- For Java software, use JDK 10 or above. Reference: Improved Docker Integration with Java 10, Java inside docker: What you must know to not FAIL, Running Java in a Container
- Dynamic Runtime Config (Runtime Properties)
- Build small and secure Container images for Performance and Security Reasons (Small base images and Builder Pattern)
- Pass the Docker tag to the App so that it can be offered up as part of an API end point (or as part of web page, assuming it is a web app)
- Use JDK 10 and above to ensure memory and compute settings are actually honored by the Container. Reference: Improved Docker Integration with Java 10
- Use Service Discovery built into Kubernetes. NO calls using hardcoded IP address allowed
- Add labels to every Kubernetes Resource that you create (sw=,env=,dev=,...)
- Use Downward API, take metadata about the cluster and slap it onto the container inside a Pod
- Use matchLabels: as Selector
- Always clearly specify rollout behavior in Deployments (like RollingUpdate)
- Use ConfigMap and Secrets as Volumes or Env variables. Use ConfigMap to provide config files to a service or content to an app
- Use Affinity (podAffinity, podAntiAffinity) Rules (Scheduler Feature) to show how Pods relate to each other
- Set terminationGracePeriodSeconds: 60 to give containers extra time to term gracefully
- Add SecurityContext to Pod and/or Container level (Read Only, Root Allowed, Root Capabilities, Run User, Privileged)
- Always add readinessProbe and livenessProbe to avoid premature load shift and fix hung processes
- Use lifecycle (preStop, postStart, etc.) to inject functionality at runtime