Best Practices

General Kubernetes best practice policies. Enforce labels, probes, image tags, anti-affinity rules, and other operational standards for reliable and well-configured workloads.

Kyverno policies enforcing general Kubernetes operational best practices.

What’s Covered

  • Required labels — Enforce standard labels (app, version, owner) on workloads
  • Liveness and readiness probes — Require health probes on all containers
  • Image tag policy — Disallow the latest tag, require explicit versioning
  • Anti-affinity rules — Encourage pod anti-affinity for high-availability workloads
  • Resource naming — Enforce naming conventions across namespaces

All best practices policies are available in the Nirmata policy library on GitHub.