rudimentary best practices for applications (#157)#180
rudimentary best practices for applications (#157)#180
Conversation
nissessenap
left a comment
nissessenap
left a comment
There was a problem hiding this comment.
It's a good start.
Added some initial thoughts but I need to read through it a few more times.
| ## Secret Management | ||
|
|
||
| 1. Make sure no secrets are commited to either source code repository, nor gitops repository. | ||
| 2. Load secrets using Secret Store CSI Driver. It is documented extensively [here](https://xenitab.github.io/docs/xks/developer-guide/secrets-management). |
There was a problem hiding this comment.
It's okay to get secrets from Cloud provider key vault solutions as well. As long as you don't save passwords in git you are okay :)
|
|
||
| Add tracing to your application. We have found that modern trace tools provide pretty good configuration out of the box. You just need to add an appropriate tracing library to your application. Consider reading our extended [extended documentation on tracing](https://xenitab.github.io/docs/xks/developer-guide/observability). | ||
|
|
||
| ## Pod disruption budgets |
There was a problem hiding this comment.
Maybe change this to availability or something similar. I think this PDB documentation is to in depth for a overview page.
I think you should mention pdb as a part of getting good avaliability in k8s together with things like antiaffinity and link to our other docs for more details.
|
|
||
| Your pod can be shut down by kubernetes. Make sure the following has been configured. | ||
|
|
||
| 1. Your application has graceful shutdown that closes connection to database. |
There was a problem hiding this comment.
Mention something about sigterm and that you application needs to capture it and then close the connections.
We probably have some docs about this in some application specific part. Can link to that.
|
ping @dachrillz |
2 participants
No description provided.