// Topic

Kubernetes

Definition

Kubernetes coverage in this archive spans 22 posts from Oct 2016 to Sep 2022 and focuses on reliability, delivery speed, and cost discipline as one system, not three separate concerns. The strongest adjacent threads are devops, infrastructure, and containers. Recurring title motifs include kubernetes, production, probably, and need.

Working claims

Most posts prioritize predictable operations over feature breadth or stack novelty.
Early posts lean on kubernetes and production, while newer posts lean on kubernetes and deploys as constraints shifted.
This topic repeatedly intersects with devops, infrastructure, and containers, so design choices here rarely stand alone.

How to apply this

Set SLOs first, then choose tooling that keeps deploy, observability, and rollback simple.
Start with the newest post to calibrate current constraints, then backtrack to older entries for first principles.
When boundary questions appear, cross-read devops and infrastructure before committing implementation details.

Where teams get burned

Adding platform layers faster than the team can operate and debug them.
Chasing throughput gains without proving they improve end-user reliability.
Applying guidance from 2016 to 2022 without revisiting assumptions as context changed.

Suggested reading path

Start here (current state): Kubernetes Requests and Limits: Lessons From Getting It Wrong
Then read (operating middle): GitOps: Stop SSHing Into Production
Finish with (foundational context): Container Orchestration: Docker Swarm vs Kubernetes vs Mesos

References

22 posts

Kubernetes Requests and Limits: Lessons From Getting It Wrong September 5, 2022 · 5 min CPU is compressible. Memory is not. That one sentence explains 80% of Kubernetes resource problems. kubernetes resources capacity-planning

You Probably Don't Need a Service Mesh April 4, 2022 · 5 min Service meshes solve real problems at real scale. But most teams adopt them before the problems exist. Here's how to decide honestly. service-mesh istio linkerd

Hardening Kubernetes: The Stuff That Actually Matters February 7, 2022 · 7 min Kubernetes defaults are built for getting things running, not for keeping attackers out. A layered hardening walkthrough covering pods, RBAC, network policies, secrets, and the control plane. kubernetes security hardening

Your Kubernetes Bill Is Lying to You October 18, 2021 · 5 min Most Kubernetes clusters are 40-60% over-provisioned. Here's how I help teams cut their bills without sacrificing reliability. kubernetes cost-optimization finops

GitOps + Progressive Delivery: How We Stopped Gambling on Deploys February 8, 2021 · 6 min How we wired GitOps and canary rollouts together at Decloud, and why the combination changed how I think about deployments. gitops progressive-delivery kubernetes

Your Container Image Scan Passed. Now What? November 30, 2020 · 8 min Image scanning tells you what's in the box. Runtime security tells you what the box is doing. Here's how we lock down containers at Decloud with seccomp, network policies, Falco, and paranoia earned from NATO work. containers security kubernetes

I Wrote Six Kubernetes Operators. Here's What Actually Matters. August 3, 2020 · 9 min Lessons from building production operators at Decloud: the reconciliation loop, controller-runtime patterns, and the mistakes that cost us sleep. kubernetes operators golang

Stop Guessing Your Kubernetes Resource Limits June 1, 2020 · 6 min Most K8s clusters I audit are either wildly overprovisioned or one bad deploy away from eviction storms. Here's how I set requests, limits, and guardrails. kubernetes devops infrastructure

My Kubernetes Predictions for 2020 (Most of Yours Are Wrong) January 6, 2020 · 4 min The adoption debate is over. 2020 is about operating Kubernetes well -- managed control planes, GitOps by default, policy enforcement, and being honest about what's overhyped. kubernetes predictions cloud-native

Zero Downtime Deploys Are a Team Habit, Not a Tool October 21, 2019 · 5 min Every team says they want zero downtime. Few want to do the boring work that actually gets them there. Here's what that boring work looks like. deployment devops kubernetes

Kubernetes Ships Insecure by Default. Here's What to Do About It. April 22, 2019 · 5 min Kubernetes defaults optimize for fast adoption, not safety. A hardening checklist drawn from running clusters at the fintech startup, Dropbyke, and early Decloud work. kubernetes security infrastructure

GitOps: Stop SSHing Into Production February 11, 2019 · 9 min How I moved three teams off ad-hoc kubectl deployments and onto Git-driven infrastructure -- with code examples, repo layouts, and the mistakes I made along the way. gitops devops kubernetes

The Boring Kubernetes Checklist That Actually Keeps Production Alive January 14, 2019 · 5 min Most Kubernetes outages come from skipping the basics. Here's the checklist I use after running clusters at the fintech startup and now at Decloud. kubernetes devops infrastructure

2018: The Year Tech Got Humbled December 24, 2018 · 6 min A personal look back at 2018 -- from GDPR scrambles at the fintech startup to Google for Startups Seoul, Spectre/Meltdown fallout, and the infrastructure shifts that defined the year. year-in-review technology reflection

Istio: Powerful, Painful, and Probably More Than You Need November 26, 2018 · 5 min My honest take on evaluating Istio at the fintech startup — what it actually gives you, what it costs you, and why most teams should think twice before adopting it. service-mesh istio kubernetes

Container Security in 2018: What Actually Changed August 20, 2018 · 3 min Eight months after my first container security post, an update on what moved at the fintech startup and in the ecosystem — PodSecurityPolicy, image signing, and the shift from scratch to real. security containers docker

Kubernetes Operators: Powerful, but Overhyped April 2, 2018 · 3 min Operators are the hot thing in the Kubernetes world right now. They're genuinely useful — but the hype is outpacing the reality for most teams. kubernetes operators devops

Two Years of Kubernetes in Production — The Boring Parts Are the Hard Parts January 22, 2018 · 7 min Year two of running Kubernetes at the fintech startup. The panic is gone. Now it's networking, resource tuning, and all the operational grunt work nobody blogs about. kubernetes containers devops

Your Containers Aren't Secure. Here's What to Actually Do About It. December 4, 2017 · 5 min Containers give you process isolation, not a security boundary. I break down how we hardened images, locked down runtimes, and segmented networks at the fintech startup — plus the stuff nobody warns you about. containers docker kubernetes

Service Mesh: You Probably Don't Need One November 27, 2017 · 3 min I evaluated Istio and Linkerd for our microservices at the fintech startup. My conclusion: most teams are buying complexity they haven't earned yet. service-mesh istio linkerd

A Year Running Kubernetes in Production — What Actually Happened January 16, 2017 · 6 min After a year of running Kubernetes in production, the wins are real but the sharp edges drew blood first. Here's what paid off, what bit us, and what I'd do differently. kubernetes containers devops

Container Orchestration: Docker Swarm vs Kubernetes vs Mesos October 17, 2016 · 4 min A side-by-side comparison of Swarm, Kubernetes, and Mesos based on running all three in evaluation at Dropbyke. Kubernetes is going to win, but the operational tax is real. containers docker kubernetes