Kubernetes — Full Best-Practice Setup & Guide (with Install Commands)

Production-ready YAML examples, installation steps and sequential commands to deploy a React app (or any container) safely and scalably.

```

Prerequisites & Sequential Install (Windows + WSL + Minikube)

Follow these steps in order. Pick the platform section you need (Windows or WSL/Linux).

Windows — Install Docker Desktop

```

# 1) Download installer (PowerShell)

Invoke-WebRequest -Uri "[https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe](https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe)" -OutFile "DockerInstaller.exe"

# 2) Run installer (double-click) and then: Settings → Resources → WSL Integration → enable your Ubuntu distro

# 3) Verify

docker --version
```

WSL2 / Ubuntu (recommended to run commands)

```

# 1) Make sure WSL2 is installed (PowerShell as Admin)

wsl --install

# 2) From Windows store install Ubuntu, then open Ubuntu and set user

# 3) Update packages inside WSL

sudo apt update && sudo apt upgrade -y

# 4) Verify Docker works inside WSL (after enabling WSL integration in Docker Desktop)

docker --version
```

Install kubectl (inside WSL or Windows)

```

# Linux (WSL):

curl -LO "[https://dl.k8s.io/release/$(curl](https://dl.k8s.io/release/$%28curl) -L -s [https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl](https://dl.k8s.io/release/stable.txt%29/bin/linux/amd64/kubectl)"
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
kubectl version --client --output=yaml
```

Install Minikube (WSL — Docker driver)

```

curl -LO [https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64](https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64)
sudo install minikube-linux-amd64 /usr/local/bin/minikube

# Start minikube using Docker driver

minikube start --driver=docker

# Verify

minikube status
kubectl get nodes
```

Install Helm (optional but recommended)

```

# Linux (WSL)

curl [https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3](https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3) | bash
helm version
```

Install Metrics Server (for HPA)

```

kubectl apply -f [https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml](https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml)
kubectl get deployment metrics-server -n kube-system
```

Install NGINX Ingress Controller (local)

```

# Using Helm (recommended)

helm repo add ingress-nginx [https://kubernetes.github.io/ingress-nginx](https://kubernetes.github.io/ingress-nginx)
helm repo update
helm install nginx-ingress ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace
kubectl get pods -n ingress-nginx
```

After these installs your local cluster will be ready for production-like testing (HPA, Ingress).

1. Best-practice Deployment (production-ready)

Key ideas: immutable deployments, declarative YAML, probes, resource requests/limits, labels and selectors consistency.

```

apiVersion: apps/v1
kind: Deployment
metadata:
name: react-docker-app
labels:
app: react-docker
spec:
replicas: 3
selector:
matchLabels:
app: react-docker
template:
metadata:
labels:
app: react-docker
spec:
imagePullSecrets:
- name: regcred          # only if image is private
containers:
- name: react-container
image: kapilkkb/my-docker-react-app:latest
ports:
- containerPort: 80
envFrom:
- configMapRef:
name: react-config
- secretRef:
name: react-secrets
resources:
requests:
cpu: "100m"
memory: "128Mi"
limits:
cpu: "500m"
memory: "512Mi"
livenessProbe:
httpGet:
path: /healthz
port: 80
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
periodSeconds: 10
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
# restartPolicy: Always (default)
# optional: nodeSelector / affinity / tolerations here

Notes: keep spec.selector immutable — if you must change labels, delete & recreate Deployment (or use rolling update labels consistently).

```

2. Service (internal/external) & Ingress

NodePort / LoadBalancer (example)

```

apiVersion: v1
kind: Service
metadata:
name: react-service
spec:
type: NodePort            # use LoadBalancer on cloud (AWS/GCP/Azure)
selector:
app: react-docker
ports:
- port: 80
targetPort: 80
nodePort: 30036       # node port (minikube/test). On cloud, use LoadBalancer and omit nodePort

Ingress (basic, nginx-ingress)

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: react-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:

* host: react.local      # map in /etc/hosts for local testing
  http:
  paths:

  * path: /
    pathType: Prefix
    backend:
    service:
    name: react-service
    port:
    number: 80

Use TLS in production — configure cert-manager + Let's Encrypt or cloud LB certificates.

3. ConfigMaps & Secrets


apiVersion: v1
kind: ConfigMap
metadata:
name: react-config
data:
REACT_APP_API_URL: "[https://api.example.com](https://api.example.com)"
-----------------------------------------------------------------------

apiVersion: v1
kind: Secret
metadata:
name: react-secrets
type: Opaque
stringData:
API_KEY: "YOUR_API_KEY_HERE"

Mount via envFrom (as in Deployment) or mount as files (volumes). Never commit secrets to Git — use sealed-secrets or cloud secret manager for production.

```

4. Persistent Storage (PVC) example

```

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: react-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi

# Mount it inside the pod:

# volumes:

# - name: data

# persistentVolumeClaim:

# claimName: react-pvc

```

On cloud, use storage classes (gp2, gp3). On minikube, consider hostPath for testing.

5. Horizontal Pod Autoscaler (HPA)

```

apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: react-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: react-docker-app
minReplicas: 2
maxReplicas: 10
metrics:

* type: Resource
  resource:
  name: cpu
  target:
  type: Utilization
  averageUtilization: 50

HPA uses metrics-server — install it in your cluster for CPU/memory based autoscaling.

6. RBAC (least privilege) & ServiceAccount (example)


apiVersion: v1
kind: ServiceAccount
metadata:
name: react-sa
--------------

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: react-role
rules:

* apiGroups: [""]
  resources: ["pods","services","endpoints"]
  verbs: ["get","list","watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: react-rolebinding
subjects:

* kind: ServiceAccount
  name: react-sa
  roleRef:
  kind: Role
  name: react-role
  apiGroup: rbac.authorization.k8s.io

Use specific roles per namespace. Avoid cluster-admin for app pods.

7. NetworkPolicy (optional — limit traffic)


apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-by-default
spec:
podSelector: {}
policyTypes:

* Ingress
* Egress

# Then create allow rules for specific pods/services

```

Use CNI plugins (Calico, Cilium) to enforce NetworkPolicy in production clusters.

8. CI/CD & Image Management

# example GitHub Actions step (build & push)
```

* name: Build and push
  uses: docker/build-push-action@v4
  with:
  push: true
  tags: your-repo/your-app:${{ github.sha }}

9. Useful kubectl commands & workflows

Apply / Delete / Inspect


kubectl apply -f deploy-react.yaml
kubectl delete -f deploy-react.yaml
kubectl get pods -A
kubectl describe pod 
kubectl logs -f        # stream logs
kubectl exec -it  -- /bin/sh

Rollouts & Scaling

kubectl rollout status deployment/react-docker-app
kubectl rollout history deployment/react-docker-app
kubectl rollout undo deployment/react-docker-app
kubectl scale deployment react-docker-app --replicas=5

Tip: use kubectl apply -f . to apply all manifests in a folder in one go.

```

10. Monitoring, Logging & Observability

11. Security & Hardening checklist

12. Example full manifest file (all pieces together)

Save as k8s/production.yaml and apply with kubectl apply -f k8s/production.yaml

```

# (1) ConfigMap + Secret (keep secrets out of Git in production)

apiVersion: v1
kind: ConfigMap
metadata: { name: react-config }
data: { REACT_APP_API_URL: "[https://api.example.com](https://api.example.com)" }
---------------------------------------------------------------------------------

apiVersion: v1
kind: Secret
metadata: { name: react-secrets }
stringData: { API_KEY: "replace-me" }
-------------------------------------

# (2) Deployment (with probes & resources)

# -- (deployment YAML shown earlier) --

# (3) Service (react-service) -- as shown earlier

# (4) HPA -- as shown earlier

```

13. Troubleshooting common issues

14. Recommended workflow (Dev → Prod)

  1. Develop & test locally with Docker & minikube (or kind)
  2. CI builds image, runs unit/integration tests, scans image
  3. Push image with immutable tag to registry
  4. CD updates k8s manifests (or GitOps updates) to reference the new image tag
  5. Kubernetes performs rolling update; monitor rollout
  6. Use HPA & metrics to adjust scaling

15. Helpful links (official)

```