Kubernetes Requests and Limits: Lessons From Getting It Wrong
CPU is compressible. Memory is not. That one sentence explains 80% of Kubernetes resource problems.
Kubernetes
Definition
Kubernetes coverage in this archive spans 22 posts from Oct 2016 to Sep 2022 and focuses on reliability, delivery speed, and cost discipline as one system, not three separate concerns. The strongest adjacent threads are devops, infrastructure, and containers. Recurring title motifs include kubernetes, production, probably, and need.
Working claims
- Most posts prioritize predictable operations over feature breadth or stack novelty.
- Early posts lean on kubernetes and production, while newer posts lean on kubernetes and deploys as constraints shifted.
- This topic repeatedly intersects with devops, infrastructure, and containers, so design choices here rarely stand alone.
How to apply this
- Set SLOs first, then choose tooling that keeps deploy, observability, and rollback simple.
- Start with the newest post to calibrate current constraints, then backtrack to older entries for first principles.
- When boundary questions appear, cross-read devops and infrastructure before committing implementation details.
Where teams get burned
- Adding platform layers faster than the team can operate and debug them.
- Chasing throughput gains without proving they improve end-user reliability.
- Applying guidance from 2016 to 2022 without revisiting assumptions as context changed.
Suggested reading path
- Start here (current state): Kubernetes Requests and Limits: Lessons From Getting It Wrong
- Then read (operating middle): GitOps: Stop SSHing Into Production
- Finish with (foundational context): Container Orchestration: Docker Swarm vs Kubernetes vs Mesos
Related posts
- Kubernetes Requests and Limits: Lessons From Getting It Wrong
- You Probably Don’t Need a Service Mesh
- Hardening Kubernetes: The Stuff That Actually Matters
- Your Kubernetes Bill Is Lying to You
- GitOps + Progressive Delivery: How We Stopped Gambling on Deploys
- Your Container Image Scan Passed. Now What?
- I Wrote Six Kubernetes Operators. Here’s What Actually Matters.
- Stop Guessing Your Kubernetes Resource Limits
References
You Probably Don't Need a Service Mesh
Service meshes solve real problems at real scale. But most teams adopt them before the problems exist. Here's how to decide honestly.
Hardening Kubernetes: The Stuff That Actually Matters
Kubernetes defaults are built for getting things running, not for keeping attackers out. A layered hardening walkthrough covering pods, RBAC, network policies, secrets, and the control plane.
Your Kubernetes Bill Is Lying to You
Most Kubernetes clusters are 40-60% over-provisioned. Here's how I help teams cut their bills without sacrificing reliability.
GitOps + Progressive Delivery: How We Stopped Gambling on Deploys
How we wired GitOps and canary rollouts together at Decloud, and why the combination changed how I think about deployments.
Your Container Image Scan Passed. Now What?
Image scanning tells you what's in the box. Runtime security tells you what the box is doing. Here's how we lock down containers at Decloud with seccomp, network policies, Falco, and paranoia earned from NATO work.
I Wrote Six Kubernetes Operators. Here's What Actually Matters.
Lessons from building production operators at Decloud: the reconciliation loop, controller-runtime patterns, and the mistakes that cost us sleep.
Stop Guessing Your Kubernetes Resource Limits
Most K8s clusters I audit are either wildly overprovisioned or one bad deploy away from eviction storms. Here's how I set requests, limits, and guardrails.
My Kubernetes Predictions for 2020 (Most of Yours Are Wrong)
The adoption debate is over. 2020 is about operating Kubernetes well -- managed control planes, GitOps by default, policy enforcement, and being honest about what's overhyped.
Zero Downtime Deploys Are a Team Habit, Not a Tool
Every team says they want zero downtime. Few want to do the boring work that actually gets them there. Here's what that boring work looks like.
Kubernetes Ships Insecure by Default. Here's What to Do About It.
Kubernetes defaults optimize for fast adoption, not safety. A hardening checklist drawn from running clusters at the fintech startup, Dropbyke, and early Decloud work.
GitOps: Stop SSHing Into Production
How I moved three teams off ad-hoc kubectl deployments and onto Git-driven infrastructure -- with code examples, repo layouts, and the mistakes I made along the way.
The Boring Kubernetes Checklist That Actually Keeps Production Alive
Most Kubernetes outages come from skipping the basics. Here's the checklist I use after running clusters at the fintech startup and now at Decloud.
2018: The Year Tech Got Humbled
A personal look back at 2018 -- from GDPR scrambles at the fintech startup to Google for Startups Seoul, Spectre/Meltdown fallout, and the infrastructure shifts that defined the year.
Istio: Powerful, Painful, and Probably More Than You Need
My honest take on evaluating Istio at the fintech startup — what it actually gives you, what it costs you, and why most teams should think twice before adopting it.
Container Security in 2018: What Actually Changed
Eight months after my first container security post, an update on what moved at the fintech startup and in the ecosystem — PodSecurityPolicy, image signing, and the shift from scratch to real.
Kubernetes Operators: Powerful, but Overhyped
Operators are the hot thing in the Kubernetes world right now. They're genuinely useful — but the hype is outpacing the reality for most teams.
Two Years of Kubernetes in Production — The Boring Parts Are the Hard Parts
Year two of running Kubernetes at the fintech startup. The panic is gone. Now it's networking, resource tuning, and all the operational grunt work nobody blogs about.
Your Containers Aren't Secure. Here's What to Actually Do About It.
Containers give you process isolation, not a security boundary. I break down how we hardened images, locked down runtimes, and segmented networks at the fintech startup — plus the stuff nobody warns you about.
Service Mesh: You Probably Don't Need One
I evaluated Istio and Linkerd for our microservices at the fintech startup. My conclusion: most teams are buying complexity they haven't earned yet.
A Year Running Kubernetes in Production — What Actually Happened
After a year of running Kubernetes in production, the wins are real but the sharp edges drew blood first. Here's what paid off, what bit us, and what I'd do differently.
Container Orchestration: Docker Swarm vs Kubernetes vs Mesos
A side-by-side comparison of Swarm, Kubernetes, and Mesos based on running all three in evaluation at Dropbyke. Kubernetes is going to win, but the operational tax is real.