-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Best practices
Define everything as code (Deployment, Service, Ingress, PVC, etc.).
Use Git to version-control your YAML files (GitOps style).
Deployments manage rolling updates and restarts automatically.
Pods alone don’t self-heal or scale.
Readiness: When the app is ready to accept traffic.
Liveness: When the app needs a restart (e.g. stuck).
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 10
periodSeconds: 5
ConfigMaps: Non-sensitive config like feature flags, environment variables.
Secrets: API keys, passwords (base64-encoded, but ideally use external secret managers too).
securityContext:
runAsUser: 1000
runAsNonRoot: true
Give minimum permissions needed (principle of least privilege).
Use roles per namespace and service accounts per workload.
Control which pods can talk to which — like firewalls for pods.
podSelector:
matchLabels:
role: frontend
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
targetAverageUtilization: 70
Use topologySpreadConstraints or multiple node groups.
If your app depends on an external service, don’t mark it ready until it's usable.
Use tools like:
Fluentd/Fluent Bit → Elasticsearch + Kibana (EFK)
Loki + Grafana
Cloud-native logging like CloudWatch or Stackdriver
For metrics, alerts, and dashboards.
Without them, your app can hog CPU/memory or be evicted.
resources:
requests:
cpu: "250m"
memory: "512Mi"
limits:
cpu: "500m"
memory: "1Gi"
Reduces image size and attack surface.
Helps in rolling back and avoiding caching issues.
Automate testing, building, and deploying.