By default, the JVM’s maximum heap size is 1/4 of the physical memory available - you can read about this in the Oracle GC tuning guide. This means that if you don’t define -Xmx in your JVM parameters, the container will set 1/4 of the host memory as the maximum heap size. On a recent enough JVM (8u191+ and 10+), the JVM is container-aware: if you set a Kubernetes resource limit, the JVM uses that limit rather than the host’s memory to size the heap.

A Service Account provides an identity for processes that run in a pod. When processes inside a pod contact the API server, they are authenticated as a particular Service Account. Create a Service Account using the YAML below. apiVersion: v1 kind: ServiceAccount metadata: name: sa-app-name namespace: namespace-name Once the Service Account is created, you can reference it in your pod spec: apiVersion: v1 kind: Pod metadata: name: app-name spec: serviceAccountName: sa-app-name Now on to Kubernetes Secrets.