Before taking a K8s cluster to production, go through this checklist.
Networking¶
- ☐ Network policies defined
- ☐ Ingress controller configured
- ☐ DNS working (CoreDNS)
- ☐ Service mesh (optional: Istio/Linkerd)
Security¶
- ☐ RBAC configured
- ☐ Pod Security Standards/Admission
- ☐ Secrets encrypted (Sealed Secrets / Vault)
- ☐ Image scanning in CI/CD
- ☐ Network policies isolate namespaces
Reliability¶
- ☐ Resource requests and limits on all pods
- ☐ PodDisruptionBudget
- ☐ HPA/VPA configured
- ☐ Anti-affinity for HA
- ☐ Pod topology spread constraints
Monitoring¶
- ☐ Prometheus + Grafana
- ☐ Container logs centralized
- ☐ Alerting on cluster health
- ☐ etcd monitoring
Backup & DR¶
- ☐ etcd backup automated
- ☐ Persistent volume backup
- ☐ Cluster state backup (Velero)
- ☐ DR plan tested
Tip¶
Use GitOps (ArgoCD/Flux) for declarative cluster management.
kubernetesclusterdevops