In this post we will review list of requirements for a production grade kubernetes solution. These requirements are standard for any deployment that is deployed in a shared resources kubernetes, and aim to provide security, reliability, and maintability for the deployment.
Helm Chart
A deployment should provide a helm chart to install it. The helm chart should be customizable, enabling add and change of:
- Labels
- Annotations
- Image repo
- Image version
- Node selector
- Affinity
- CPU and memory resource per container
- Log verbosity
- Service definitions: types, ports
- Additional volume and volumes mounts
In terms of security:
- The RBAC should have least privileges settings
- Use read-only file system whereever possible
In addition, helm upgrade should run with minimum downtime.
Communication
All communication should support both clear text and TLS. In case of TLS, there should be an ability to specify the location of the PKI files.
Containers
All containers should follow the next guidelines:
- Run as non-root user
- Log to STDOUT
- Support liveness and readiness probes
- Accept SIGTERM and exit gracefully, and log termination upon exit
Benchmarking
- Detailed benchmarking should be done for the deployment, that specifies for a range of specified loads, the expected resources for each container.
- In case of need, auto scaling should be handled automatically.
- There should be no single point of failure. All services should high availability.
Tests
Development stage should include both unit tests, and end-to-end tests.
Full code coverage should be achieved as part of the tests.
No comments:
Post a Comment