Kubernetes Configuration Guide

A comprehensive guide to writing clean, maintainable Kubernetes manifests and YAML configurations

Kubernetes Configuration Best Practices 🚀

Writing clean, maintainable Kubernetes manifests is crucial for production deployments. Here’s a comprehensive guide to YAML configuration patterns that will make your K8s journey smoother.

YAML Structure & Organization

The following sections represent different levels of Kubernetes resource organization, from namespaces down to individual containers.

Namespace Level

apiVersion: v1
kind: Namespace
metadata:
  name: production
  labels:
    environment: prod
    team: platform

Deployment Level

apiVersion: apps/v1
kind: Deployment
metadata:
  name: web-app
  namespace: production
spec:
  replicas: 3
  selector:
    matchLabels:
      app: web-app

Service Level

apiVersion: v1
kind: Service
metadata:
  name: web-app-service
  namespace: production
spec:
  selector:
    app: web-app
  ports:
  - port: 80
    targetPort: 3000
  type: ClusterIP

Resource Management

Proper resource allocation is critical for cluster stability and cost optimization.

CPU and Memory Requests

resources:
  requests:
    memory: "256Mi"
    cpu: "250m"
  limits:
    memory: "512Mi"
    cpu: "500m"

Storage Classes

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: database-storage
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: fast-ssd

Health Checks & Probes

Implementing proper health checks prevents cascading failures and ensures zero-downtime deployments.

Liveness Probe

livenessProbe:
  httpGet:
    path: /health
    port: 3000
  initialDelaySeconds: 30
  periodSeconds: 10
  timeoutSeconds: 5
  failureThreshold: 3

Readiness Probe

readinessProbe:
  httpGet:
    path: /ready
    port: 3000
  initialDelaySeconds: 5
  periodSeconds: 5
  timeoutSeconds: 3
  successThreshold: 1

Security & Secrets

Never hardcode sensitive information. Use Kubernetes secrets and ConfigMaps.

Secret Management

apiVersion: v1
kind: Secret
metadata:
  name: app-secrets
type: Opaque
data:
  database-url: cG9zdGdyZXNxbDovL3VzZXI6cGFzc0BkYjoxNTQzMi9teWRi
  api-key: eW91ci1zZWNyZXQta2V5LWhlcmU=

ConfigMap for Non-Sensitive Data

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  environment: "production"
  log-level: "info"
  max-connections: "100"

Networking & Ingress

Proper networking configuration ensures your services are accessible and secure.

Ingress Controller

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: web-app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - myapp.example.com
    secretName: myapp-tls
  rules:
  - host: myapp.example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: web-app-service
            port:
              number: 80

Monitoring & Observability

Set up comprehensive monitoring to understand your application’s behavior.

ServiceMonitor for Prometheus

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: web-app-monitor
spec:
  selector:
    matchLabels:
      app: web-app
  endpoints:
  - port: metrics
    interval: 30s
    path: /metrics

Pod Disruption Budget

apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: web-app-pdb
spec:
  minAvailable: 2
  selector:
    matchLabels:
      app: web-app

Advanced Patterns

Horizontal Pod Autoscaler

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: web-app-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: web-app
  minReplicas: 2
  maxReplicas: 10
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80

Network Policies

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: web-app-netpol
spec:
  podSelector:
    matchLabels:
      app: web-app
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: ingress-nginx
    ports:
    - protocol: TCP
      port: 3000
  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          name: database
    ports:
    - protocol: TCP
      port: 5432

Best Practices Summary

  • Always set resource requests and limits
  • Use health checks for all services
  • Implement proper secret management
  • Set up monitoring and logging
  • Use namespaces for organization
  • Apply network policies for security
  • Test your configurations thoroughly

Remember: Kubernetes is powerful but complex. Start simple, iterate, and always test your changes in a non-production environment first!

Need help with your Kubernetes journey? Check out the official documentation or reach out on GitHub!