Back to Home

Kubernetes Best Practices

Industry Standards, Naming Conventions, Resource Management & Optimization

Why Best Practices Matter

Following Kubernetes best practices ensures your deployments are secure, scalable, maintainable, and cost-effective. This comprehensive guide covers industry-standard practices that will help you build production-ready applications.

Naming Conventions & Labeling

Standardize naming across your cluster for better organization

Resource Naming

  • Use lowercase alphanumeric and hyphens
  • Start and end with alphanumeric character
  • Max 63 characters for most resources
  • Example: web-app-frontend-prod
  • Avoid timestamps in resource names

Labels & Annotations

metadata: labels: app: web-server version: v1.2.0 environment: prod team: backend annotations: description: "Main web server" managed-by: "terraform"

Recommended Labels

  • app - Application name
  • version - App version
  • environment - dev/staging/prod
  • team - Team responsible
  • cost-center - Billing

Resource Management & Limits

Properly define CPU and memory requests and limits

CPU & Memory Requests & Limits

spec: containers: - name: my-app image: myapp:v1.0 resources: requests: cpu: "100m" # 0.1 CPU memory: "128Mi" # 128 Megabytes limits: cpu: "500m" # 0.5 CPU memory: "512Mi" # 512 Megabytes

Guidelines

  • Always set requests for scheduler optimization
  • Set limits to prevent resource hogging
  • Limits should be 2-4x higher than requests
  • Monitor actual usage to fine-tune values
  • Use ResourceQuotas at namespace level

Pod Security & Health Checks

Ensure containers are secure and properly monitored

Security Context

securityContext: runAsNonRoot: true runAsUser: 1000 readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - ALL

Liveness Probe

livenessProbe: httpGet: path: /health port: 8080 initialDelaySeconds: 30 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 3

Readiness Probe

readinessProbe: httpGet: path: /ready port: 8080 initialDelaySeconds: 10 periodSeconds: 5 timeoutSeconds: 3 failureThreshold: 2

Deployment Patterns & Strategies

Best practices for deploying applications

Rolling Updates

  • Default strategy - zero downtime
  • Gradual pod replacement
  • Can rollback if issues occur
  • Recommended for most cases

Blue-Green Deployment

  • Two identical environments
  • Instant switch with zero downtime
  • Requires double resources
  • Easy rollback mechanism

Canary Deployment

  • Route small traffic percentage
  • Monitor metrics before full rollout
  • Catch issues early
  • Requires service mesh (Istio/Linkerd)

Data & State Management

Handle persistent data correctly

Storage Best Practices

Anti-Patterns to Avoid

Common mistakes that lead to problems

Using Latest Image Tag

Bad: image: myapp:latest

Good: image: myapp:v1.2.3-sha256

Why: Latest tag is mutable and can change unexpectedly, breaking deployments.

Running as Root

Bad: No security context defined (runs as root by default)

Good: Set runAsNonRoot: true and runAsUser: 1000

Why: Root access increases security risk if container is compromised.

No Resource Limits

Bad: No requests or limits specified

Good: Always define CPU and memory requests and limits

Why: Without limits, a single pod can consume all cluster resources.

Secrets in ConfigMaps

Bad: Storing passwords in ConfigMaps

Good: Use Secrets and enable encryption at rest

Why: ConfigMaps are not encrypted and can leak sensitive data.

Quick Reference Checklist