20+ Kubernetes Best Practices

20+ Kubernetes Best Practices

Published on
Authors

Kubernetes has revolutionized the way modern applications are deployed, scaled, and maintained. But like any powerful tool, its effectiveness depends on how well it’s configured and operated. In this post, we’ll walk through essential Kubernetes best practices β€” starting from resource management to security, debugging, and monitoring.

πŸ“Œ 1️⃣ Use Labels & Annotations Wisely 🏷️

Labels are key-value pairs that are used to identify, group, and select Kubernetes resources. Annotations allow you to attach non-identifying metadata.

Example:

metadata:
  labels:
    env: production
    app: payment-service
  annotations:
    owner: devops-team
    description: 'Handles payment transactions'

βœ… Pro Tip:
Design a label taxonomy early on. Use consistent naming conventions like:

  • team: devops
  • env: staging
  • tier: backend

βš™οΈ 2️⃣ Set Resource Requests & Limits

Setting requests and limits prevents resource starvation and overcommitment.

Example:

resources:
  requests:
    cpu: '500m'
    memory: '256Mi'
  limits:
    cpu: '1'
    memory: '512Mi'

βœ… Pro Tip:

  • Use Vertical Pod Autoscaler (VPA) for automatic resource adjustments.
  • Monitor with Goldilocks to right-size resource allocations.

πŸ•΅οΈ 3️⃣ Debug Pods Like a Pro

When things break, use:

kubectl exec -it my-pod -- /bin/sh
kubectl logs my-pod

βœ… Pro Tip:
Use kubectl cp to copy files into or out of a container for debugging:

kubectl cp my-pod:/var/log/app.log ./app.log

πŸ” 4️⃣ Use kubectl get all --all-namespaces

A quick way to list all resources:

kubectl get all --all-namespaces

βœ… Pro Tip:
Use kubectl top to monitor resource usage:

kubectl top pod --all-namespaces

πŸ”„ 5️⃣ Rolling Updates, Not Outages

Avoid downtime with:

strategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 1
    maxSurge: 2

βœ… Pro Tip:
Enable PodDisruptionBudgets (PDB) to manage voluntary disruptions.

spec:
  minAvailable: 2

❀️‍πŸ”₯ 6️⃣ Use Liveness & Readiness Probes

Health check your applications:

livenessProbe:
  httpGet:
    path: /healthz
    port: 8080
  initialDelaySeconds: 3
  periodSeconds: 5

βœ… Pro Tip:
Use startupProbe for slow-starting apps:

startupProbe:
  httpGet:
    path: /startup
    port: 8080
  failureThreshold: 30
  periodSeconds: 10

πŸ“ˆ 7️⃣ Auto-Scale Like a Boss

Horizontal scaling:

kubectl autoscale deployment my-app --cpu-percent=50 --min=2 --max=10

βœ… Pro Tip:
Combine HPA with Cluster Autoscaler for dynamic infrastructure scaling.

πŸ›‘οΈ 8️⃣ Secure Your Cluster

  • Use RBAC:
kubectl create rolebinding dev-binding --role=developer --user=john
  • Scan images with:
trivy image my-app:latest

βœ… Pro Tip:
Enable Network Policies to restrict traffic between pods.

πŸ”‘ 9️⃣ Use ConfigMaps & Secrets

Decouple your configuration:

envFrom:
  - configMapRef:
      name: app-config
  - secretRef:
      name: db-secret

βœ… Pro Tip:
Use sealed-secrets to safely store encrypted secrets in Git.

πŸ“Š πŸ”Ÿ Monitor Everything

Use Prometheus and Grafana:

kubectl apply -f prometheus.yaml
kubectl apply -f grafana.yaml

βœ… Pro Tip:
Set up Alertmanager for proactive alerting.

✨ Bonus Tips You Shouldn’t Miss!

πŸ“¦ 11️⃣ Leverage initContainers

For pre-application bootstrapping or dependency checks:

initContainers:
  - name: wait-for-db
    image: busybox
    command: ['sh', '-c', 'until nc -z db 5432; do sleep 2; done;']

πŸ”„ 12️⃣ Immutable Container Images

Tag images with a version or hash:

image: my-app:v1.0.3

Never use latest in production!

πŸ”„ 13️⃣ Clean Up Unused Resources

Regularly clean up:

kubectl get all --all-namespaces
kubectl delete pod <pod-name>
kubectl delete pvc <pvc-name>

πŸ“œ 14️⃣ Use Helm Charts

Package and deploy your Kubernetes resources with ease:

helm install my-app ./my-app-chart

πŸ—‚οΈ 15️⃣ Leverage Namespaces

Segment resources:

kubectl create namespace dev
kubectl create namespace prod

πŸ•΅οΈ 16️⃣ Use kubectl describe

For in-depth resource details:

kubectl describe pod my-pod

🌐 17️⃣ Manage External Traffic with Ingress

Use an Ingress Controller like NGINX:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: my-service
                port:
                  number: 80

πŸ“Š 18️⃣ Leverage ServiceMonitors

When using Prometheus Operator:

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor

🚦 19️⃣ Use Admission Controllers

Enforce policies at runtime, for example:

  • Deny containers running as root
  • Restrict certain labels

Tools like OPA Gatekeeper can help.

πŸ’Ύ 20️⃣ Use PersistentVolumeClaims (PVC)

For stateful apps:

spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi

🎯 Conclusion

Mastering Kubernetes isn’t just about knowing the commands β€” it’s about building reliable, observable, and secure systems. These tips, combined with proactive monitoring and sound DevOps practices, can save you hours of debugging, downtime, and frustration.

Cheers,

Sim