• Lucee: use docker/Dockerfile.lucee (CommandBox), add your server.json/web context.
• Build and push:
  • scripts/build-and-push.sh -i registry.example.com/cf/myapp:1.0.0

Step 3: Set your namespace

• Update k8s/base/namespace.yaml or create one:
  • kubectl create namespace cf-app

Step 4: Create Secrets and ConfigMaps

• Create a Secret for CF admin password, DSNs, and any license keys:
  • kubectl -n cf-app create secret generic cf-secrets –from-literal=CF_ADMIN_PASSWORD=’StrongP@ss’ –from-literal=DB_URL=’jdbc:postgresql://db:5432/app’ –from-literal=DB_USER=’app’ –from-literal=DB_PASSWORD=’…’
• Update k8s/base/configmap.yaml for non-sensitive configs (e.g., JVM args, feature flags).

Step 5: Configure overlays or Helm values

• Kustomize:
  • Edit k8s/overlays/dev/kustomization.yaml to set image tag, replicas, and patches.
• Helm:
  • helm upgrade –install cf-app ./helm/coldfusion -n cf-app -f ./helm/coldfusion/values-dev.yaml

Step 6: Apply manifests

• Kustomize:
  • kubectl apply -k k8s/overlays/dev
• Verify:
  • kubectl -n cf-app get pods,svc,ingress
  • kubectl -n cf-app rollout status deploy/cf-app

Step 7: Validate health and logs

• Confirm readinessProbe succeeds:
  • kubectl -n cf-app describe pod
• Stream logs:
  • kubectl -n cf-app logs deploy/cf-app -f

Step 8: Configure DNS and TLS

• Point your DNS to your ingress controller.
• If using cert-manager, annotate Ingress and set tls hosts. Otherwise, reference an existing TLS secret.

Step 9: Scale

• Manual:
  • kubectl -n cf-app scale deploy/cf-app –replicas=3
• With HPA:
  • kubectl -n cf-app apply -f k8s/base/hpa.yaml

Step 10: Persist or externalize state

• Mount PVC for user uploads or shared assets:
  • Edit k8s/base/pvc.yaml and volumeMounts in deployment.
• Prefer external services for sessions and caching (e.g., Redis/Memcached) for stateless Scaling.

---

File Contents (at a glance)

Path	Purpose
k8s/base/deployment.yaml	Core Deployment for CF app (readiness/liveness/startup probes)
k8s/base/service.yaml	ClusterIP Service exposing port 8080
k8s/base/ingress.yaml	Ingress with optional TLS and rewrite rules
k8s/base/configmap.yaml	Non-sensitive App Configuration and JVM flags
k8s/base/secret.example.yaml	Example Secret structure (do not commit real secrets)
k8s/base/hpa.yaml	HorizontalPodAutoscaler targeting CPU and/or memory
k8s/base/pdb.yaml	PodDisruptionBudget for availability during node drains
k8s/base/networkpolicy.yaml	Restrict egress/ingress to approved destinations
k8s/overlays/dev	Dev overrides (fewer replicas, verbose logging)
k8s/overlays/staging	Staging overrides (near-prod sizing, canary flags)
k8s/overlays/prod	Production overrides (HPA, PDB, hardened securityContext)
helm/coldfusion	Helm chart alternative to Kustomize

---

Sample Deployment Snippet

apiVersion: apps/v1
kind: Deployment
metadata:
name: cf-app
spec:
replicas: 2
selector:
matchLabels: { app: cf-app }
template:
metadata:
labels: { app: cf-app }
spec:
securityContext:
runAsNonRoot: true
fsGroup: 1000
containers:

• name: cf
  image: registry.example.com/cf/myapp:1.0.0
  ports:
  • containerPort: 8080
    envFrom:
  • secretRef: { name: cf-secrets }
  • configMapRef: { name: cf-config }
    readinessProbe:
    httpGet: { path: /health/ready, port: 8080 }
    initialDelaySeconds: 20
    periodSeconds: 10
    livenessProbe:
    httpGet: { path: /health/live, port: 8080 }
    initialDelaySeconds: 60
    periodSeconds: 20
    resources:
    requests: { cpu: “500m”, memory: “1024Mi” }
    limits: { cpu: “2”, memory: “4096Mi” }
    volumeMounts:
  • name: assets
    mountPath: /app/assets
    volumes:
• name: assets
  persistentVolumeClaim:
  claimName: cf-assets

---

How It Solves Common ColdFusion-on-Kubernetes Challenges

• Configuration drift: centralize in ConfigMaps/Secrets with environment overlays
• Sticky sessions: offload to Redis or database-backed sessions; ingress affinity optional
• JVM tuning: sensible default -Xms/-Xmx and G1GC with environment toggles
• Zero-downtime deploys: rollingUpdate strategy, readinessProbe, and preStop hooks
• Security: non-root, minimized filesystem writes, NetworkPolicy for egress control

---

Best practices

Container and JVM

• Use an immutable image: bake CFML code and dependencies into the image
• JVM flags: -Xms512m -Xmx2g -XX:+UseG1GC -XX:MaxGCPauseMillis=200; adjust per workload
• Enable a dedicated warm-up endpoint to prime caches before readiness flips to true

Probes and Startup

• Add a startupProbe if CF initial boot takes >60s (large apps)
• readinessProbe should verify app-level readiness (DB ping, cache availability)

Scaling and Resources

• Start with realistic requests (e.g., 500m CPU, 1Gi memory) and tune via metrics
• HPA: CPU + memory or custom metrics (request latency, queue depth)

State and Persistence

• Keep the app stateless; use PVC only for non-critical assets
• Externalize sessions (Redis), file storage (S3/Azure Blob/GCS), and caches (Redis)

Security and Networking

• Run as non-root, read-only root filesystem
• Limit egress with NetworkPolicy; allow only DB, cache, and outbound DNS/HTTP as needed
• Use TLS end-to-end where possible (Ingress TLS and service mesh if available)

Operations and Observability

• Centralize logs (sidecar or DaemonSet like Fluent Bit)
• Export JVM metrics (Micrometer/Prometheus JMX exporter)
• Use PodDisruptionBudget to maintain availability during node Maintenance

---

SEO-Friendly Topics Covered

• Kubernetes manifests for ColdFusion and Lucee
• Helm chart and Kustomize overlays for CFML apps
• Deployment, Service, Ingress, HPA, ConfigMap, Secret
• Readiness and liveness probes, autoscaling, resource limits
• AWS EKS, Google GKE, Azure AKS, OpenShift support
• Docker images, JVM tuning, Redis-backed sessions

---

Key Takeaways

• You get a complete, production-grade set of Kubernetes manifests tailored for ColdFusion (Adobe CF and Lucee) with both Helm and Kustomize options.
• The templates emphasize security, reliability, and Scalability: non-root containers, probes, autoscaling, and network policies.
• Clear overlays/values provide environment parity for dev, staging, and prod.
• The resource shortens time-to-deploy, reduces YAML errors, and supports cloud-agnostic clusters.

---

FAQ

Do these manifests support both Adobe ColdFusion and Lucee?

Yes. The download includes separate Dockerfiles and configuration hints for Adobe ColdFusion 2023 and Lucee (CommandBox-based). The Kubernetes layer is agnostic; you select the image you build.

Do I need Helm, or can I use plain YAML?

You can use either. The package includes plain YAML with Kustomize overlays for dev/staging/prod and a Helm chart for those who prefer values-driven configuration.

How do I manage the ColdFusion Administrator password and DSNs?

Use Kubernetes Secrets. The examples show how to inject CF admin credentials, datasource URLs, and passwords via envFrom secretRefs. Never commit real secrets to git.

Will this work on OpenShift?

Yes. SecurityContext defaults align with OpenShift’s restricted SCC. A sample Route template is included, or you can use the IngressController. Adjust any non-root UID as needed.

How should I handle sessions: sticky sessions or external store?

External store is recommended. Configure session storage in Redis or your preferred cache to enable stateless pods and safe horizontal scaling. If required, you can enable sticky sessions at the Ingress layer, but it limits scaling flexibility.