- Use small containers for production. Possibly alpine based that do not contain extra items.
- Avoid building your containers based on distros like ubuntu
- If possible, use multi-stage docker files.
- Run a single process per container.
- Optimize for docker build cache. Create images with common layers.
- Be careful in using public images. Scan images for vulnerabilities using tools like Clair, Anchore, etc...
- Do not create naked pods. Always use ReplicaSets or Deployments(or StatefulSets)
- Always specify resource limits for containers in pods.
- use namespaces to organize your applications.
- Store your YAML definition files in version control.
- Do not use latest tag in your deployment files.
- Follow 12 factor app principles.
- Sepcify non-root user for running containers in pods
HTTP status codes - Cheat sheet
- Hold on
- Here you go
- Go away
- You f****d up
- I f****d up