20 Essential Kubernetes Tips to Boost Security, Reliability, and Manageability

01 Productivity

Create shell aliases for frequently used kubectl commands to reduce typing and speed up debugging.

alias k='kubectl'
alias kgp='kubectl get pods -o wide'
alias kdesc='kubectl describe pod'

02 Reliability and Stability

Define requests and limits for every pod; enforce them with LimitRanges and ResourceQuotas in large clusters.

Configure readiness and liveness probes to avoid exposing unhealthy pods to users.

Drain a node with kubectl drain and bring it back with kubectl uncordon before upgrades or restarts.

Use PodDisruptionBudget to guarantee a minimum number of pods remain available during voluntary disruptions.

resources:
  requests:
    cpu: "200m"
    memory: "256Mi"
  limits:
    cpu: "500m"
    memory: "512Mi"

livenessProbe:
  httpGet:
    path: /health
    port: 8080
  initialDelaySeconds: 10
  periodSeconds: 10
readinessProbe:
  httpGet:
    path: /ready
    port: 8080

apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: myapp-pdb
spec:
  minAvailable: 2
  selector:
    matchLabels:
      app: myapp

03 Security and Isolation

Never grant the cluster‑admin role; instead create scoped Role and RoleBinding objects and audit them regularly.

Mount ConfigMap and Secret data as read‑only volumes or environment variables, marking secrets with readOnly: true.

Run containers as non‑root by setting runAsNonRoot: true and readOnlyRootFilesystem: true in pod specs.

Apply taints to special nodes (e.g., GPU nodes) and use tolerations so only intended workloads can schedule there.

Restrict pod‑to‑pod traffic with NetworkPolicy, the built‑in Kubernetes firewall.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
spec:
  podSelector:
    matchLabels:
      app: frontend
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: backend

04 Maintainability and Daily Operations

Pin container images to a specific tag (avoid :latest) to ensure reproducible releases.

Rotate secrets and tokens regularly; never bake credentials into images.

Send all pod logs to a central backend (e.g., Elasticsearch or Loki) indexed by namespace, pod, and container.

Schedule regular etcd snapshots, store them securely, and verify integrity before upgrades.

Periodically clean up unused Deployments, PVCs, Services, and failed Pods using kubectl or tools like kubectl‑neat or kube‑cleanup.

Replace direct SSH access with API‑driven or bastion‑host sessions; disable SSH on nodes for auditability.

image: myrepo/myapp:v1.2.3

ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-$(date +%Y%m%d).db
ETCDCTL_API=3 etcdctl snapshot status /backup/etcd-20250101.db

kubectl get rs --all-namespaces
kubectl delete rs

Apply these recommendations incrementally: start with resource limits, probes, and ServiceAccounts, then strengthen security hardening, backup routines, and cleanup automation to make your Kubernetes clusters safer, more stable, and easier to manage.