Search by Algolia
What is retail analytics and how can it inform your data-driven ecommerce merchandising strategy?
e-commerce

What is retail analytics and how can it inform your data-driven ecommerce merchandising strategy?

There is such tremendous activity both on and off of retailer websites today that it would be impossible to make ...

Catherine Dee

Search and Discovery writer

8 ways to use merchandising data to boost your online store ROI
e-commerce

8 ways to use merchandising data to boost your online store ROI

New year, new goals. Sounds positive, but looking at your sales data, your revenue and profit aren’t so hot ...

John Stewart

VP, Corporate Communications and Brand

Algolia DocSearch + Astro Starlight
engineering

Algolia DocSearch + Astro Starlight

What is Astro Starlight? If you're building a documentation site, your content needs to be easy to write and ...

Jaden Baptista

Technical Writer

What role does AI play in recommendation systems and engines?
ai

What role does AI play in recommendation systems and engines?

You put that in your cart. How about this cool thing to go with it? You liked that? Here are ...

Catherine Dee

Search and Discovery writer

How AI can help improve your user experience
ux

How AI can help improve your user experience

They say you get one chance to make a great first impression. With visual design on ecommerce web pages, this ...

Jon Silvers

Director, Digital Marketing

Keeping your Algolia search index up to date
product

Keeping your Algolia search index up to date

When creating your initial Algolia index, you may seed the index with an initial set of data. This is convenient ...

Jaden Baptista

Technical Writer

Merchandising in the AI era
e-commerce

Merchandising in the AI era

For merchandisers, every website visit is an opportunity to promote products to potential buyers. In the era of AI, incorporating ...

Tariq Khan

Director of Content Marketing

Debunking the most common AI myths
ai

Debunking the most common AI myths

ARTIFICIAL INTELLIGENCE CAN’T BE TRUSTED, shouts the headline on your social media newsfeed. Is that really true, or is ...

Vincent Caruana

Senior Digital Marketing Manager, SEO

How AI can benefit the retail industry
ai

How AI can benefit the retail industry

Artificial intelligence is on a roll. It’s strengthening healthcare diagnostics, taking on office grunt work, helping banks combat fraud ...

Catherine Dee

Search and Discovery writer

How ecommerce AI is reshaping business
e-commerce

How ecommerce AI is reshaping business

Like other modern phenomena such as social media, artificial intelligence has landed on the ecommerce industry scene with a giant ...

Vincent Caruana

Senior Digital Marketing Manager, SEO

AI-driven smart merchandising: what it is and why your ecommerce store needs it
ai

AI-driven smart merchandising: what it is and why your ecommerce store needs it

Do you dream of having your own personal online shopper? Someone familiar and fun who pops up every time you ...

Catherine Dee

Search and Discovery writer

NRF 2024: A cocktail of inspiration and innovation
e-commerce

NRF 2024: A cocktail of inspiration and innovation

Retail’s big show, NRF 2024, once again brought together a wide spectrum of practitioners focused on innovation and transformation ...

Reshma Iyer

Director of Product Marketing, Ecommerce

How AI-powered personalization is transforming the user and customer experience
ai

How AI-powered personalization is transforming the user and customer experience

In a world of so many overwhelming choices for consumers, how can you best engage with the shoppers who visit ...

Vincent Caruana

Senior Digital Marketing Manager, SEO

Unveiling the future: Algolia’s AI revolution at NRF Retail Big Show
algolia

Unveiling the future: Algolia’s AI revolution at NRF Retail Big Show

Get ready for an exhilarating journey into the future of retail as Algolia takes center stage at the NRF Retail ...

John Stewart

VP Corporate Marketing

How to master personalization with AI
ai

How to master personalization with AI

Picture ecommerce in its early days: businesses were just beginning to discover the power of personalized marketing. They’d divide ...

Ciprian Borodescu

AI Product Manager | On a mission to help people succeed through the use of AI

5 best practices for nailing the ecommerce virtual assistant user experience
ai

5 best practices for nailing the ecommerce virtual assistant user experience

“Hello there, how can I help you today?”, asks the virtual shopping assistant in the lower right-hand corner ...

Vincent Caruana

Senior Digital Marketing Manager, SEO

Add InstantSearch and Autocomplete to your search experience in just 5 minutes
product

Add InstantSearch and Autocomplete to your search experience in just 5 minutes

A good starting point for building a comprehensive search experience is a straightforward app template. When crafting your application’s ...

Imogen Lovera

Senior Product Manager

Best practices of conversion-focused ecommerce website design
e-commerce

Best practices of conversion-focused ecommerce website design

The inviting ecommerce website template that balances bright colors with plenty of white space. The stylized fonts for the headers ...

Catherine Dee

Search and Discovery writer

Looking for something?

facebookfacebooklinkedinlinkedintwittertwittermailmail

We started using Kubernetes almost four years ago. We had new services to deploy, and even if we’re big users of bare metal machines, we needed more flexibility. Therefore, we decided to test and use Kubernetes on new systems. Two years later, most of our products are deployed on Kubernetes, following Kubernetes best practices. As more and more teams started to use it internally, we created an internal training. And today, we’re proud to make this training open source, so anyone can learn from it and contribute.

Two years into our implementation, we extracted eight practices from this training that we consider to be key for using Kubernetes correctly. We’re republishing these Kubernetes best practices as a blast from the past and to lay the foundation for future articles on how we and Kubernetes have grown over the last two years.

1. Do not use root user in your containers

The container paradigm, and the way it’s implemented on Linux, wasn’t built with security in mind. It only exists to restrict resources, such as CPU and RAM, like the documentation of Docker explains. This implies that your container shouldn’t use the “root” user to run commands. Running a program in a container is almost the same as running a program on the host itself. If you are interested in knowing more, check this article to understand why.

Thus, add those lines on all your images to make your application run with a dedicated user. Replace “appuser” with a name more relevant for you.

ARG USER=appuser # set ${USER} to be appuser
addgroup -S ${USER} && adduser -S ${USER} -G ${USER} # adds a group and a user of it
USER ${USER} # set the user of the container
WORKDIR /home/${USER} # set the workdir to be the home directory of the user

This can also be ensured at the cluster level with pod security policies.

2. Handle the “SIGTERM” signal

Kubernetes sends the “SIGTERM” signal whenever it wants to gracefully stop a container. You should listen to it and react accordingly in your application (by closing connections, save a state, etc.) In general, following the twelve-factor app recommendations for your application is considered good practice. Also, don’t forget to configure terminationGracePeriodSeconds on your pods. The default is 30 seconds, but your application might need more (or less) time to properly terminate.

3. Use a declarative management for your manifests

Use declarative manifests so you can rollback your code and infrastructure efficiently. It means that your source versioning should be the source of truth of your manifests.

It implies that you only use kubectl apply to update or create your Kubernetes resources, but also that you don’t use the latest tag for your image containers. Each version of your containers should be unique, and using Git hashes is a good practice. When deploying a new version of your application, you should update the manifest by specifying a new version for the containers, then commit the manifest in your source control, and finally run kubectl apply.

4. Lint your manifests

YAML is a tricky format. We use yamllint, because it supports multi-documents in a single file.

You can also use Kubernetes-specifics linters:

  • kube-score lints your manifests and enforce good practices.
  • kubeval also lints the manifests, but only checks validity.

In Kubernetes 1.13, the --dry-run option appeared on kubectl which lets Kubernetes check your manifests without applying them. You can use this feature to check if your YAML files are valid for Kubernetes.

5. Configure the liveness and readiness probes

Liveness and readiness are ways for an application to communicate its health to Kubernetes. Configuring both helps Kubernetes handle your pods correctly, and react accordingly to state change.

The liveness probe is here to assess whether if a container is still alive; meaning, if the container is not in a broken state, a deadlock, or anything similar. From there, it can take decisions such as restarting it.

The readiness probe is here to detect if a container is ready to accept traffic, block a rollout, influence the Pod Disruption Budget (PDB), etc. It’s particularly useful when your container is set to receive external traffic by Kubernetes (most of the time, when it’s an API).

Usually, having the same probe for readiness and liveness is acceptable. In some cases though, you might want them to be different. A good example is a container running a single-threaded application that accepts HTTP calls (like PHP). Let’s say you have an incoming request that takes a long time to process. Your application can’t receive any other request, as it’s blocked by the incoming requests; therefore it’s not “ready”. On the other hand, it’s processing a request, therefore it’s “alive”.

Another thing to keep in mind, your probes shouldn’t call dependent services of your application. This prevents cascading failure.

6. Configure resource requests and limits

Kubernetes lets you configure “requests” and “limits” of the resources for pods (CPU, RAM and disk). Configuring the “requests” helps Kubernetes schedule your pods more easily, and better pack workloads on your nodes.

Most of the time you could define "request" = "limit". But be careful, as your pod will be terminated if it goes above the limit.

Unless your applications are designed to use multiple cores, it is usually a best practice to keep the CPU request at "1" or below.

7. Specify pod anti-affinity

When you deploy an application with a lot of replicas, you most probably want them to be evenly spread across all nodes of the Kubernetes cluster. If you have all your pods running on the same node, and this node dies, this will kill all your pods. Specifying a pod anti-affinity for your deployments ensures that Kubernetes schedules your pods across all nodes.

A good practice is to specify a podAntiAffinity on the hostname of the node:

apiVersion: apps/v1
kind: Deployment
metadata:
 name: my-application
spec:
 replicas: 2
 selector:
   matchLabels:
     app: my-application
 template:
   metadata:
     labels:
       app: my-application
   spec:
     containers:
     - name: my-pod
       image: my-image:my-version
     affinity:
       podAntiAffinity:
         preferredDuringSchedulingIgnoredDuringExecution:
           - labelSelector:
               matchExpressions:
                 - key: app
                   operator: In
                   values:
                     - app: my-deployment
             topologyKey: kubernetes.io/hostname

Here we have a deployment “my-application” with two replicas, and we specify a podAntiAffinity specification with a soft requirement (preferredDuringSchedulingIgnoredDuringExecution, see here for more details), so we don’t schedule the pods on the same hostname (topologyKey: kubernetes.io/hostname).

8. Specify a Pod Disruption Budget (PDB)

In Kubernetes, pods have a limited lifespan and can be terminated at any time. This phenomenon is called a “disruption”.

Disruptions can either be voluntary or involuntary. Involuntary disruptions means, as its name suggests, that it wasn’t something anyone could expect (a hardware failure for example). Voluntary disruptions are initiated by someone or something, like the upgrade of a node, a new deployment, etc.

Defining a “Pod Disruption Budget” helps Kubernetes manage your pods when a voluntary disruption happens. Kubernetes will try to ensure that enough that match a given selector are remains available at the same time. Specifying a PDB improves the availability of your services.

Conclusion

 

Four years ago, we used these fine defaults, and we apply them on all our apps in Kubernetes. We recommend you adapt your practices based on the specifics of your applications and workload.

You can find more details on these good practices on the dedicated section of the training.

 

About the author
Rémy-Christophe Schermesser

Staff Software Engineer

Recommended Articles

Powered byAlgolia Algolia Recommend

The Challenging Migration from Heroku to Google Kubernetes Engine
engineering

Adrien Joly

Senior Software Engineer

Speeding up our Crawler parallel processing by 50 percent
engineering

Samuel Bodin

Software Engineer Crawler

Algolia's top 10 tips to achieve highly relevant search results
product

Julien Lemoine

Co-founder & former CTO at Algolia