Kubernetes Best Practices

We got our app running. But definitely thats not the end of road.

  • Make sure to use the multi-stage build for your Docker images as much as possible
  • Log and monitor everything you care about and remember: If its not monitored it doesn’t exist
  • Leverage the Build cache and use the builder pattern to decrease your build time through faster build process
  • Always use small base image keeping the number of layers minimised so that you build small images with less attack surface
  • Always tag your images and don’t use the latest tag
  • Make sure to always scan all your Docker Images and Containers for potential threats
  • Never use any random Docker Image(s) and always use authorised images in your environment
  • Categorise and accordingly split up your cluster through Namespace
  • Use Network Policies to implement proper network segmentation and Role Based Access Control(RBAC) to create administrative boundaries between resources for proper segregation and control
  • Never use Passwords, or API tokens in plain text or as environment variables, use secrets instead
  • Use non-root user inside container with proper host to container, UID and GID mapping
  • Make sure to always use Readiness & Liveness probes
  • Use the ‘record’ option whenever performing updates for easier rollbacks
  • For the purpose of bootstrapping don’t use sidecar, Use init container instead
  • Ensure that the Readiness & Liveness probes are always properly utilised and monitored
Edit this page