3 Best Practices When Using Qovery
1. Set Up RBAC (Role-based access control) for Every Member of Your Organization
What is RBAC?
Role-based access control (RBAC) restricts access based on a person's role within an organization and has become one of the primary methods for advanced access control. The roles in RBAC refer to the levels of access that employees have to the network.
Employees can only access the information necessary to perform their job duties effectively. Access can be based on several factors, such as authority, responsibility, and job competency. In addition, access can be limited to specific tasks, such as the ability to view, create, or modify.
Why you should use RBAC
- Maximizing efficiency: Your employees will only be able to use what they need in Qovery to do their job.
- Avoid big mistakes: We will talk about it more in-depth in the following example, but your production is precious; you don’t want everyone to be able to touch it and maybe accidentally delete it.
- Improving compliance: All organizations are subject to federal, state and local regulations. With an RBAC system in place, companies can more easily meet statutory and regulatory requirements for privacy and confidentiality.
How to use RBAC in Qovery V3?
Straightforward, head to the V3 Console, then to the organization settings, and you will find a Roles & Permissions Panel.
From there, you can add roles to every member of your organization or even create your own. To know which level of permission each role gives you, head to our documentation.
2. Multi-Cluster to Isolate your Production From Staging
What is Multi-Cluster Kubernetes
In multi-cluster Kubernetes, you have more than one cluster for your application. These clusters can be replicas of each other, and you can deploy multiple copies of your application across these clusters. Each cluster is placed on a separate host and in a separate data center to achieve high availability. That ensures that any infrastructure loss or cluster breakdown does not impact other clusters in the solution. Although we can have multiple clusters on the same host and in the same data center to save some cost, it will deprive us of the true benefits of high availability.
While the Production Cluster is for end-user applications to which the client has access, the Staging Cluster is used for iterations/testing and validation before releasing in production - to the client. The main idea behind a staging cluster is to mimic the production cluster.
Why you should use a different cluster for production and staging
There are three main reasons why you should use a separate cluster for production and staging:
- Performance: Isolation of the production environment, so you can take care of testing a new version of Kubernetes in staging without impacting the production.
- Security: Lock access to the prod cluster. You can decide to give access to the production cluster to a reduced number of people, so it reduces the risk of human error.
- Productivity: Iterate faster and release with confidence, to never be scared of doing changes on your staging cluster before releasing it in production. You will never break your production application while testing and prevent failure in production before they happen.
How to separate staging from production clusters?
Once you created your organization, head to the “organization settings” and select “add a cluster”. You will then need to deploy one cluster for your staging and repeat the operation for your production cluster! To have the tutorial in detail, you can head to this article.
3. Use a Container DB for Test/Staging, Managed for Production
Databases can operate in two modes:
- Managed
- Container
What is a Managed Database?
Managed databases are perfect for production - they are provided and managed by major cloud providers like AWS to ensure your production data is well managed.
What is a Container Database?
Container databases are managed by Qovery as Docker containers with attached persistent storage. They are perfect for development and testing, as they are significantly cheaper than services provided by cloud providers.
Why you should use a Container DB for Test/Dev, Managed for Production and Staging
Let's assume you have a production and staging environment and a test and dev environment.
Managed mode for Production and Staging
- To ensure your production data is well managed.
- To ensure that you have backups.
Container mode for Test and Dev Environment
- Qovery manages them as Docker containers with attached persistent storage, so they are much cheaper than services provided by cloud providers
- Still reliable but without backups. That’s why you can’t use them in staging and production.
How to set up managed or container Database?
- Navigate to Console
- Select your project and environment
- Click Add Database button
- Select database type, name, version, mode and accessibility
- Deploy the database using the Action deploy button
Wrapping Up
Whether it’s for safety reasons, productivity, or to optimize your costs, we hope that those best practices will help you make the most out of Qovery, and while we will be back for another part of this series soon, don’t hesitate to share which best practices you implemented first.
.svg)
.svg)
.svg)
Suggested articles
Scaling your deployments to zero is only half the battle. If your cluster autoscaler does not aggressively bin-pack and terminate the underlying worker nodes, you are still paying for idle metal. True environment sleeping requires tight integration between your ingress layer and your node provisioner to actually realize FinOps savings.
The biggest mistake enterprises make when evaluating Kubernetes management platforms is confusing infrastructure provisioning with Day-2 operations. Tools like Terraform or kOps are excellent for spinning up the underlying EC2 instances and networking, but they do absolutely nothing to prevent configuration drift, automate certificate rotation, or right-size your idle workloads once the cluster is actually running.
For years, Red Hat OpenShift has been the safe choice for heavily regulated, on-premise environments. It operates as a secure fortress. But in the public cloud, that fortress acts as an expensive prison. Paying proprietary per-core licensing fees on top of your standard AWS or GCP compute bill is a redundant "middleware tax." Escaping OpenShift requires decoupling your infrastructure from your developer experience by running standard, vanilla Kubernetes paired with an agentic control plane.
Agentic Kubernetes resource reclamation is the practice of using an autonomous control plane to continuously identify, suspend, and delete idle infrastructure across a multi-cloud Kubernetes fleet. It replaces manual cleanup and reactive autoscaling with intent-based policies that act on business state, eliminating the configuration drift and cloud waste typical of unmanaged fleets.
Kubernetes focuses on container orchestration, but the reality on the ground is far less forgiving. Provisioning a single cluster is a trivial Day-1 exercise. The true operational nightmare begins on Day 2. Teams that treat multi-cloud fleets like isolated pets inevitably face crushing YAML configuration drift, runaway AWS bills, and severe scaling bottlenecks.
Rancher solved the Day-1 problem of launching clusters across disparate bare-metal environments. But in 2026, launching clusters is no longer the bottleneck. The real failure point is Day-2: managing the operational chaos, security patching, and configuration drift on top of them. Rancher is a heavy, ops-focused fleet manager that completely ignores the application developer. If your goal is developer velocity and automated FinOps, you must graduate from basic fleet management to an intent-based Kubernetes Management Platform like Qovery.
The shift from AI copilots to autonomous agents is redefining infrastructure requirements. Discover how to build secure, stateful, and compliant Agentic AI systems using Kubernetes, sandboxing, and observability while meeting EU AI Act standards
.webp)