Kubeadapt
Get started
DocsConfigurationAPI ReferenceCLI
REFERENCE

Best Practices

Audit your Kubernetes configurations against security, reliability, and operational best practices.

Overview

Best Practices

Best Practices scans your cluster for configuration issues and reports findings with severity levels and remediation guidance. A compliance score tracks your overall configuration quality.

Access: Select cluster (Clusters page or sidebar dropdown) > Best Practices

Compliance Score

A score from 0 to 100 displayed as a color-coded badge in the header:

  • 80-100 (green) - Good configuration health
  • 60-79 (amber) - Room for improvement
  • Below 60 (red) - Needs attention

The score is weighted by category. Security issues have the highest impact on the score.

Severity Levels

Findings are classified into three severity levels:

  • Critical - Active security or stability risks (e.g. containers running as root, missing memory limits). Address these first.
  • Warning - Important issues to address soon
  • Info - Recommended improvements and minor optimizations

Check Categories

Nine categories of configuration checks:

  1. Security - Root containers, privileged mode, security context, image pull policies
  2. Reliability - Single replica deployments, missing Pod Disruption Budgets, anti-affinity rules
  3. Resource Configuration - Missing memory/CPU limits, no resource requests, QoS class issues
  4. Namespace Organization - Namespace hygiene and structure
  5. Scheduling & Placement - Node affinity, tolerations, topology spread constraints
  6. Workload Configuration - Liveness/readiness/startup probes, rolling update settings
  7. Storage - Volume configuration and storage class usage
  8. ConfigMaps & Secrets - Secret management and configuration best practices
  9. Service Networking - Service configuration, network policies, ingress rules

Filtering

Filter findings by:

  • Severity - Critical, Warning, or Info
  • Category - Any of the 9 categories above
  • Namespace - Scope to specific namespaces
  • Resource Kind - Deployment, StatefulSet, DaemonSet, etc.

Finding Status

Each finding has a status:

  • Open - Active finding requiring attention
  • Acknowledged - Reviewed and accepted (will not affect compliance score)

Click a finding to acknowledge it or reopen a previously acknowledged finding.

← PreviousAvailable SavingsNext →Cost Query Engine