Kubeadapt
Get started
Best Practices

Best Practices

Audit your Kubernetes configurations against FinOps best practices and cost governance policies. Get a clear score with specific fixes for resource efficiency, reliability, and security.

Book a DemoStart Free
50+
Check Rules
0–100
Compliance Score
YAML
Fix Snippets
Best Practices | Kubeadapt
78/ 100
Grade B+
Category Scores
Cost87%
Reliability72%
Security64%
Checks
Resource limits definedCost
Health probes configuredReliability
Security context setSecurity
PDB configuredReliability
Anti-affinity rulesReliability
Image tag pinnedSecurity

How it Works

Three steps from setup to savings

01

Audit

Kubeadapt scans every workload across all namespaces against 50+ rules covering cost efficiency, reliability, and security posture.

02

Score

Each cluster receives a 0–100 compliance score (Good / Fair / Needs Work) with per-namespace breakdowns and category-level scoring for fast executive reporting.

03

Fix

Every finding includes severity, estimated cost and reliability impact, and copy-paste YAML remediation patches.

Capabilities

What's Included

FinOps Best Practices & Cost Governance

Configuration Findings

SEC-003Critical

Container running with root privileges in production namespace

Security

RES-007Warning

No resource limits defined for deployment api-gateway

Resource Configuration

REL-002Info

Pod disruption budget not configured for statefulset redis

Reliability

Configuration Audit

50+ checks covering resource limits, health probes, security contexts, anti-affinity, and PDB configurations.

  • Covers resource limits, health probes, security contexts, and PDB configs
  • Checks against CIS Kubernetes benchmarks and community best practices

Compliance Summary

84%ScoreGood
!3Critical
8Warnings
i12Info

Cluster Compliance Score

Get a 0–100 compliance score with category breakdowns across cost efficiency, reliability, scheduling, and security.

  • Overall score: 80+ is Good, 60-80 is Fair, below 60 Needs Work. Readable at a glance for any stakeholder.
  • Category breakdowns show exactly which of the 7 areas is dragging your score down

Prioritized Fixes

SEC-003Critical

3 containers running as root in production

Fix: Set runAsNonRoot: true

RES-007Warning

Missing resource limits on api-gateway deployment

Fix: Add resources.limits to pod spec

Prioritized Fixes

Each finding includes severity, estimated impact, and step-by-step remediation instructions.

  • Each finding ranked by severity and estimated cost/reliability impact
  • Step-by-step remediation instructions with copy-paste YAML patches

Filter Findings

🔍Search checks, resources...
CategoryAll
SeverityAll
StatusOpen
Security×Critical×kube-system×
3 findings matchClear All

Trend Tracking

Track your score over time to measure improvement and ensure teams maintain configuration quality.

  • Historical score graph shows improvement trajectory over weeks and months
  • Set score targets and get notified when clusters regress below thresholds

Remediation

SEC-001 FixCopy YAML

apiVersion: v1

kind: Pod

metadata:

name: api-server

spec:

containers:

- name: api

securityContext:

runAsNonRoot: true

readOnlyRootFs: true

Apply with:
kubectl apply -f remediation.yaml

Namespace Comparison

Compare best practice scores across namespaces to identify teams that need additional guidance.

  • Side-by-side namespace scores to identify teams that need guidance
  • Leaderboard view encourages healthy competition across engineering teams

Frequently Asked Questions

Common questions about Best Practices

Explore More

Explore More Features

See What 60% Savings Looks
Like on Your Clusters

Stop overpaying for Kubernetes. See potential savings within 10 minutes.

Connect Your First ClusterGet in Touch
No credit card required
14-day free trial
Cancel anytime
Read-only Agent
GDPR Compliant
No Code Changes Required