14 best practices for developing applications with OpenShift

Working a lot with development teams who have just switched to OpenShift, we strive to provide them with guidance and best practices for successfully building and deploying applications on this platform. Based on the results of this work, we have selected 14 key, in our opinion, practices, which can be divided into two categories: application reliability and application security. These categories overlap because the higher the reliability, the better the safety, and vice versa, and the list of best practices is as follows.





Application reliability

This section compiles 9 best practices to help you improve app availability, uptime, and better user experience.





1. Do not store application configuration inside a container





If the container image contains configuration for a specific environment (Dev, QA, Prod), it will not work to transfer it between environments without changes. This is bad from the point of view of the reliability of the release process, since the image that was tested in the previous stages will no longer go into production. Therefore, do not keep the application configuration for a specific environment inside the container, but keep it separately, for example, using ConfigMaps and Secrets.





2. Set resource requirements and limits in pod definitions





Without proper tuning of resource requirements, applications can create overwhelming demands on memory and processor. Conversely, with the application's explicit CPU and memory requirements, the cluster can efficiently dispatch to provide the application with the requested resources.





3. (liveness) (readiness) pod’





: , liveness, , readiness. . OpenShift Platform.





4. PodDisruptionBudget





pod’ , , , autoscaler , . , PodDistruptionBudget.





5. pod’





pod , pod', , , .





6. –





, . -, . .     OpenShift Platform.





7.





Prometheus Grafana - .





8. stdout/stderr





OpenShift (ELK, Splunk). – -. , , , , .





9. Circuit breakers, Timeouts, Retries, Rate Limiting





, (Rate Limiting, Circuit Breakers) (Timeouts, Retries). OpenShift Service Mesh, , .





5 , , , .





10.





- , , , . community-, , . , , Docker Hub, – !





11.





. , , .





12. build- , runtime-





Build- , , . runtime- , , .





13. Restricted security context constraint (SCC) – ,





, restricted SCC ( . ). , , restricted SCC .





14. TLS





. , OpenShift, , TLS-, OpenShift Service Mesh , .





, 14 OpenShift. . OpenShift.








All Articles