Quay, GCR etc.. • Self hosted. Generic Best Practice: • One layer for base, one for user configuration and one for application • Leverage ‘USER’ directive to run programs inside container as non-root. • Ensure regular scanning of images. • Use environment variables for runtime configuration.
you are using calico networking. • Check this document. • Cross verify the kops supported version for k8s cluster. .https://github.com/kubernetes/kops/blob/master/docs/upgrade_from_kops_1.6_to_1.7_calico_cid r_migration.md
is available. - kubectl top • Cluster monitoring using Prometheus and Grafana. • Configure Prometheus alerts to notify on slack/email etc. using alertmanager. - Prometheus nodeexporter and prometheus-core manifest must specify resources or might lead to consume more and more resources Other tools:- • Datadog/sysdig/weave-scope etc.
maintained in ETCD which is a distributed - key-value store • Deployment considerations for ETCD - Fault-tolerant cluster - Storage for ETCD (Network and IO latency directly affects ETCD) - ETCD data backup and restore - Reshifter(https://github.com/mhausenblas/reshifter) - Ark • Enable TLS