3 Best Practices When Using Qovery
1. Set Up RBAC (Role-based access control) for Every Member of Your Organization
What is RBAC?
Role-based access control (RBAC) restricts access based on a person's role within an organization and has become one of the primary methods for advanced access control. The roles in RBAC refer to the levels of access that employees have to the network.
Employees can only access the information necessary to perform their job duties effectively. Access can be based on several factors, such as authority, responsibility, and job competency. In addition, access can be limited to specific tasks, such as the ability to view, create, or modify.
Why you should use RBAC
- Maximizing efficiency: Your employees will only be able to use what they need in Qovery to do their job.
- Avoid big mistakes: We will talk about it more in-depth in the following example, but your production is precious; you don’t want everyone to be able to touch it and maybe accidentally delete it.
- Improving compliance: All organizations are subject to federal, state and local regulations. With an RBAC system in place, companies can more easily meet statutory and regulatory requirements for privacy and confidentiality.
How to use RBAC in Qovery V3?
Straightforward, head to the V3 Console, then to the organization settings, and you will find a Roles & Permissions Panel.
From there, you can add roles to every member of your organization or even create your own. To know which level of permission each role gives you, head to our documentation.
2. Multi-Cluster to Isolate your Production From Staging
What is Multi-Cluster Kubernetes
In multi-cluster Kubernetes, you have more than one cluster for your application. These clusters can be replicas of each other, and you can deploy multiple copies of your application across these clusters. Each cluster is placed on a separate host and in a separate data center to achieve high availability. That ensures that any infrastructure loss or cluster breakdown does not impact other clusters in the solution. Although we can have multiple clusters on the same host and in the same data center to save some cost, it will deprive us of the true benefits of high availability.
While the Production Cluster is for end-user applications to which the client has access, the Staging Cluster is used for iterations/testing and validation before releasing in production - to the client. The main idea behind a staging cluster is to mimic the production cluster.
Why you should use a different cluster for production and staging
There are three main reasons why you should use a separate cluster for production and staging:
- Performance: Isolation of the production environment, so you can take care of testing a new version of Kubernetes in staging without impacting the production.
- Security: Lock access to the prod cluster. You can decide to give access to the production cluster to a reduced number of people, so it reduces the risk of human error.
- Productivity: Iterate faster and release with confidence, to never be scared of doing changes on your staging cluster before releasing it in production. You will never break your production application while testing and prevent failure in production before they happen.
How to separate staging from production clusters?
Once you created your organization, head to the “organization settings” and select “add a cluster”. You will then need to deploy one cluster for your staging and repeat the operation for your production cluster! To have the tutorial in detail, you can head to this article.
3. Use a Container DB for Test/Staging, Managed for Production
Databases can operate in two modes:
- Managed
- Container
What is a Managed Database?
Managed databases are perfect for production - they are provided and managed by major cloud providers like AWS to ensure your production data is well managed.
What is a Container Database?
Container databases are managed by Qovery as Docker containers with attached persistent storage. They are perfect for development and testing, as they are significantly cheaper than services provided by cloud providers.
Why you should use a Container DB for Test/Dev, Managed for Production and Staging
Let's assume you have a production and staging environment and a test and dev environment.
Managed mode for Production and Staging
- To ensure your production data is well managed.
- To ensure that you have backups.
Container mode for Test and Dev Environment
- Qovery manages them as Docker containers with attached persistent storage, so they are much cheaper than services provided by cloud providers
- Still reliable but without backups. That’s why you can’t use them in staging and production.
How to set up managed or container Database?
- Navigate to Console
- Select your project and environment
- Click Add Database button
- Select database type, name, version, mode and accessibility
- Deploy the database using the Action deploy button
Wrapping Up
Whether it’s for safety reasons, productivity, or to optimize your costs, we hope that those best practices will help you make the most out of Qovery, and while we will be back for another part of this series soon, don’t hesitate to share which best practices you implemented first.
.svg)
.svg)
.svg)
Suggested articles
Cloud vendor lock-in threatens agility and raises costs. Discover the high price of proprietary services, egress fees, and technical entrenchment, plus the strategic roadmap to escape. Learn how embracing open standards, Kubernetes, and an exit strategy from day one ensures long-term flexibility and control.
Looking for a Porter alternative? Discover why Qovery stands out as the #1 choice. Compare features, pros, and cons of the top 10 platforms to simplify your deployment strategy and empower your team.
AWS App Runner limits control and locks you into AWS. See the top 10 alternatives, including Qovery, to gain crucial customization, cost efficiency, and multi-cloud flexibility for containerized application deployment.
Master Kubernetes management and cut costs with essential best practices and tools. Learn about security, reliability, autoscaling, GitOps, and FinOps to simplify cluster operations and optimize cloud spending.
AWS Elastic Beanstalk is often rigid and slow. This guide details the top 10 Elastic Beanstalk alternatives—including Heroku, Azure App Service, and Qovery—comparing the pros, cons, and ideal use cases for achieving superior flexibility, faster deployments, and better cost control.
Master your Kubernetes migration strategy with this expert guide. Learn the critical planning phases, mitigate major risks (data, security, dependencies), and see how Qovery simplifies automation and compliance for a fast, successful, and reliable transition.
Qovery is officially SOC 2 Type II compliant with an Unqualified Opinion. Get the highest assurance of continuously verified security controls for enterprise-grade application deployments and simplify due diligence.
Following the launch of Qovery Observe, we’re progressively adding new capabilities to help you better monitor, debug, and understand your applications. Today, we’re excited to announce a major improvement to the Logs experience: you can now search and filter directly within your application logs.
.webp)