kubernetes-best-practiceslisted

# Kubernetes Best Practices This skill provides guidance for writing production-ready Kubernetes manifests and managing cloud-native applications. ## Resource Management **Memory**: Set requests and limits to the same value to ensure QoS class and prevent OOM kills. **CPU**: Set requests only, omit limits to allow performance bursting and avoid throttling. ```yaml resources: requests: memory: "256Mi" cpu: "250m" limits: memory: "256Mi" # No CPU limit ``` ## Image Versioning Always pin specific versions, never use `:latest` tag unless explicitly requested: ```yaml # Good image: nginx:1.25.3 # Bad image: nginx:latest ``` For immutability, consider pinning to specific digests. ## Configuration Management **Secrets**: Sensitive data (passwords, tokens, certificates) **ConfigMaps**: Non-sensitive configuration (feature flags, URLs, settings) ```yaml env: - name: DATABASE_URL valueFrom: secretKeyRef: name: app-secrets key: database-url - name: LOG_LEVEL valueFrom: configMapKeyRef: name: app-config key: log-level ``` **Best practices:** - Never hardcode secrets in manifests - Use external secret management (Sealed Secrets, External Secrets Operator) - Rotate secrets regularly - Limit access with RBAC ## Workload Selection Choose the appropriate workload type: - **Deployment**: Stateless applications (web servers, APIs, microservices) - **StatefulSet**: Stateful applications (databases, messa