Deployment Requirements

Version Management

• All chart versions pinned (no latest)
• All image tags pinned (no latest)

High Availability

For production environments:

• Replicas: Use HorizontalPodAutoscaler (HPA) for dynamic scaling, or set minimum 2 replicas for stateless applications
• Rolling updates (where accessible): Configure maxUnavailable: 0, maxSurge: 25%
• PodDisruptionBudget (where accessible): Ensure at least 1 pod available during updates

Resource Management

Set appropriate limits for production and development environments.

• Set CPU & memory requests (for scheduling)
• Set CPU & memory limits (prevent resource exhaustion)

tip

Start with lower resources and adjust based on monitoring data.

Security

• Containers run as non-root with readOnlyRootFilesystem
• Secrets: No plaintext secrets, use secure secret management
• RBAC (if applicable): ServiceAccount with least privilege where required
• NetworkPolicy (where accessible): Default-deny with minimal allowed traffic

Observability & Reliability

• Health probes (where accessible): Configure startup, readiness, and liveness probes for long-running applications (exclude jobs and init containers)
• Graceful shutdown (where accessible): Set terminationGracePeriodSeconds + preStop hook
• Standard labels: For custom Helm charts, implement Kubernetes recommended labels

Networking

• Named ports in Services (where accessible)
• Ingress with TLS via cert-manager