Deploying Workloads: Checklist

Objective

Provide a checklist of commonly missed steps to follow whenever creating a new workload on the Panfactum Stack.

Have you ensured that the container image is sourced from ECR (either directly or via the pull-through cache)?
Have you implemented liveness and readiness probes?
Have you ensured your workload can gracefully terminate in under 90 seconds?
Have you set the appropriate priority class?
Have you set resource minimums for your workload?
Have you enabled the appropriate node classes?
Have you ensured you protected secret configuration values by providing them via common_secrets or secret_mounts (vs. common_env or config_map_mounts)?
Have you created the necessary temporary directories so that you can leave the root filesystem as read-only?
Have you verified that the container can run under uid 1000? If it cannot, have you set the uid input?
Have you given the workload all the necessary permissions?
Have you chosen an SLA level for your workload and completed the necessary checklist?
Do you have a networked workload? If so:
- Have you set the ports for each container?
- Do you need to allow public access? Have you set up an Ingress with kube_ingress?